Babylon.Toolbar

**cxxxxxxo** · 2012-11-02, 09:29

Spybot shows Babylon.Toolbar as infection, which cannot be removed, also when running Spybot on reboot.

The requested logs are below / attached.

Can you please advise.

Thank you very much in advance!

Babylon.Toolbar: [SBI $D573FB99] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-1515442830-1491703422-174490163-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-05 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-10-31 Includes\Adware.sbi (*)
2012-10-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2012-09-26 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-10-16 Includes\Hijackers.sbi (*)
2012-09-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-08-28 Includes\Malware.sbi (*)
2012-10-30 Includes\MalwareC.sbi (*)
2012-10-24 Includes\PUPS.sbi (*)
2012-10-30 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-09-05 Includes\Spyware.sbi (*)
2012-09-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-10-31 Includes\TrojansC-02.sbi (*)
2012-10-30 Includes\TrojansC-03.sbi (*)
2012-10-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-10-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by Kiki at 8:31:15 on 2012-11-02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1031.18.2046.869 [GMT 1:00]
.
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
c:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZServer.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
c:\programme\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\McAfee.com\Agent\mcagent.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Apoint2K\ApMsgFwd.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Steph\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\Programme\STOPzilla!\STOPzilla.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.spiegel.de/
mURLSearchHooks: SrchHook Class: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - c:\programme\stopzilla!\toolbar\SZIESearchHook.dll
BHO: Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766B-9F49-4854-8034-F6EE26FCB1EC} - c:\programme\stopzilla!\toolbar\SZSG.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programme\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\gemeinsame dateien\mcafee\systemcore\ScriptSn.20120628100302.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\programme\windows live toolbar\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\programme\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\programme\windows live toolbar\msntb.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\programme\windows live toolbar\msntb.dll
TB: STOPzilla: {98828DED-A591-462F-83BA-D2F62A68B8B8} - c:\programme\stopzilla!\toolbar\SZSG.dll
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TVT Scheduler Proxy] c:\programme\gemeinsame dateien\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\programme\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\programme\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SoundMAXPnP] c:\programme\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\gemein~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [cssauth] "c:\programme\lenovo\client security solution\cssauth.exe" silent
mRun: [AwaySch] c:\programme\lenovo\awaytask\AwaySch.EXE
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\amsg.exe
mRun: [ACWLIcon] c:\programme\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Apoint] c:\programme\apoint2k\Apoint.exe
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [mcui_exe] "c:\programme\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\programme\gemeinsame dateien\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\programme\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\dokume~1\kiki\startm~1\progra~1\autost~1\dropbox.lnk - c:\dokumente und einstellungen\steph\anwendungsdaten\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: &Windows Live Search - c:\programme\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\programme\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206463039375
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E10255E8-C357-4631-95D1-A79273E359AD} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\programme\mcafee\msc\McSnIePl.dll
Notify: sclgntfy - wlnotify.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\kiki\anwendungsdaten\mozilla\firefox\profiles\l1c78f3e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-05 18:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-09-03 13:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b8bf9672000000000000001f3b16b11f&q=
FF - user.js: extensions.BabylonToolbar.id - b8bf9672000000000000001f3b16b11f
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15624
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.0
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.0
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.015:31:15
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-14 464304]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-14 89792]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-4-18 101112]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\symantec\liveupdate\AluSchedulerSvc.exe [2008-3-5 554352]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\programme\gemeinsame dateien\mcafee\mcsvchost\McSvHost.exe [2011-1-14 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\programme\gemeinsame dateien\mcafee\mcsvchost\McSvHost.exe [2011-1-14 214904]
