mattb74

Members

View Profile See their activity

Posts
16
Joined
June 20, 2012
Last visited
June 22, 2012

Reputation

0 Neutral

Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

All gone!!! Thank you very much for your help. I appreciate what all of you do for us computer "idiots" Thanks again. Anything special I need to do now?
- June 22, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

Babylon still opens when I open Chrome. Firefox is fine.
- June 22, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

ComboFix 12-06-21.02 - Matt 06/21/2012 20:51:34.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3950.2473 [GMT -5:00] Running from: c:\users\Matt\Downloads\ComboFix.exe Command switches used :: c:\users\Matt\Downloads\CFScript.txt AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))) . . 2012-06-22 01:59 . 2012-06-22 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-20 16:59 . 2012-06-20 16:59 -------- d-----w- C:\_OTL 2012-06-19 14:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{521A4E8D-F690-4890-A8D0-15738EE010E7}\mpengine.dll 2012-06-16 13:25 . 2012-06-16 13:25 250 ----a-w- C:\user.js 2012-06-16 13:24 . 2012-06-17 03:07 -------- d-----w- c:\program files (x86)\PDFReader 2012-06-14 02:56 . 2012-06-14 02:56 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-14 02:55 . 2012-06-14 02:55 -------- d-----w- c:\program files (x86)\Oracle 2012-06-14 02:55 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-06-14 02:39 . 2012-06-14 02:39 -------- d-----w- c:\program files\iTunes 2012-06-14 02:36 . 2012-06-14 02:41 -------- d-----w- c:\users\Matt\AppData\Roaming\.minecraft 2012-06-13 01:25 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 01:25 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 01:25 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 01:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 01:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 01:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 01:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 01:23 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-13 01:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 01:23 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 01:23 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 01:23 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 01:23 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 01:23 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 01:23 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-20 15:27 . 2012-04-12 13:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-20 15:27 . 2011-05-18 18:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-15 15:43 . 2010-07-23 02:35 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-15 15:43 . 2011-09-13 17:54 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-06-15 15:43 . 2010-07-23 02:35 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-05-05 02:22 . 2012-05-05 02:22 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-05 00:29 . 2010-05-22 20:40 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-27 03:25 . 2010-04-22 19:29 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-04-27 03:25 . 2010-04-22 19:29 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-04-27 03:25 . 2010-04-22 19:29 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-04-27 03:25 . 2010-04-22 19:29 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-17 04:46 . 2010-07-23 03:15 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-04-17 04:44 . 2010-07-23 02:35 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-04-04 20:56 . 2011-01-20 20:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:35 . 2012-05-10 04:34 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_16.47.34 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-06-21 02:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-21 20:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-06-21 02:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-21 20:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-21 02:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-21 20:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-10 03:34 . 2012-06-21 20:43 51574 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-21 20:43 45382 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-04-06 07:28 . 2012-06-21 20:43 16132 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3934334721-2688114481-2044950610-1001_UserData.bin + 2010-04-05 19:04 . 2012-06-21 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-05 19:04 . 2012-06-21 02:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-05 19:04 . 2012-06-21 02:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-04-05 19:04 . 2012-06-21 20:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-04-05 19:04 . 2012-06-21 20:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-05 19:04 . 2012-06-21 02:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-06 01:05 . 2012-06-22 01:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-06 01:05 . 2012-06-21 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-06 01:05 . 2012-06-22 01:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-06 01:05 . 2012-06-21 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-06-21 02:27 . 2012-06-21 02:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-21 20:39 . 2012-06-21 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-21 02:27 . 2012-06-21 02:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-21 20:39 . 2012-06-21 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-03-18 22:12 . 2012-06-22 01:39 309296 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 05:01 . 2012-06-21 02:26 361968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-21 20:38 361968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-04-28 03:08 . 2012-06-20 22:39 4192664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3934334721-2688114481-2044950610-1001-8192.dat + 2010-04-28 03:08 . 2012-06-21 20:38 4192664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3934334721-2688114481-2044950610-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\MLBDugoutHeroes\GameGuard\dump_wmimmc.sys [x] R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2010-02-01 622624] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 14:19] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 14:19] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001Core.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 00:45] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001UA.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 00:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_Dlls"=0x1 "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\SecuROM\License information*] "datasecu"=hex:b6,53,01,4a,af,e9,db,61,e9,03,64,26,b7,a2,4a,fe,bc,86,27,37,6e, b1,2e,de,91,3e,ce,9d,d4,ac,ce,0e,93,41,db,64,81,d8,63,67,6c,0e,d1,0d,23,8b,\ "rkeysecu"=hex:2e,09,f2,f7,1d,c0,84,5e,d4,12,68,6a,c7,37,40,47 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-21 21:01:33 ComboFix-quarantined-files.txt 2012-06-22 02:01 ComboFix2.txt 2012-06-21 17:30 ComboFix3.txt 2012-06-21 16:56 . Pre-Run: 134,902,173,696 bytes free Post-Run: 136,428,392,448 bytes free . - - End Of File - - C9F0B4E584660A37A92418CCEAB63DD3
- June 22, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

I am sorry. When I first read the instructions I thought it said to save yo desktop. When I get home I will re do this step. Thanks again for your help and patients, I do not know much about this stuff, it is like a new language.
- June 21, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

