|
|
|
babylon toolbar registry key
|
|
Senior Member
|
19. October 2012 @ 11:00 |
Link to this message
|
|
got a combo log file should i post part or all of it
|
|
Advertisement
|
 |
|
|
Senior Member
|
19. October 2012 @ 11:01 |
Link to this message
|
re run spybot finds same thing
|
Senior Member
|
19. October 2012 @ 11:07 |
Link to this message
|
combofix runs fine on my win7 64bit.post what you have for a log.maybe it will tell us why it didnt complete.in the mean time have you looked at trend micro site for their bho remover.from what ive been able to gather,nothing new has happened with spybot in years.it was once a good tool but i question its usefulness today.even when i used it i got a lot of false positives.ive had the babylon tool bar show up on the kids computer and it wasnt that difficult to get rid of.
|
Senior Member
|
19. October 2012 @ 11:08 |
Link to this message
|
ComboFix 12-10-18.03 - Michael 19/10/2012 15:52:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6056.4271 [GMT 1:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\SysWow64\msstdfmt.dll
P:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 14:55 . 2012-10-19 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 14:40 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-19 14:39 . 2012-10-19 14:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{572DCA8E-9AE3-4679-8EFE-A615D3AE7AA7}\offreg.dll
2012-10-19 14:06 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{572DCA8E-9AE3-4679-8EFE-A615D3AE7AA7}\mpengine.dll
2012-10-15 01:15 . 2012-10-15 01:15 -------- d-----w- c:\users\Michael\AppData\Roaming\CheeseSoft
2012-10-15 01:15 . 2012-10-15 01:33 -------- d-----w- c:\program files (x86)\FinalUninstaller
2012-10-15 01:00 . 2012-10-15 01:00 -------- d-----w- c:\program files\Adobe
2012-10-15 00:30 . 2012-10-15 00:30 -------- d-----w- c:\users\Michael\AppData\Local\Diagnostics
2012-10-14 09:38 . 2012-10-14 09:38 -------- d-----w- c:\users\Michael\AppData\Roaming\SpeedMaxPc
2012-10-14 09:38 . 2012-10-14 09:38 -------- d-----w- c:\users\Michael\AppData\Roaming\DriverCure
2012-10-14 09:38 . 2012-10-14 09:40 -------- d-----w- c:\programdata\SpeedMaxPc
2012-10-13 16:51 . 2012-10-13 16:51 -------- d-----w- c:\windows\IswTmp
2012-10-13 16:24 . 2012-10-13 16:24 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 16:24 . 2012-10-13 16:24 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 19:21 . 2012-10-12 19:21 -------- d-----w- c:\users\Michael\AppData\Roaming\No Company Name
2012-10-12 18:38 . 2012-10-12 18:38 -------- d-----w- c:\users\Michael\AppData\Roaming\PDAppFlex
2012-10-12 18:34 . 2012-10-12 19:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-10-11 23:35 . 2012-10-11 23:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-11 23:34 . 2012-10-11 23:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-11 23:34 . 2012-10-11 23:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-11 23:34 . 2012-10-19 14:40 -------- d-----w- c:\program files (x86)\Java
2012-10-09 22:55 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:55 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 22:55 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-09-27 07:45 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 17:57 . 2012-08-24 10:17 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-21 13:42 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-09-21 13:42 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-09-21 13:38 . 2012-10-12 19:23 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-21 12:42 . 2012-09-21 12:42 -------- d-----w- c:\users\Michael\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-09-21 12:42 . 2012-09-21 12:42 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 00:42 . 2012-09-09 19:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 00:42 . 2012-09-09 19:12 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-27 23:18 . 2012-09-08 22:10 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-09 18:49 . 2012-09-09 18:49 99384 ----a-w- c:\users\Michael\AppData\Roaming\ezpinst.exe
2012-09-09 18:49 . 2012-09-09 18:49 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-09-09 18:49 . 2012-09-09 18:49 82816 ----a-w- c:\users\Michael\AppData\Roaming\pcouffin.sys
2012-09-09 07:48 . 2012-09-09 07:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-09 07:48 . 2012-09-09 07:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-09 07:48 . 2012-09-09 07:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-09 07:48 . 2012-09-09 07:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-09 07:48 . 2012-09-09 07:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-09 07:48 . 2012-09-09 07:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-09 07:48 . 2012-09-09 07:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-09 07:48 . 2012-09-09 07:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-09 07:48 . 2012-09-09 07:48 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-09 07:48 . 2012-09-09 07:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-09 07:48 . 2012-09-09 07:48 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-09 07:48 . 2012-09-09 07:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-09 07:48 . 2012-09-09 07:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-09 07:48 . 2012-09-09 07:48 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-09 07:48 . 2012-09-09 07:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-09 07:48 . 2012-09-09 07:48 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-09 07:48 . 2012-09-09 07:48 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-09 07:48 . 2012-09-09 07:48 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-09 07:48 . 2012-09-09 07:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-09 07:48 . 2012-09-09 07:48 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-09 07:48 . 2012-09-09 07:48 448512 ----a-w- c:\windows\system32\html.iec
2012-09-09 07:48 . 2012-09-09 07:48 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-09 07:48 . 2012-09-09 07:48 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-09 07:48 . 2012-09-09 07:48 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-09 07:48 . 2012-09-09 07:48 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-09 07:48 . 2012-09-09 07:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-09 07:48 . 2012-09-09 07:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-09 07:48 . 2012-09-09 07:48 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-09 07:48 . 2012-09-09 07:48 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-09 07:48 . 2012-09-09 07:48 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-09 07:48 . 2012-09-09 07:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-09 07:48 . 2012-09-09 07:48 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-09 07:48 . 2012-09-09 07:48 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-09 07:48 . 2012-09-09 07:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-09 07:48 . 2012-09-09 07:48 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-09 07:48 . 