Goodjoe
2011-12-08, 03:59
I had been infected with the Babylon Toolbar software and was able to remove it following the guide at
http://forums.spybot.info/showthread.php?t=61869
It appears that Spybot has removed about a dozen registry keys relating to Babylon.
I have one problem left. If I click a new tab in Windows Internet Explorer, the text, about:tab, appears in the URL and then it connects to a Babylon Search page that looks much like the one from Google. How do I stop this and load my default URL?
I have attached dds.txt and attach.zip
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:16:57 on 2011-12-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.635 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
G:\Synergy\synergys.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
F:\PDF Create 5\pdfcreate5hook.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\VMWare\vmware-authd.exe
F:\SSC Service Utility\ssc_serv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\VMWare\vmware-tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
F:\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft IntelliPoint 4.1\Mouse\SETUP\MSH\Mouse\point32.exe
C:\Program Files\yDecode\yDecode.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
F:\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\FooBar\FooBar.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
L:\ECCO\Ecco32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.finance.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - f:\pdf create 5\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [yDecode] c:\program files\ydecode\yDecode.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AnyDVD] f:\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PxDotNetLoader] "g:\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Nuance OmniPage 17-reminder] "f:\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] f:\pdf create 5\pdfcreate5hook.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SSC Service Utility] f:\ssc service utility\ssc_serv.exe /s
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [vmware-tray] "f:\vmware\vmware-tray.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VirtualCloneDrive] "f:\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [POINTER] c:\program files\microsoft intellipoint 4.1\mouse\setup\msh\mouse\point32.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\docume~1\nichol~1\startm~1\programs\startup\erunta~1.lnk - f:\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\nichol~1\startm~1\programs\startup\foobar~1.lnk - f:\foobar\FooBar.exe
StartupFolder: c:\docume~1\nichol~1\startm~1\programs\startup\schedu~1.lnk - c:\program files\3b software\common\scheduler\wcomschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Append the content of the link to existing PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - f:\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\micros~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265477295154
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2CB4D77B-F301-4D2F-8184-FEB6902424DA} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\expressview\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\expressview\expressview.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - g:\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: JMRI - f:\jmri\CreatePrefs.bat
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-9-1 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-9-1 195416]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-11-25 902432]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-9-1 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-1 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-1 314456]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-11-25 2326920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-1 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-1 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-9-1 127192]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-9 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-20 47640]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R2 Synergy Server;Synergy Server;g:\synergy\synergys.exe [2006-4-2 733184]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-8-1 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-11-25 159168]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [2010-2-19 82432]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [2010-2-19 119808]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 SessionLauncher;SessionLauncher; [x]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2009-2-10 136568]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 EzClock;EzClock;c:\program files\aopen\ezclock\EzClock.sys [2003-2-18 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 OpenDrv;OpenDrv;c:\program files\aopen\silenttek\OpenDrv.SYS [2003-10-27 3072]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S4 DKHKPVP;DKHKPVP;c:\docume~1\nichol~1\locals~1\temp\dkhkpvp.exe --> c:\docume~1\nichol~1\locals~1\temp\DKHKPVP.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 OGXOSOKGVHT;OGXOSOKGVHT;c:\docume~1\nichol~1\locals~1\temp\ogxosokgvht.exe --> c:\docume~1\nichol~1\locals~1\temp\OGXOSOKGVHT.exe [?]
S4 ZFQANVY;ZFQANVY;c:\docume~1\nichol~1\locals~1\temp\zfqanvy.exe --> c:\docume~1\nichol~1\locals~1\temp\ZFQANVY.exe [?]
.
=============== Created Last 30 ================
.
2011-12-07 16:17:59 545 ----a-w- c:\windows\UC.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\RAR.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\PKZIP.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\LHA.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\ARJ.PIF
2011-12-07 16:17:59 -------- d-----w- c:\documents and settings\nicholas geti\application data\GHISLER
2011-12-04 23:13:13 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe
2011-12-04 04:38:56 -------- d-----w- c:\documents and settings\nicholas geti\application data\SumatraPDF
2011-12-04 04:38:49 -------- d-----w- c:\documents and settings\nicholas geti\local settings\application data\Babylon
2011-12-04 04:38:43 -------- d-----w- c:\documents and settings\nicholas geti\application data\Babylon
2011-12-04 04:38:43 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2011-12-04 04:38:41 -------- d-----w- c:\program files\PDFReader
2011-12-04 03:38:43 -------- d-----w- c:\documents and settings\nicholas geti\application data\Kalmbach
2011-11-11 03:34:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-11 03:34:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-11 03:34:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-10 16:04:11 -------- d-----w- c:\program files\common files\Crystal Decisions
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-13 23:45:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-11 17:37:50 103784 ----a-w- c:\documents and settings\nicholas geti\GoToAssistDownloadHelper.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 05:33:19 135168 ----a-w- c:\windows\system32\wwipstuff.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 20:18:43.43 ===============
http://forums.spybot.info/showthread.php?t=61869
It appears that Spybot has removed about a dozen registry keys relating to Babylon.
