Another Babylon removal!

[iwanttodirect]

Babylon malware is driving me crazy. Tried to remove it myself but failed, please help.

Aaron

[Maniac]

Hello Aaron and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

[iwanttodirect]

Thank you for your help. Here is the logs:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35

Run by Aaron at 9:29:46 on 2012-09-22

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3582.1991 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\Dell\PanelMgr\SSMMgr.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Users\Aaron\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\WUDFHost.exe

C:\Users\Aaron\Desktop\Diagnostic\YUMI-0.0.7.3.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms}

uStart Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=hp

uDefault_Page_URL = about:blank

uSearch Bar = Preserve

mDefault_Page_URL = about:blank

mStart Page = about:blank

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms}

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - No File

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File

{ae07101b-46d4-4a98-af68-0333ea26e113}

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

uRun: [Google Update] "c:\users\aaron\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [googletalk] c:\users\aaron\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Dell PanelMgr] c:\windows\dell\panelmgr\SSMMgr.exe /autorun

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\aaron\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\users\aaron\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{DB4D2AAB-EA92-4CCF-BEAA-C75ACBEE58AB} : DhcpNameServer = 192.168.1.254

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\ko72w7jk.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_3&babsrc=HP_ss&mntrId=24f8ff3a000000000000001f3a9b56ae

FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\users\aaron\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\users\aaron\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\aaron\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\aaron\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=24f8ff3a000000000000001f3a9b56ae&q=

FF - user.js: extensions.BabylonToolbar.id - 24f8ff3a000000000000001f3a9b56ae

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15599

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1210:51:10

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112542&tt=120912_pcp_3712_3

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-21 729752]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-21 355632]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-21 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-21 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-16 44808]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-12 2348352]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2012-1-20 5120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-12 250568]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-9 114144]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-28 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2012-09-22 12:24:10 -------- d-----w- C:\pebuilder3110a

2012-09-22 12:03:32 -------- d-----w- c:\users\aaron\appdata\roaming\Malwarebytes

2012-09-22 12:03:22 -------- d-----w- c:\programdata\Malwarebytes

2012-09-22 12:03:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-22 12:03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-22 11:39:41 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-22 01:39:18 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{206279d4-2489-49f9-97db-eb0c57cf8e2e}\mpengine.dll

2012-09-16 16:01:48 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-16 14:58:25 -------- d-----w- c:\program files\v9Soft

2012-09-16 14:51:59 -------- d-----w- c:\programdata\Browser Manager

2012-09-16 14:50:42 -------- d-----w- c:\users\aaron\appdata\roaming\Babylon

2012-09-16 14:50:42 -------- d-----w- c:\programdata\Babylon

2012-09-16 14:30:16 -------- d-----w- C:\DriveKey

2012-09-16 14:29:45 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2012-09-16 14:29:45 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2012-09-16 14:29:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2012-09-16 14:29:44 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2012-09-16 14:29:42 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2012-09-15 16:40:16 -------- d-----w- c:\program files\Seagate

2012-09-15 16:38:16 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2012-09-15 02:42:24 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2012-09-14 13:11:34 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-14 13:11:34 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-14 13:11:33 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

==================== Find3M ====================

.

2012-09-22 11:39:25 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-15 02:02:00 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-15 02:02:00 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr

2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll

.

============= FINISH: 9:30:19.85 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/22/2011 7:19:10 AM

System Uptime: 9/22/2012 7:27:45 AM (2 hours ago)

.

Motherboard: Dell Inc. | | 0UK437

Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 42.721 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F21028&REV_12\4&30490591&0&0AF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F21028&REV_12\4&30490591&0&0AF0

Service:

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F21028&REV_12\4&30490591&0&0BF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F21028&REV_12\4&30490591&0&0BF0

Service:

.

==== System Restore Points ===================

.

RP89: 9/15/2012 12:39:59 PM - Installed SeaTools for Windows

RP91: 9/16/2012 10:29:54 AM - Installed HP USB Disk Storage Format Tool

RP92: 9/21/2012 9:37:29 PM - Removed BabylonObjectInstaller

RP93: 9/21/2012 9:39:33 PM - Removed BabylonObjectInstaller

RP94: 9/21/2012 9:40:02 PM - Removed BabylonObjectInstaller

RP95: 9/22/2012 3:00:12 AM - Windows Update

RP96: 9/22/2012 7:37:41 AM - Installed Java™ 6 Update 35

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Apple Application Support

Apple Software Update

avast! Free Antivirus

Bluetooth Stack for Windows by Toshiba

Crystal Reports for Visual Studio

Dell 1230c Color Laser Printer

DivX Setup

Dotfuscator Software Services - Community Edition

DVD Flick 1.3.0.7

Evernote v. 4.5.6

Google Chrome

Google SketchUp 8

Google Talk (remove only)

Google Talk Plugin

Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2542054)

HP USB Disk Storage Format Tool

Java Auto Updater

Java™ 6 Update 35

Laptop Integrated Webcam Driver (1.04.01.1011)

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Games for Windows - LIVE Redistributable

Microsoft Help Viewer 1.0

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime v1.0 SP1 (x86)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x86)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Office Developer Tools (x86)

Microsoft Visual Studio 2010 Performance Collection Tools - ENU

Microsoft Visual Studio 2010 Premium - ENU

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Visual Studio Macro Tools

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Game Studio 4.0

Microsoft XNA Game Studio 4.0 (ARP entry)

Microsoft XNA Game Studio 4.0 (Redists)

Microsoft XNA Game Studio 4.0 (Shared Components)

Microsoft XNA Game Studio 4.0 (Visual Studio)

Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

Microsoft XNA Game Studio 4.0 Documentation

Microsoft XNA Game Studio Platform Tools

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA 3D Vision Driver 295.73

NVIDIA Control Panel 295.73

NVIDIA Graphics Driver 295.73

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0209

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.7.11

NVIDIA Update Components

OpenOffice.org 3.3

PE Builder 3.1.10a

QuickTime

SDFormatter

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)

Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)

Service Pack 1 for SQL Server 2008 (KB968369)

Sql Server Customer Experience Improvement Program

Steam

System Requirements Lab

Unity

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Vuze

Web Deployment Tool

WinImage

.