2012-09-09 07:48 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-09 07:48 . 2012-09-09 07:48 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-09 07:48 . 2012-09-09 07:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-09 07:48 . 2012-09-09 07:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-09 07:48 . 2012-09-09 07:48 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-09 07:48 . 2012-09-09 07:48 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-09 07:48 . 2012-09-09 07:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-09 07:48 . 2012-09-09 07:48 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-09 07:48 . 2012-09-09 07:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-09 07:48 . 2012-09-09 07:48 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-09 07:48 . 2012-09-09 07:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-09 07:48 . 2012-09-09 07:48 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-09 07:48 . 2012-09-09 07:48 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-09 07:48 . 2012-09-09 07:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-09 07:46 . 2012-09-09 07:46 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-22 18:12 . 2012-09-11 19:55 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 19:55 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 19:54 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 19:54 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 12:01 . 2012-09-15 08:47 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2012-09-08 19:34 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2012-09-08 19:34 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 09:13 . 2012-09-08 20:09 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-09-08 20:09 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-09-08 20:09 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-09-08 20:09 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-09-08 20:09 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-09-08 20:09 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-09-08 20:08 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-08 20:08 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-09-08 20:09 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-20 17:38 . 2012-10-09 22:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-11 19:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 19:55 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-28 02:09 . 2012-07-28 02:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-28 01:54 . 2012-07-28 01:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-28 01:15 . 2012-09-09 07:47 57280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-26 18:08 . 2012-07-26 18:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 18:08 . 2012-07-26 18:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 18:08 . 2012-07-26 18:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 18:08 . 2012-07-26 18:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 18:08 . 2012-07-26 18:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 14:22 . 2012-07-26 14:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 14:22 . 2012-07-26 14:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 14:22 . 2012-07-26 14:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 14:22 . 2012-07-26 14:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-09 07:45 220608 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-09 07:45 220608 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-09 07:45 220608 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-9-20 69120]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-09 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-16 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-16 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-16 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-09-09 82816]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 00:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-09 07:45 244672 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-09 07:45 244672 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-09 07:45 244672 ----a-w- c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\
FF - ExtSQL: 2012-09-08 20:49; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2012-09-08 21:08; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-10-14 12:18; en-gb@flyingtophat.co.uk; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\en-gb@flyingtophat.co.uk
FF - ExtSQL: 2012-10-14 12:19; personas@christopher.beard; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\personas@christopher.beard.xpi
FF - ExtSQL: 2012-10-14 12:19; foxmarks@kei.com; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\foxmarks@kei.com
FF - ExtSQL: 2012-10-14 12:19; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2012-10-14 12:19; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5sxpupxq.default-1350213257116\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ISW - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3940473093-4060525308-1183659428-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3940473093-4060525308-1183659428-1000)
@Denied: (2) (LocalSystem)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3940473093-4060525308-1183659428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-19 15:57:15
ComboFix-quarantined-files.txt 2012-10-19 14:57
.
Pre-Run: 830,147,035,136 bytes free
Post-Run: 829,646,106,624 bytes free
.
- - End Of File - - 52E64C8307F7CCD5F235CBB76E91DBEE
|
Senior Member
|
19. October 2012 @ 11:22 |
Link to this message
|
Originally posted by aldan:
combofix runs fine on my win7 64bit.post what you have for a log.maybe it will tell us why it didnt complete.in the mean time have you looked at trend micro site for their bho remover.from what ive been able to gather,nothing new has happened with spybot in years.it was once a good tool but i question its usefulness today.even when i used it i got a lot of false positives.ive had the babylon tool bar show up on the kids computer and it wasnt that difficult to get rid of.
need to relook for trent micro this i did run hijack this and it found problems but not babylon
|
Senior Member
|
19. October 2012 @ 12:15 |
Link to this message
|
dont see any recognizable reference to babylon toolbar in combofix log.looks like it did quarantine a few things tho.i would run another hjt and post the log.another good tool from trend micro is called housecall.if it was me i would lose spybot entirely.all i have regularly on my machine is superantispyware,microsoft security essentials for antivirus,and malwarebytes.
|
Senior Member
|
19. October 2012 @ 15:51 |
Link to this message
|
think i will i like avast and spyware blaster need to dump spybot, malware bytes ans super antispyware work ok togeather
|
Senior Member
|
19. October 2012 @ 15:51 |
Link to this message
|
|
thanks for helping everyone its much appreciated
|
|
Advertisement
|
|
|
Senior Member
|
19. October 2012 @ 22:54 |
Link to this message
|
|
hope alls well.
|
|