ComboFix 12-06-21.01 - Matt 06/21/2012 12:14:44.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3950.2274 [GMT -5:00] Running from: c:\users\Matt\Downloads\ComboFix.exe Command switches used :: c:\users\Matt\Desktop\CFScript - Shortcut.lnk AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 17:22 . 2012-06-21 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-20 16:59 . 2012-06-20 16:59 -------- d-----w- C:\_OTL 2012-06-19 14:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{521A4E8D-F690-4890-A8D0-15738EE010E7}\mpengine.dll 2012-06-16 13:25 . 2012-06-16 13:25 250 ----a-w- C:\user.js 2012-06-16 13:24 . 2012-06-17 03:07 -------- d-----w- c:\program files (x86)\PDFReader 2012-06-14 02:56 . 2012-06-14 02:56 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-14 02:55 . 2012-06-14 02:55 -------- d-----w- c:\program files (x86)\Oracle 2012-06-14 02:55 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-06-14 02:39 . 2012-06-14 02:39 -------- d-----w- c:\program files\iTunes 2012-06-14 02:36 . 2012-06-14 02:41 -------- d-----w- c:\users\Matt\AppData\Roaming\.minecraft 2012-06-13 01:25 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 01:25 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 01:25 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 01:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 01:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 01:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 01:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 01:23 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-13 01:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 01:23 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 01:23 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 01:23 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 01:23 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 01:23 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 01:23 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-20 15:27 . 2012-04-12 13:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-20 15:27 . 2011-05-18 18:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-15 15:43 . 2010-07-23 02:35 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-15 15:43 . 2011-09-13 17:54 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-06-15 15:43 . 2010-07-23 02:35 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-05-05 02:22 . 2012-05-05 02:22 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-05 00:29 . 2010-05-22 20:40 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-27 03:25 . 2010-04-22 19:29 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-04-27 03:25 . 2010-04-22 19:29 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-04-27 03:25 . 2010-04-22 19:29 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-04-27 03:25 . 2010-04-22 19:29 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-17 04:46 . 2010-07-23 03:15 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-04-17 04:44 . 2010-07-23 02:35 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-04-04 20:56 . 2011-01-20 20:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:35 . 2012-05-10 04:34 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_16.47.34 ))))))))))))))))))))))))))))))))))))))))) . - 2010-04-06 01:05 . 2012-06-21 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-06 01:05 . 2012-06-21 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-06 01:05 . 2012-06-21 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-06 01:05 . 2012-06-21 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\MLBDugoutHeroes\GameGuard\dump_wmimmc.sys [x] R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2010-02-01 622624] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 14:19] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 14:19] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001Core.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 00:45] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001UA.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 00:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_Dlls"=0x1 "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.id - b2dded3c000000000000b482fe54bc37 FF - user.js: extensions.BabylonToolbar_i.hardId - b2dded3c000000000000b482fe54bc37 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:24 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_7_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\SecuROM\License information*] "datasecu"=hex:b6,53,01,4a,af,e9,db,61,e9,03,64,26,b7,a2,4a,fe,bc,86,27,37,6e, b1,2e,de,91,3e,ce,9d,d4,ac,ce,0e,93,41,db,64,81,d8,63,67,6c,0e,d1,0d,23,8b,\ "rkeysecu"=hex:2e,09,f2,f7,1d,c0,84,5e,d4,12,68,6a,c7,37,40,47 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-21 12:30:21 ComboFix-quarantined-files.txt 2012-06-21 17:30 ComboFix2.txt 2012-06-21 16:56 . Pre-Run: 135,277,498,368 bytes free Post-Run: 134,978,478,080 bytes free . - - End Of File - - 245D140F617FAF9A7F8C6A544AEFCC9B
- June 21, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