R2 McProxy;McAfee Proxy Service;c:\programme\gemeinsame dateien\mcafee\mcsvchost\McSvHost.exe [2011-1-14 214904]
R2 McShield;McAfee McShield;c:\programme\gemeinsame dateien\mcafee\systemcore\mcshield.exe [2011-1-14 166288]
R2 mfefire;McAfee Firewall Core Service;c:\programme\gemeinsame dateien\mcafee\systemcore\mfefire.exe [2011-1-14 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-14 151880]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\gemeinsame dateien\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-14 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-14 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-14 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-14 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-14 83856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-1 250808]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-14 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-14 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-5-21 114144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-01 20:57:17 -------- d-sha-r- C:\cmdcons
2012-11-01 20:53:14 98816 ----a-w- c:\windows\sed.exe
2012-11-01 20:53:14 208896 ----a-w- c:\windows\MBR.exe
2012-11-01 20:53:05 -------- d-----w- C:\ComboFix
2012-10-11 13:30:31 -------- d-----w- c:\programme\YourFileDownloader
2012-10-11 13:30:31 -------- d-----w- c:\dokumente und einstellungen\kiki\anwendungsdaten\YourFileDownloader
2012-10-11 07:01:43 -------- d-----w- c:\dokumente und einstellungen\kiki\lokale einstellungen\anwendungsdaten\PCHealth
2012-10-09 13:33:05 10220472 ------w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-10-09 13:33:13 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:33:13 696760 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 18:24:56 477168 ------w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24:53 473072 ------w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39:23 73728 ------w- c:\windows\system32\javacpl.cpl
2012-08-28 15:05:49 916992 ------w- c:\windows\system32\wininet.dll
2012-08-28 15:05:48 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05:48 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:51 177664 ------w- c:\windows\system32\wintrust.dll
2012-08-23 06:26:54 2151424 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26:54 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 11:01:22 26840 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01:22 106928 ------w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 8:32:34.81 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-02 08:33:35
-----------------------------
08:33:35.967 OS Version: Windows 5.1.2600 Service Pack 3
08:33:35.967 Number of processors: 2 586 0x1706
08:33:35.967 ComputerName: CO UserName:
08:33:37.482 Initialize success
08:34:35.888 AVAST engine defs: 12110101
08:35:24.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:35:24.780 Disk 0 Vendor: FUJITSU_ 0084 Size: 152627MB BusType: 3
08:35:24.812 Disk 0 MBR read successfully
08:35:24.812 Disk 0 MBR scan
08:35:24.874 Disk 0 unknown MBR code
08:35:24.874 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145928 MB offset 63
08:35:24.890 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6696 MB offset 298861920
08:35:24.890 Disk 0 scanning sectors +312575760
08:35:24.999 Disk 0 scanning C:\WINDOWS\system32\drivers
08:35:46.899 Service scanning
08:36:19.015 Modules scanning
08:36:28.653 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
08:36:30.497 Disk 0 trace - called modules:
08:36:30.512 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
08:36:30.512 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5652b0]
08:36:30.512 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\000000a0[0x8a58a438]
08:36:30.512 5 ACPI.sys[b9f50620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a5d0030]
08:36:31.325 AVAST engine scan C:\WINDOWS
08:36:55.240 AVAST engine scan C:\WINDOWS\system32
08:45:27.281 AVAST engine scan C:\WINDOWS\system32\drivers
08:46:01.445 AVAST engine scan C:\Dokumente und Einstellungen\Kiki
09:01:31.680 AVAST engine scan C:\Dokumente und Einstellungen\All Users
09:09:56.071 Scan finished successfully
09:10:41.750 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Kiki\Desktop\MBR.dat"
09:10:41.797 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Kiki\Desktop\aswMBR.txt"

**ken545** · 2012-11-06, 01:38

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click on the program and select RUN AS ADMINISTATOR

Go here and download AdwCleaner to your desktop

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**ken545** · 2012-11-07, 02:36

Are you still with me, do you still need help or have you resolved this issue ??????????????????????????????????/

**ken545** · 2012-11-08, 23:45

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Thread: Babylon.Toolbar

Thread Tools

Display

Babylon.Toolbar

Posting Permissions