babylon toolbar registry key

i agree and spybot has a record of false positives.download combofix and let it update.before running disable all backround programs and any antivirus.let it run its course without interference.dont even drag the mouse across it.post the log when finished.

 

i used an online pandascan to find the path,unfortunately pandascan doesnt work with the latest browsers or last time i checked it didnt.based on past experience pandascan always find virus's (if you have any) and gives you the exact file path but it wont remove the virus unless you pay a fee.once you have the file path you can actually remove it quite easily yourself.

 

cool will try this and report back

 

trend micro also has a bho remover that works well.cant remember the name but you can find it on their website.

 

dont think it likes my 64 bit as it fails on last bit of reinstall

 

got a combo log file should i post part or all of it

 

re run spybot finds same thing

 

combofix runs fine on my win7 64bit.post what you have for a log.maybe it will tell us why it didnt complete.in the mean time have you looked at trend micro site for their bho remover.from what ive been able to gather,nothing new has happened with spybot in years.it was once a good tool but i question its usefulness today.even when i used it i got a lot of false positives.ive had the babylon tool bar show up on the kids computer and it wasnt that difficult to get rid of.

 

ComboFix 12-10-18.03 - Michael 19/10/2012 15:52:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6056.4271 [GMT 1:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\SysWow64\msstdfmt.dll
P:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 14:55 . 2012-10-19 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 14:40 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-19 14:39 . 2012-10-19 14:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{572DCA8E-9AE3-4679-8EFE-A615D3AE7AA7}\offreg.dll
2012-10-19 14:06 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{572DCA8E-9AE3-4679-8EFE-A615D3AE7AA7}\mpengine.dll
2012-10-15 01:15 . 2012-10-15 01:15 -------- d-----w- c:\users\Michael\AppData\Roaming\CheeseSoft
2012-10-15 01:15 . 2012-10-15 01:33 -------- d-----w- c:\program files (x86)\FinalUninstaller
2012-10-15 01:00 . 2012-10-15 01:00 -------- d-----w- c:\program files\Adobe
2012-10-15 00:30 . 2012-10-15 00:30 -------- d-----w- c:\users\Michael\AppData\Local\Diagnostics
2012-10-14 09:38 . 2012-10-14 09:38 -------- d-----w- c:\users\Michael\AppData\Roaming\SpeedMaxPc
2012-10-14 09:38 . 2012-10-14 09:38 -------- d-----w- c:\users\Michael\AppData\Roaming\DriverCure
2012-10-14 09:38 . 2012-10-14 09:40 -------- d-----w- c:\programdata\SpeedMaxPc
2012-10-13 16:51 . 2012-10-13 16:51 -------- d-----w- c:\windows\IswTmp
2012-10-13 16:24 . 2012-10-13 16:24 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 16:24 . 2012-10-13 16:24 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 19:21 . 2012-10-12 19:21 -------- d-----w- c:\users\Michael\AppData\Roaming\No Company Name
2012-10-12 18:38 . 2012-10-12 18:38 -------- d-----w- c:\users\Michael\AppData\Roaming\PDAppFlex
2012-10-12 18:34 . 2012-10-12 19:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-10-11 23:35 . 2012-10-11 23:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-11 23:34 . 2012-10-11 23:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-11 23:34 . 2012-10-11 23:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-11 23:34 . 2012-10-19 14:40 -------- d-----w- c:\program files (x86)\Java
2012-10-09 22:55 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:55 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 22:55 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-09-27 07:45 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 17:57 . 2012-08-24 10:17 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-21 13:42 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-09-21 13:42 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-09-21 13:38 . 2012-10-12 19:23 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-21 12:42 . 2012-09-21 12:42 -------- d-----w- c:\users\Michael\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-09-21 12:42 . 2012-09-21 12:42 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 00:42 . 2012-09-09 19:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 00:42 . 2012-09-09 19:12 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 23:18 . 2012-09-08 22:10 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-09 18:49 . 2012-09-09 18:49 99384 ----a-w- c:\users\Michael\AppData\Roaming\ezpinst.exe
2012-09-09 18:49 . 2012-09-09 18:49 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-09-09 18:49 . 2012-09-09 18:49 82816 ----a-w- c:\users\Michael\AppData\Roaming\pcouffin.sys
2012-09-09 07:48 . 2012-09-09 07:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-09 07:48 . 2012-09-09 07:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-09 07:48 . 2012-09-09 07:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-09 07:48 . 2012-09-09 07:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-09 07:48 . 2012-09-09 07:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-09 07:48 . 2012-09-09 07:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-09 07:48 . 2012-09-09 07:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-09 07:48 . 2012-09-09 07:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-09 07:48 . 2012-09-09 07:48 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-09 07:48 . 2012-09-09 07:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-09 07:48 . 2012-09-09 07:48 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-09 07:48 . 2012-09-09 07:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-09 07:48 . 2012-09-09 07:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-09 07:48 . 2012-09-09 07:48 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-09 07:48 . 2012-09-09 07:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-09 07:48 . 2012-09-09 07:48 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-09 07:48 . 2012-09-09 07:48 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-09 07:48 . 2012-09-09 07:48 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-09 07:48 . 2012-09-09 07:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-09 07:48 . 2012-09-09 07:48 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-09 07:48 . 2012-09-09 07:48 448512 ----a-w- c:\windows\system32\html.iec