Here is the combofix log: ComboFix 12-06-21.01 - Matt 06/21/2012 11:37:17.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3950.2674 [GMT -5:00] Running from: c:\users\Matt\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 16:47 . 2012-06-21 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-20 16:59 . 2012-06-20 16:59 -------- d-----w- C:\_OTL 2012-06-19 14:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{521A4E8D-F690-4890-A8D0-15738EE010E7}\mpengine.dll 2012-06-16 13:25 . 2012-06-16 13:25 250 ----a-w- C:\user.js 2012-06-16 13:24 . 2012-06-17 03:07 -------- d-----w- c:\program files (x86)\PDFReader 2012-06-14 02:56 . 2012-06-14 02:56 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-14 02:55 . 2012-06-14 02:55 -------- d-----w- c:\program files (x86)\Oracle 2012-06-14 02:55 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-06-14 02:39 . 2012-06-14 02:39 -------- d-----w- c:\program files\iTunes 2012-06-14 02:36 . 2012-06-14 02:41 -------- d-----w- c:\users\Matt\AppData\Roaming\.minecraft 2012-06-13 01:25 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 01:25 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 01:25 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 01:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 01:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 01:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 01:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 01:23 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-13 01:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 01:23 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 01:23 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 01:23 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 01:23 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 01:23 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 01:23 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-20 15:27 . 2012-04-12 13:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-20 15:27 . 2011-05-18 18:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-15 15:43 . 2010-07-23 02:35 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-15 15:43 . 2011-09-13 17:54 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-06-15 15:43 . 2010-07-23 02:35 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-05-05 02:22 . 2012-05-05 02:22 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-05 00:29 . 2010-05-22 20:40 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-27 03:25 . 2010-04-22 19:29 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-04-27 03:25 . 2010-04-22 19:29 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-04-27 03:25 . 2010-04-22 19:29 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-04-27 03:25 . 2010-04-22 19:29 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-17 04:46 . 2010-07-23 03:15 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-04-17 04:44 . 2010-07-23 02:35 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-04-04 20:56 . 2011-01-20 20:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 11:35 . 2012-05-10 04:34 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\MLBDugoutHeroes\GameGuard\dump_wmimmc.sys [x] R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2010-02-01 622624] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 14:19] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 14:19] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001Core.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 00:45] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001UA.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 00:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.id - b2dded3c000000000000b482fe54bc37 FF - user.js: extensions.BabylonToolbar_i.hardId - b2dded3c000000000000b482fe54bc37 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:24 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_7_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\SecuROM\License information*] "datasecu"=hex:b6,53,01,4a,af,e9,db,61,e9,03,64,26,b7,a2,4a,fe,bc,86,27,37,6e, b1,2e,de,91,3e,ce,9d,d4,ac,ce,0e,93,41,db,64,81,d8,63,67,6c,0e,d1,0d,23,8b,\ "rkeysecu"=hex:2e,09,f2,f7,1d,c0,84,5e,d4,12,68,6a,c7,37,40,47 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-21 11:56:24 ComboFix-quarantined-files.txt 2012-06-21 16:56 . Pre-Run: 135,601,389,568 bytes free Post-Run: 135,221,391,360 bytes free . - - End Of File - - 61A43BE71AABB56D56B8D305403163E4
- June 21, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 17:47 on 20/06/2012 by Matt Administrator - Elevation successful ========== regfind ========== Searching for "babylon" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\-782759450402614132] "SignerCommonName"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\-782759450402614132] "SignerOrganization"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\4692403964579310501] "SignerCommonName"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\4692403964579310501] "SignerOrganization"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.babylon.com/?affID=109935&tt=060612_7_&babsrc=NT_ss&mntrId=b2dded3c000000000000b482fe54bc37" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}] "Publisher"="Babylon Ltd" ========== folderfind ========== Searching for "*babylon*" C:\_OTL\MovedFiles\06202012_115925\C_ProgramData\Babylon d------ [13:24 16/06/2012] C:\_OTL\MovedFiles\06202012_115925\C_Users\Matt\AppData\Roaming\Babylon d------ [13:24 16/06/2012] C:\_OTL\MovedFiles\06202012_115925\C_Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com d------ [13:24 16/06/2012] -= EOF =-
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 17:09 on 20/06/2012 by Matt Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== regfind ========== Searching for "babylon" [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\-782759450402614132] "SignerCommonName"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\-782759450402614132] "SignerOrganization"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\4692403964579310501] "SignerCommonName"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP11\profiles\ProcMon\data\UnpackedHashTree\4692403964579310501] "SignerOrganization"="Babylon Ltd." [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.babylon.com/?affID=109935&tt=060612_7_&babsrc=NT_ss&mntrId=b2dded3c000000000000b482fe54bc37" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}] "Publisher"="Babylon Ltd" ========== folderfind ========== Searching for "*babylon*" C:\_OTL\MovedFiles\06202012_115925\C_ProgramData\Babylon d------ [13:24 16/06/2012] C:\_OTL\MovedFiles\06202012_115925\C_Users\Matt\AppData\Roaming\Babylon d------ [13:24 16/06/2012] C:\_OTL\MovedFiles\06202012_115925\C_Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com d------ [13:24 16/06/2012] -= EOF =-
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

Search found no results.
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

Thank you again for your help. I do appreciate it. I opened extensions and none were installed. Chrome is set to the page I want and Babylon was not in the search the web list. I could not find "Basic Options"...
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

Firefox opens with no issues. Chrome opens and still redirects to Babylon.
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

OTL fix log: All processes killed ========== OTL ========== HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6CDEBE8F-F388-45C3-A496-C4DE1C3F0BCE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CDEBE8F-F388-45C3-A496-C4DE1C3F0BCE}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "" removed from browser.search.selectedEngine Prefs.js: "http://search.babylon.com/?affID=109935&tt=060612_7_&babsrc=HP_ss&mntrId=b2dded3c000000000000b482fe54bc37" removed from browser.startup.homepage Prefs.js: toolbar@shopathome.com:5.2.0.0 removed from extensions.enabledItems Prefs.js: "http://search.babylon.com/?affID=109935&tt=060612_7_&babsrc=KW_ss&mntrId=b2dded3c000000000000b482fe54bc37&q=" removed from keyword.URL C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com\content folder moved successfully. C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com\components folder moved successfully. C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com folder moved successfully. C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\searchplugins\askcom.xml moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found. Registry value HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. C:\ProgramData\Babylon folder moved successfully. C:\Users\Matt\AppData\Roaming\Babylon folder moved successfully. C:\Users\Matt\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully. C:\Users\Matt\AppData\Roaming\AVG folder moved successfully. C:\Users\Matt\AppData\Roaming\AVG10\cfgall folder moved successfully. C:\Users\Matt\AppData\Roaming\AVG10 folder moved successfully. Folder C:\Users\Matt\AppData\Roaming\Babylon\ not found. ADS C:\ProgramData:$SS_DESCRIPTOR_NBX2V9GKDVVJFXB07KBNF9VY2LL146HB8FJLFETFPJYK58EHLGJ7VVVVVVVVVVVVV deleted successfully. ADS C:\ProgramData:$SS_DESCRIPTOR_NBF2V9GFDVVJKXB07KBNF9VY2LPPJAGVU8XLF75PP4AL1HFLXG4MLNVCLT3EPTJ2TVLPV5VVBVLBV5 deleted successfully. ADS C:\ProgramData\Temp:EC3A9923 deleted successfully. ADS C:\ProgramData\Temp:F72306CC deleted successfully. ADS C:\ProgramData\Temp:20EB6823 deleted successfully. ADS C:\ProgramData\Temp:0B4227B4 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Matt ->Temp folder emptied: 1479945746 bytes ->Temporary Internet Files folder emptied: 79230182 bytes ->Java cache emptied: 3537585 bytes ->FireFox cache emptied: 78152596 bytes ->Google Chrome cache emptied: 387180175 bytes ->Flash cache emptied: 6249377 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1570928 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 285172596 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes RecycleBin emptied: 2599447 bytes Total Files Cleaned = 2,216.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.50.0 log created on 06202012_115925 Files\Folders moved on Reboot... C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

I cannot find BabylonObjectinstaller in my add/remove programs, it is not there. Any suggestions? Thank you again for the help.
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