==== Event Viewer Messages From Past Week ========

.

9/22/2012 7:28:22 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

9/21/2012 9:29:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

9/21/2012 9:29:42 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/16/2012 12:16:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

9/16/2012 10:51:33 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.

9/16/2012 10:47:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

9/16/2012 10:32:12 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

9/15/2012 11:51:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

9/15/2012 11:51:02 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/15/2012 1:18:35 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

.

==== End Of File ===========================

[Maniac]

Step 1

Please uninstall: Vuze

Step 2

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

[iwanttodirect]

# AdwCleaner v2.002 - Logfile created 09/23/2012 at 11:33:41

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Aaron - AARON-W7LT

# Boot Mode : Normal

# Running from : C:\Users\Aaron\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\user.js

File Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\searchplugins\BabylonMngr.xml

File Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\searchplugins\Web Search.xml

Folder Found : C:\Program Files\Conduit

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\Users\Aaron\AppData\Local\Conduit

Folder Found : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Folder Found : C:\Users\Aaron\AppData\Local\Temp\CT2504091

Folder Found : C:\Users\Aaron\AppData\LocalLow\Conduit

Folder Found : C:\Users\Aaron\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Aaron\AppData\Roaming\Babylon

Folder Found : C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BrowserMngr

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKU\S-1-5-21-2341687015-3009157406-3699843978-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKU\S-1-5-21-2341687015-3009157406-3699843978-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-2341687015-3009157406-3699843978-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=hp

[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_3&babsrc=HP_ss&mntrId=24f8ff3a000000000000001f3a9b56ae

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_3&babsrc=NT_ss&mntrId=24f8ff3a000000000000001f3a9b56ae

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\prefs.js

Found : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_[...]

Found : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Found : user_pref("browser.search.order.1", "Search the web (Babylon)");

Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_3&[...]

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=112542&tt=120912_pcp_3712_3");

Found : user_pref("extensions.BabylonToolbar.bbDpng", "16");

Found : user_pref("extensions.BabylonToolbar.cntry", "US");

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Found : user_pref("extensions.BabylonToolbar.excTlbr", false);

Found : user_pref("extensions.BabylonToolbar.hdrMd5", "A0B6DF0A5221C1555CF746056EDEE6EC");

Found : user_pref("extensions.BabylonToolbar.hmpg", false);

Found : user_pref("extensions.BabylonToolbar.id", "24f8ff3a000000000000001f3a9b56ae");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15599");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1210:51:10");

Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Found : user_pref("extensions.BabylonToolbar.newTab", false);

Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...]

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.sg", "tzb");

Found : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1210:51:10");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=120912_pcp_3712_3");

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1210:51:10");

Found : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=U[...]

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");

Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_37[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.41] : keyword = "feed.snap.do",

Found [l.44] : search_url = "hxxp://feed.snap.do/?publisher=SnapDoForPartners&dpid=UnknownProvider&searchtype=ds&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [9265 octets] - [23/09/2012 11:33:41]

########## EOF - C:\AdwCleaner[R1].txt - [9325 octets] ##########

[iwanttodirect]

Also this feed.snap thing in chrome is not welcome.

[Maniac]

Let's kill them.

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

[iwanttodirect]

It looks good so far. No Snap.do and Babylon crap.

# AdwCleaner v2.002 - Logfile created 09/23/2012 at 13:16:59

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Aaron - AARON-W7LT

# Boot Mode : Normal

# Running from : C:\Users\Aaron\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\searchplugins\BabylonMngr.xml

File Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\searchplugins\Web Search.xml

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Aaron\AppData\Local\Conduit

Folder Deleted : C:\Users\Aaron\AppData\Local\Temp\CT2504091

Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Aaron\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Aaron\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-21-2341687015-3009157406-3699843978-1008\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=hp --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_3&babsrc=HP_ss&mntrId=24f8ff3a000000000000001f3a9b56ae --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_3&babsrc=NT_ss&mntrId=24f8ff3a000000000000001f3a9b56ae --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=d285a7aa-b98c-4c66-a6ab-53a4bff0f6dc&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\prefs.js

C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ko72w7jk.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_[...]

Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_3712_3&[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112542&tt=120912_pcp_3712_3");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "16");

Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A0B6DF0A5221C1555CF746056EDEE6EC");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "24f8ff3a000000000000001f3a9b56ae");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15599");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1210:51:10");

Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...]

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1210:51:10");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=120912_pcp_3712_3");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1210:51:10");

Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=U[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=112542&tt=120912_pcp_37[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.41] : keyword = "feed.snap.do",

Deleted [l.44] : search_url = "hxxp://feed.snap.do/?publisher=SnapDoForPartners&dpid=UnknownProvider&searchtype=ds&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [9394 octets] - [23/09/2012 11:33:41]

AdwCleaner[s1].txt - [9683 octets] - [23/09/2012 13:16:59]

########## EOF - C:\AdwCleaner[s1].txt - [9743 octets] ##########

[Maniac]

So everything is fine now, right?

[iwanttodirect]

Yes it is. Thank you very much.

[Maniac]

Glad I could help!

Please manually delete AdwCleaner and DDS.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!