2012-09-09 07:48 . 2012-09-09 07:48 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-09 07:48 . 2012-09-09 07:48 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-09 07:48 . 2012-09-09 07:48 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-09 07:48 . 2012-09-09 07:48 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-09 07:48 . 2012-09-09 07:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-09 07:48 . 2012-09-09 07:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-09 07:48 . 2012-09-09 07:48 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-09 07:48 . 2012-09-09 07:48 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-09 07:48 . 2012-09-09 07:48 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-09 07:48 . 2012-09-09 07:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-09 07:48 . 2012-09-09 07:48 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-09 07:48 . 2012-09-09 07:48 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-09 07:48 . 2012-09-09 07:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-09 07:48 . 2012-09-09 07:48 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-09 07:48 . 2012-09-09 07:48 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-09 07:48 . 2012-09-09 07:48 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-09 07:48 . 2012-09-09 07:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-09 07:48 . 2012-09-09 07:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-09 07:48 . 2012-09-09 07:48 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-09 07:48 . 2012-09-09 07:48 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-09 07:48 . 2012-09-09 07:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-09 07:48 . 2012-09-09 07:48 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-09 07:48 . 2012-09-09 07:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-09 07:48 . 2012-09-09 07:48 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-09 07:48 . 2012-09-09 07:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-09 07:48 . 2012-09-09 07:48 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-09 07:48 . 2012-09-09 07:48 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-09 07:48 . 2012-09-09 07:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-09 07:46 . 2012-09-09 07:46 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-22 18:12 . 2012-09-11 19:55 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 19:55 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 19:54 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 19:54 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 12:01 . 2012-09-15 08:47 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2012-09-08 19:34 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2012-09-08 19:34 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 09:13 . 2012-09-08 20:09 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-09-08 20:09 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-09-08 20:09 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-09-08 20:09 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-09-08 20:09 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-09-08 20:09 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-09-08 20:08 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-08 20:08 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-09-08 20:09 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-20 17:38 . 2012-10-09 22:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-11 19:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 19:55 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-28 01:54 . 2012-07-28 01:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-28 01:15 . 2012-09-09 07:47 57280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-09 07:45 220608 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-09 07:45 220608 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-09 07:45 220608 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-9-20 69120]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-09 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-16 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-16 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-16 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-09-09 82816]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 00:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-09 07:45 244672 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-09 07:45 244672 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-09 07:45 244672 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\
FF - ExtSQL: 2012-09-08 20:49; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2012-09-08 21:08; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-10-14 12:18; en-gb@flyingtophat.co.uk; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\en-gb@flyingtophat.co.uk
FF - ExtSQL: 2012-10-14 12:19; personas@christopher.beard; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\personas@christopher.beard.xpi
FF - ExtSQL: 2012-10-14 12:19; foxmarks@kei.com; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\foxmarks@kei.com
FF - ExtSQL: 2012-10-14 12:19; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2012-10-14 12:19; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ISW - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3940473093-4060525308-1183659428-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3940473093-4060525308-1183659428-1000)
@Denied: (2) (LocalSystem)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-19 15:57:15
ComboFix-quarantined-files.txt 2012-10-19 14:57
.
Pre-Run: 830,147,035,136 bytes free
Post-Run: 829,646,106,624 bytes free
.
- - End Of File - - 52E64C8307F7CCD5F235CBB76E91DBEE

 

need to relook for trent micro this i did run hijack this and it found problems but not babylon

 

dont see any recognizable reference to babylon toolbar in combofix log.looks like it did quarantine a few things tho.i would run another hjt and post the log.another good tool from trend micro is called housecall.if it was me i would lose spybot entirely.all i have regularly on my machine is superantispyware,microsoft security essentials for antivirus,and malwarebytes.

 

think i will i like avast and spyware blaster need to dump spybot, malware bytes ans super antispyware work ok togeather

 

thanks for helping everyone its much appreciated

 

hope alls well.