Extras report OTL Extras logfile created on: 6/20/2012 11:06:24 AM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Matt\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.86 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 66.48% Memory free 7.71 Gb Paging File | 6.24 Gb Available in Paging File | 80.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 360.53 Gb Total Space | 124.95 Gb Free Space | 34.66% Space Free | Partition Type: NTFS Drive D: | 90.13 Gb Total Space | 90.03 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Drive E: | 7.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: LAPTOP1 | User Name: Matt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DFFD8A1-0B28-4937-B7B5-151EA1C5850D}" = lport=10243 | protocol=6 | dir=in | app=system | "{175373B3-AF23-4EBD-818D-EBE5DF0DA524}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{2BA65606-6B43-4C3D-BF1E-3E566FC342A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2CB931F7-58ED-42BD-B46A-66AD7F07DDB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F6ED793-E390-47D2-BA0B-07C096540DA9}" = rport=139 | protocol=6 | dir=out | app=system | "{301C0152-5D08-49EF-B7F2-DF4BDF765A38}" = lport=2869 | protocol=6 | dir=in | app=system | "{302C2B93-CED9-4275-A385-49880C85E02B}" = rport=137 | protocol=17 | dir=out | app=system | "{35913CB6-70E4-4A68-92D5-D9E8FE0B55E6}" = lport=2869 | protocol=6 | dir=in | app=system | "{44FC1FD9-4E27-4332-B92E-F2DF50087DB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5AB16F14-C489-41E0-98CE-C2CB449B8E38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{64647567-CBED-494F-88D3-3EDB2F59FCFD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{662EEEC1-3573-49E4-8ED0-9517053E4FE9}" = lport=138 | protocol=17 | dir=in | app=system | "{7F6D60A1-4262-45C4-81B5-A6A46AFE108B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{88553ABA-094C-4D03-9F24-209A75BC179C}" = rport=10243 | protocol=6 | dir=out | app=system | "{8C2E2631-D5B8-4D3E-ACD1-2F45874EE703}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8EC894B1-711F-4090-9FE3-0B13A1A56192}" = rport=138 | protocol=17 | dir=out | app=system | "{9083553D-C135-4245-8293-F9D54AA00F64}" = lport=139 | protocol=6 | dir=in | app=system | "{99B3ABBF-E515-4B3F-B90C-364312F96FBE}" = lport=445 | protocol=6 | dir=in | app=system | "{9E428976-1AC8-4FA0-BE28-322853F8563F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB901C59-B9BC-4C44-AB26-CD587A186741}" = lport=137 | protocol=17 | dir=in | app=system | "{BBD5766D-7017-4B48-A681-61E7EF079AE0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BD9252B4-ACBF-4821-8989-B7AE527EEEC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D89A0DF3-F524-4C41-9F9C-24DE73F1A110}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EFCEF91A-CC7B-41D4-9D63-188A0DED8B33}" = rport=445 | protocol=6 | dir=out | app=system | "{F1CF7617-C706-45DD-BD91-1FD3BE7D8626}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F360767C-90C5-45AF-8D41-B3D5914F56D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F6176FD3-54E3-44C1-AD74-2567D5F604C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FC96FCF4-8E34-4732-A2A8-BD1211AF95CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F43FF6-308F-415D-85FE-D6DB5E628BDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost recon\ghostrecon.exe | "{03C28C41-91D8-4C6A-BDDD-109A0231DA6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{04CD17D5-883F-487D-A646-478F26F53881}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{0513BC0D-A546-4118-A339-449389AB7BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bejeweled 3\bejeweled3.exe | "{059820C5-9B7F-4290-A0D7-50E457CD6646}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{06C82F02-E782-444B-9C5A-A9F20DEE8C83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{0835C793-DF32-47F1-8E9B-8E8C2EA59832}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{09C64334-E9DE-41CA-9340-A9024F00A187}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{0BB21145-3076-4DF8-AC12-3BF4739E8FB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0CAE4AEB-AE97-418B-8D2C-66E8ACAFBFCB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{0D57DFE5-E436-4546-8EEF-0579D7392E5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0FF60C36-8815-4C59-AD4F-2B044DFE2392}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{11085479-0154-473C-9266-EF7CE7AAF7B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{12ADEE92-8DB6-46A0-BC0F-210144D21A93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{13E7ED7D-B337-49D5-A399-D92DE7853659}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{150A58D3-FBB5-4AEE-A1F9-FC5F227DD3D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi - lost in los angeles\mysterypilosangeles.exe | "{15A0BAFB-F3E5-4A91-9043-9E0983A2DC91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{1633C7C2-D07C-4F49-B986-3B1A0C20D584}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{16799D08-D4E3-47E8-9016-1E1C01191DEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\setup.exe | "{177EDE4B-BA56-4D8B-A983-04A39253D9AC}" = protocol=6 | dir=in | app=c:\gamescampus\mlbdugoutheroes\mlbdugoutheroes.exe | "{17E68B45-8077-4A1C-80AD-2A23ADFAE20A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi - lost in los angeles\mysterypilosangeles.exe | "{180DD0AD-B4C3-422B-B46B-E850144A6F57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A02CC3B-24C3-4A38-B4B9-4ED8156D030B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{1B15EC37-50BB-4F3F-A072-CCFAF34C7FD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | "{1DA41508-CC0B-4BEE-8DE1-B1178CC03E05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{1DD2992A-4F42-44A5-A082-96140C3BC2BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi the vegas heist\mysterypivegas.exe | "{22535CF9-762B-4D78-BB0D-FFFB080BDA94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | "{26A8E8CE-6665-4F66-87B7-1495575851CB}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{26CC441C-F121-44BB-8B23-F52DBFFD4460}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{29301ADC-CA2E-4D1A-939A-209989872C51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{2A14BD0E-362B-4C86-B63E-9E9E1931FA45}" = dir=in | app=e:\setup\hpznui40.exe | "{2B6F8D71-B523-4531-BC7D-744D620FE21B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{2DD2306F-EEA5-4B00-9EB1-99E6BD615424}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{2EFF303A-4633-440A-B0CB-8E1A986CAF1B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{33738FF0-02B5-4AE2-A0A6-A2B651C0FC34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost recon\ghostrecon.exe | "{338CF766-22DC-41E3-942D-2CA6E06B966F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{347FB9FA-B962-4218-A814-A02B5720DB68}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3522E9F4-C3C5-4FD7-B547-04A89A790CC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{368FCA9A-BA85-4C66-9A19-6609BB321B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{36AC573D-051A-4EF6-8524-7EF038BE3710}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{36B2DEE8-260D-4A32-98CB-C1B61C50C7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi - the new york fortune\mysterypinewyork.exe | "{37A23638-27BD-445B-AD35-7E879B5BB64D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{37DD663A-2707-49D0-9D3B-809349CBAAA7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{38E361BB-F346-4A2D-A542-35782240724B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mattburditt@astound.net\counter-strike\hl.exe | "{3C6F05FD-0FB0-4DED-B7F8-E50D5477EDC7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{41593622-5650-40DE-A2DC-2D4FD7F21D39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcry.exe | "{4A248CBA-B132-462C-A5BC-A8DDF4026FA1}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{4AD3C06F-4E86-4A41-908C-CCDAF54DE2E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{4E7688A0-A477-419E-B1C1-12F182D94005}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost recon advanced warfighter\graw.exe | "{5049B8DA-BCD4-458A-802E-C2E1B52C7BF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{50D7EF24-760D-45FA-A543-C2D033113065}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{54553F0B-866B-4F05-BF43-2D9B185E3D6E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{549D9662-C6E7-42C5-98FF-C05C9288FA36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{55D6CB71-8A78-4335-8A24-A31E0F52344A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi\mysterypi.exe | "{585F77DE-B2CE-41BA-BDF5-B9E5CAC0C6B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{5C1FBC02-B1B3-4E05-93E4-832373BB41F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\setup.exe | "{5ECFBB5B-6270-4342-B0E9-97801F562C6F}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe | "{63DC43D2-FBD6-437C-905F-A0CA9E234C38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6584E1FC-6DAE-401B-9EA7-6DFF52902E09}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{670773D7-495A-4E5B-B89A-65857B591C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mattburditt@astound.net\counter-strike\hl.exe | "{676632F9-4A57-448D-93EE-C9A761EAC474}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{6EA24150-A599-4052-A764-5992E90BE919}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{6EEA6D70-2064-458A-A4BB-AFBCE7977807}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{71BD934F-1700-4E1E-BBA5-12E495888F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bejeweled 3\bejeweled3.exe | "{72E976D1-2C23-41A5-B4A2-9050E40DE61B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe | "{72EC700E-0308-448A-A3F4-20B9CAA2F5E1}" = protocol=6 | dir=out | app=system | "{7310C87B-9D35-4D35-BE99-24D82194CC62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{73ECA0BF-9073-4514-9E23-96D89DD77464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{74C6C269-FF8F-44DB-B095-7832322F4475}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | "{7532BBDC-9546-4F14-A797-45D984D1F49D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | "{7CF65ED9-4455-4723-A462-A841392B3414}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D07E390-A5DB-4F77-8CC6-A6C9FA25AB72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{7E572421-B8B9-4619-87B9-896AD0426C2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{7F54880C-0631-4100-B1AF-FF22DED81ADF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{816358A0-C555-43A0-96FA-577E86C23F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{817A5DCA-879D-44A3-B903-530EEE140654}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8269CF0D-B0FD-4ABC-8DDD-278815A96DA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{82C6676F-5732-4DD7-A540-6313AA43BE21}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | "{878FEFFA-0888-4925-B96F-D997437389DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | "{87EA07FD-5F51-48C1-AFB3-C20B80FED413}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{89EFF393-6457-49C0-934E-69B13522D0C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi\mysterypi.exe | "{8C4BEF17-ECB1-452A-922A-43123673B59B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{8DCC1F7E-8B8E-45CE-990F-36848C377818}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{8FE9447F-6698-43B8-9BCA-474AF62F945B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9060E7D3-6C61-403B-8B1F-2229381B74CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{92C1FA3D-EFF1-4243-9983-224423B22339}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{94105EAB-77C2-4822-BA1A-C767E56B3921}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{94745994-82DD-4F23-8CF4-59470896918B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{94F9B27A-75DE-451A-B3F9-0F1DF5AAAA88}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{96539CE9-66F4-4501-AB67-E9FD33F11EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcry.exe | "{9A81D78C-0840-4F3A-801E-9A9F43FA7515}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{9FA83FE5-C522-4BFF-97C3-4B41BFEB6D14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{A0FE313B-CE32-418C-AF19-EDCB941798BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi the vegas heist\mysterypivegas.exe | "{A11B8410-7CEA-4478-9D18-F8F1A2C6F5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe | "{A5190A13-81B6-411C-B5BB-9E4536AEF7C6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A7832F5B-C62D-4800-BA7E-A357BFC53631}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A87B3C05-D7C3-404E-A780-B1D5E148E580}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe | "{AC851917-40B0-4B9E-A931-813085F22AA1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{AD9C4E62-6A1F-41B2-9FBA-CFEE507E381F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{AE1CF894-AD19-42FB-B8AA-8F9CB5B18DEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{AFBA82A8-2BC2-4DAE-A846-A9349C07371A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{B2871473-D4AB-4CF0-BCD6-07596D3D58CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe | "{B37F0EAE-67D1-4945-ADEF-AE3A8A96862D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{B46CE4B4-4253-4D57-9573-DA0839F2FDC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{B4896419-697F-4613-A5B3-14100C1CB697}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{B7ED1114-6FEB-4F39-B79F-5D8DB8170796}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{BAA8126F-F51C-480A-8DDD-7E681781AD58}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{BDFA9292-026A-4ED0-A5A6-546BCB071C62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | "{C0083B6B-5FBD-4A02-A4B0-50CB4A44531C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zuma's revenge\zumasrevenge.exe | "{C40D6ADF-61A1-4D37-BAD8-9CDF187A4CCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C580AB1A-6476-476F-9E88-2CC55A2E348D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | "{C66CBA62-6CE7-40A0-B425-45464CAB3364}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C84463AB-0BC4-4C9F-AF17-5543A226E7CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{CB1A0E2F-8E2C-406E-92D0-C211A7A47E0A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D099B1A9-D692-4DD7-B7C7-A8A098DE657F}" = protocol=17 | dir=in | app=c:\gamescampus\mlbdugoutheroes\mlbdugoutheroes.exe | "{D14E3CB0-E6E7-436A-A842-07A8FE064441}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | "{D2033EF5-5ED2-469D-8FAD-BBBA454C6B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{D353399D-6EA3-452C-B6D0-8B22B2648240}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | "{D4F3BD8A-38CD-46F2-A380-DF9FAECDE25B}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{D5E8510B-531C-4F4A-8A60-22CE9BF0FC1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{D67ED4B9-2A39-4C4C-98F9-2411D8C7B4C7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DA43E7F2-1375-4A16-B7BE-E49B2191935F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DAE0B61D-F5FD-4C8A-9EF2-BBEFA601786E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | "{DD32FBB3-4837-4C66-BC0F-0B3BC7EEDA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{E20B1076-EE04-4B39-AA51-9E122F41E036}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe | "{E3B0D57F-3270-404B-86F5-56779AC5B07A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E81FD292-1605-430A-A38F-6CEF4B0343C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | "{E92A5C0B-C95E-44FE-B7E9-CBC7D0DFD9EF}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | "{ECC38291-93D6-4E13-A0C6-D0CF17AEFF42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{EFB70400-32B2-487C-892D-506E2AACE12A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{EFC75368-B8DC-44FC-8E86-85D425768774}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F0B7980B-4FC0-4FED-943F-124EBA6F21EB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F23521D6-D9C5-4D30-9592-DAB4025FB0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{F2789DE8-E056-4106-9B9C-8548C4D768F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe | "{F62EF078-34AB-47DB-8EA5-FA50B5DE8FB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | "{F7BEB352-3C29-498B-ACA9-24C937AF1505}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mattburditt@astound.net\half-life\hl.exe | "{F826F7DF-7A74-4E21-9946-A2A5EED82A85}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F8754778-75E1-4696-BAD4-C64E30D9B742}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost recon advanced warfighter\graw.exe | "{F8DDFFFD-7042-4A7C-B031-06445CFA2F05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{F946CCB7-A53F-4BE6-AD58-6901AC362111}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F96C5BCA-243F-4FC0-A53D-61064DBB9B6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mattburditt@astound.net\half-life\hl.exe | "{F970CDFB-D623-443D-B1EE-1EFC907A9F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zuma's revenge\zumasrevenge.exe | "{FAE787EA-1544-42CC-81B9-3D9C50D93349}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FCBE749F-AD26-4472-8847-0AC0980A52FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{FD52ABC6-9F6B-4E33-B0E5-02C6D031C68D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{FE482EBD-C9F1-4A65-828B-22C2C0F4A415}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{FF4E8B0F-21F3-46EC-ABE5-1A2B6669EBBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mystery pi - the new york fortune\mysterypinewyork.exe | "TCP Query User{1A84D3E1-314B-467C-9165-35E690091BF1}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "TCP Query User{2C31B1C2-3E11-4B26-835E-258688D7F355}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "UDP Query User{23243167-4DF1-4265-9AE2-069C0A567487}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "UDP Query User{E73CAAA1-C6E1-4BE5-965B-8C75E1682EEA}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20654556-7EE7-4D9F-850B-A6D458FB61EB}" = WMS Slots Reel 'em In "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}" = Angry Birds "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6E45EA6F-22E1-4E9A-870C-BCE078B102BF}" = Hoyle Card Games 2012 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2EDD0AB-36DF-46A6-AD2D-CCBA7CC8E196}" = Hoyle Casino Games 2012 "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War 1.5 Patch "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CD39C2AA-EC38-421D-A179-9BFBA3571E7F}" = Hoyle Swashbucklin' Slots "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B2AA8F-CC52-4298-A48E-A9BA169546B6}" = Cabela's Outdoor Adventures "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BFGC" = Big Fish Games: Game Manager "BFG-Crime Solitaire" = Crime Solitaire "BFG-Fairway Collector's Edition" = Fairway ™ Collector's Edition "BFG-Jigsaws Galore" = Jigsaws Galore "BN_DesktopReader" = NOOK for PC "Fiddler2" = Fiddler2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War 1.1 Patch "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War 1.5 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010) "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US) "Neonatal Resuscitation DVD-ROM" = Neonatal Resuscitation DVD-ROM "OpenAL" = OpenAL "PunkBusterSvc" = PunkBuster Services "Rockstar Games Social Club" = Rockstar Games Social Club "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 110800" = L.A. Noire: The Complete Edition "Steam App 12110" = Grand Theft Auto: Vice City "Steam App 13520" = Far Cry "Steam App 13640" = Tom Clancy's Ghost Recon: Advanced Warfighter "Steam App 15300" = Tom Clancy's Ghost Recon "Steam App 17460" = Mass Effect "Steam App 19900" = Far Cry 2 "Steam App 207610" = The Walking Dead "Steam App 3500" = Mystery P.I.: The Lottery Ticket "Steam App 3520" = Mystery PI: The Vegas Heist "Steam App 3570" = Mystery P.I.: The New York Fortune "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 3610" = Mystery P.I.: Lost in Los Angeles "Steam App 3620" = Zuma's Revenge "Steam App 40990" = Mafia "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 4560" = Company of Heroes "Steam App 50130" = Mafia II "Steam App 620" = Portal 2 "Steam App 63380" = Sniper Elite V2 "Steam App 7670" = BioShock "Steam App 78000" = Bejeweled 3 "Steam App 7940" = Call of Duty 4: Modern Warfare "Steam App 8930" = Sid Meier's Civilization V "SystemRequirementsLab" = System Requirements Lab "TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) "UnityWebPlayer" = Unity Web Player (All users) "UPCShell" = LeapFrog Connect "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3934334721-2688114481-2044950610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "PDF Reader" = PDF Reader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/21/2012 10:07:42 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1045 Error - 5/21/2012 10:07:42 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1045 Error - 5/21/2012 10:07:44 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/21/2012 10:07:44 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2199 Error - 5/21/2012 10:07:44 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2199 Error - 5/21/2012 10:07:45 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/21/2012 10:07:45 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3198 Error - 5/21/2012 10:07:45 PM | Computer Name = laptop1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3198 Error - 5/22/2012 6:54:59 PM | Computer Name = laptop1 | Source = LeapFrog Connect Device Service | ID = 0 Description = Error - 5/22/2012 6:55:00 PM | Computer Name = laptop1 | Source = LeapFrog Connect Device Service | ID = 0 Description = [ System Events ] Error - 6/16/2012 10:50:15 PM | Computer Name = laptop1 | Source = EventLog | ID = 6008 Description = The previous system shutdown at 9:49:11 PM on ?6/?16/?2012 was unexpected. Error - 6/16/2012 10:51:54 PM | Computer Name = laptop1 | Source = DCOM | ID = 10016 Description = Error - 6/16/2012 11:09:49 PM | Computer Name = laptop1 | Source = DCOM | ID = 10016 Description = Error - 6/17/2012 2:33:14 PM | Computer Name = laptop1 | Source = DCOM | ID = 10010 Description = Error - 6/18/2012 10:06:52 PM | Computer Name = laptop1 | Source = Service Control Manager | ID = 7034 Description = The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). Error - 6/18/2012 10:07:22 PM | Computer Name = laptop1 | Source = DCOM | ID = 10010 Description = Error - 6/20/2012 11:23:23 AM | Computer Name = laptop1 | Source = EventLog | ID = 6008 Description = The previous system shutdown at 10:21:38 AM on ?6/?20/?2012 was unexpected. Error - 6/20/2012 11:24:38 AM | Computer Name = laptop1 | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. Error - 6/20/2012 11:24:38 AM | Computer Name = laptop1 | Source = Service Control Manager | ID = 7000 Description = The SBSD Security Center Service service failed to start due to the following error: %%1053 Error - 6/20/2012 11:25:50 AM | Computer Name = laptop1 | Source = DCOM | ID = 10016 Description = < End of report >
- June 20, 2012
- 30 replies
Can not get rid of Babylon

mattb74 replied to mattb74's topic in Resolved Malware Removal Logs

Thank you for the prompt response! Here are the files you requested. OTL OTL logfile created on: 6/20/2012 11:06:24 AM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Matt\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.86 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 66.48% Memory free 7.71 Gb Paging File | 6.24 Gb Available in Paging File | 80.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 360.53 Gb Total Space | 124.95 Gb Free Space | 34.66% Space Free | Partition Type: NTFS Drive D: | 90.13 Gb Total Space | 90.03 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Drive E: | 7.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: LAPTOP1 | User Name: Matt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/20 11:04:29 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe PRC - [2012/06/15 10:43:20 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012/06/15 10:43:06 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2010/01/18 21:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/12/14 02:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/11/03 23:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/02 18:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/15 10:43:20 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012/06/15 10:43:06 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/05/18 22:23:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2011/01/12 14:40:17 | 003,963,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/03/05 04:54:50 | 000,311,296 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/08/05 12:27:38 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb) DRV:64bit: - [2011/08/05 12:27:32 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN) DRV:64bit: - [2011/04/05 17:20:52 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/07 15:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010/02/01 12:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) DRV:64bit: - [2009/11/25 16:32:58 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/11/20 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/10/09 22:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/10/02 11:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/09/29 17:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/09/28 04:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/28 22:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/08/28 22:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/01 15:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 01:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2009/12/16 17:37:12 | 000,613,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/01/03 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\SearchScopes\{6CDEBE8F-F388-45C3-A496-C4DE1C3F0BCE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=crm&q={searchTerms}&locale=&apn_ptnrs=8W&apn_dtid=YYYYYYYYUS&apn_uid=487279b7-4bbf-44ee-a809-eabac8a98e75&apn_sauid=B4BAAE08-8903-4031-B494-C177D62ED43D IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\SearchScopes\{9ABB20D5-66E1-4F78-A7CD-A6E4D30C34E5}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109935&tt=060612_7_&babsrc=HP_ss&mntrId=b2dded3c000000000000b482fe54bc37" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109935&tt=060612_7_&babsrc=KW_ss&mntrId=b2dded3c000000000000b482fe54bc37&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/08/08 16:53:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/12 14:26:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 13:03:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 13:03:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 13:03:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/13 21:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/13 21:55:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/12 14:26:42 | 000,000,000 | ---D | M] [2010/04/05 15:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions [2012/06/16 08:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions [2012/06/16 08:25:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\extensions\ffxtlbr@babylon.com [2011/07/30 10:42:54 | 000,002,570 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\59x4js80.default\searchplugins\askcom.xml [2012/02/20 20:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/26 20:35:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/05/22 15:40:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/09 13:16:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/17 06:23:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/03/03 11:39:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/12 07:56:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/02/20 20:35:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011/04/05 17:22:18 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011/04/05 17:22:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2010/08/08 16:53:42 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK [2011/05/31 13:03:31 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2011/05/31 13:03:31 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\LINKFILTER@KASPERSKY.RU [2011/05/31 13:03:31 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011/05/20 08:51:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/16 08:24:51 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011/05/20 08:51:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Default = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\ CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found. O3 - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe (DataLode, Inc.) O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe (DataLode, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3934334721-2688114481-2044950610-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732243B0-2C6B-4CF2-B8D5-BCC30F13DD33}: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/20 10:56:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\hijack [2012/06/16 08:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/06/16 08:24:36 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Babylon [2012/06/16 08:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFReader [2012/06/13 21:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/06/13 21:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/06/13 21:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/06/13 21:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/06/13 21:36:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\.minecraft [2012/06/13 21:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/06/13 21:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/06/03 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA Vice City User Files [3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/20 11:05:24 | 000,001,087 | ---- | M] () -- C:\Users\Matt\Desktop\OTL - Shortcut.lnk [2012/06/20 10:54:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/20 10:32:50 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 10:32:50 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 10:28:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001UA.job [2012/06/20 10:26:13 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/20 10:23:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/20 10:23:15 | 3106,111,488 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 22:28:01 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934334721-2688114481-2044950610-1001Core.job [2012/06/17 06:57:36 | 000,000,038 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan [2012/06/16 08:25:10 | 000,000,250 | ---- | M] () -- C:\user.js [2012/06/15 10:43:20 | 000,107,832 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe [2012/06/15 10:43:06 | 002,250,024 | ---- | M] () -- C:\windows\SysWow64\pbsvc.exe [2012/06/15 10:43:06 | 000,066,872 | ---- | M] () -- C:\windows\SysWow64\PnkBstrA.exe [2012/06/14 22:08:55 | 000,000,221 | ---- | M] () -- C:\Users\Matt\Desktop\Far Cry.url [2012/06/13 22:13:35 | 000,000,752 | ---- | M] () -- C:\Users\Matt\Desktop\Minecraft - Shortcut.lnk [2012/06/13 21:39:44 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/06/13 21:30:49 | 000,002,515 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/06/13 13:39:45 | 000,372,112 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/13 13:18:48 | 000,747,008 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/13 13:18:48 | 000,628,554 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/13 13:18:48 | 000,108,700 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/20 11:05:24 | 000,001,087 | ---- | C] () -- C:\Users\Matt\Desktop\OTL - Shortcut.lnk [2012/06/17 06:57:36 | 000,000,038 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan [2012/06/16 08:25:09 | 000,000,250 | ---- | C] () -- C:\user.js [2012/06/14 22:08:54 | 000,000,221 | ---- | C] () -- C:\Users\Matt\Desktop\Far Cry.url [2012/06/13 22:13:35 | 000,000,752 | ---- | C] () -- C:\Users\Matt\Desktop\Minecraft - Shortcut.lnk [2012/06/13 21:39:44 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/11/15 11:01:35 | 000,000,618 | ---- | C] () -- C:\windows\eReg.dat [2011/10/27 21:46:08 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\{C7344342-A965-4768-9703-B5187C7F2A18} [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011/09/13 12:54:18 | 002,250,024 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe [2011/06/17 07:43:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2010/11/12 13:56:11 | 000,007,615 | ---- | C] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg [2010/09/12 14:19:04 | 000,207,259 | ---- | C] () -- C:\windows\hpwins28.dat [2010/07/22 21:35:57 | 000,107,832 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2010/07/22 21:35:55 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2010/07/22 21:35:48 | 000,000,331 | ---- | C] () -- C:\windows\game.ini [2010/07/22 20:30:42 | 000,000,166 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2012/06/13 21:41:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft [2011/07/30 19:43:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG [2010/10/28 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG10 [2012/06/16 08:24:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Babylon [2011/09/11 00:20:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Barnes & Noble [2012/03/14 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Big Fish Games [2012/04/10 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Bioshock [2010/07/18 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Encore [2012/02/10 21:56:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hoyle [2012/02/10 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hoyle Blackjack [2012/03/12 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hoyle Card Games [2012/03/12 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hoyle Casino [2012/02/16 23:42:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hoyle FaceCreator [2010/07/24 13:22:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hoyle Puzzle and Board Games [2011/05/29 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\iWin [2012/04/26 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Jigsaws Galore [2011/01/26 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LEGO Company [2010/05/11 16:31:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Masque [2011/05/29 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenCandy [2011/05/21 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org [2011/10/14 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Rovio [2012/01/23 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SteamPopCapv1002 [2010/11/13 23:08:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SystemRequirementsLab [2010/09/05 18:44:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template [2011/06/30 08:18:11 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer [2010/09/28 23:16:31 | 000,032,612 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 56035 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBX2V9GKDVVJFXB07KBNF9VY2LL146HB8FJLFETFPJYK58EHLGJ7VVVVVVVVVVVVV @Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBF2V9GFDVVJKXB07KBNF9VY2LPPJAGVU8XLF75PP4AL1HFLXG4MLNVCLT3EPTJ2TVLPV5VVBVLBV5 @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:EC3A9923 @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:F72306CC @Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:20EB6823 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report > Will not let me post both reports, will post Extras in another reply.
- June 20, 2012
- 30 replies

Sign In

mattb74

Posts

Joined

Last visited

Reputation

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Can not get rid of Babylon

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information