I have one problem left. If I click a new tab in Windows Internet Explorer, the text, about:tab, appears in the URL and then it connects to a Babylon Search page that looks much like the one from Google. How do I stop this and load my default URL?
I have attached dds.txt and attach.zip
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:16:57 on 2011-12-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.635 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
G:\Synergy\synergys.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
F:\PDF Create 5\pdfcreate5hook.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\VMWare\vmware-authd.exe
F:\SSC Service Utility\ssc_serv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
F:\VMWare\vmware-tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
F:\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft IntelliPoint 4.1\Mouse\SETUP\MSH\Mouse\point32.exe
C:\Program Files\yDecode\yDecode.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
F:\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\FooBar\FooBar.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
L:\ECCO\Ecco32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.finance.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - f:\pdf create 5\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [yDecode] c:\program files\ydecode\yDecode.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AnyDVD] f:\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PxDotNetLoader] "g:\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Nuance OmniPage 17-reminder] "f:\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] f:\pdf create 5\pdfcreate5hook.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SSC Service Utility] f:\ssc service utility\ssc_serv.exe /s
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [vmware-tray] "f:\vmware\vmware-tray.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VirtualCloneDrive] "f:\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [POINTER] c:\program files\microsoft intellipoint 4.1\mouse\setup\msh\mouse\point32.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\docume~1\nichol~1\startm~1\programs\startup\erunta~1.lnk - f:\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\nichol~1\startm~1\programs\startup\foobar~1.lnk - f:\foobar\FooBar.exe
StartupFolder: c:\docume~1\nichol~1\startm~1\programs\startup\schedu~1.lnk - c:\program files\3b software\common\scheduler\wcomschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Append the content of the link to existing PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - f:\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - f:\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\micros~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265477295154
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2CB4D77B-F301-4D2F-8184-FEB6902424DA} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\expressview\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\expressview\expressview.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - g:\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: JMRI - f:\jmri\CreatePrefs.bat
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-9-1 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-9-1 195416]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-11-25 902432]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-9-1 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-1 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-1 314456]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-11-25 2326920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-1 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-1 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-9-1 127192]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-9 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-20 47640]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R2 Synergy Server;Synergy Server;g:\synergy\synergys.exe [2006-4-2 733184]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-8-1 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-11-25 159168]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [2010-2-19 82432]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [2010-2-19 119808]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 SessionLauncher;SessionLauncher; [x]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2009-2-10 136568]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 EzClock;EzClock;c:\program files\aopen\ezclock\EzClock.sys [2003-2-18 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 OpenDrv;OpenDrv;c:\program files\aopen\silenttek\OpenDrv.SYS [2003-10-27 3072]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S4 DKHKPVP;DKHKPVP;c:\docume~1\nichol~1\locals~1\temp\dkhkpvp.exe --> c:\docume~1\nichol~1\locals~1\temp\DKHKPVP.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 OGXOSOKGVHT;OGXOSOKGVHT;c:\docume~1\nichol~1\locals~1\temp\ogxosokgvht.exe --> c:\docume~1\nichol~1\locals~1\temp\OGXOSOKGVHT.exe [?]
S4 ZFQANVY;ZFQANVY;c:\docume~1\nichol~1\locals~1\temp\zfqanvy.exe --> c:\docume~1\nichol~1\locals~1\temp\ZFQANVY.exe [?]
.
=============== Created Last 30 ================
.
2011-12-07 16:17:59 545 ----a-w- c:\windows\UC.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\RAR.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\PKZIP.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\LHA.PIF
2011-12-07 16:17:59 545 ----a-w- c:\windows\ARJ.PIF
2011-12-07 16:17:59 -------- d-----w- c:\documents and settings\nicholas geti\application data\GHISLER
2011-12-04 23:13:13 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe
2011-12-04 04:38:56 -------- d-----w- c:\documents and settings\nicholas geti\application data\SumatraPDF
2011-12-04 04:38:49 -------- d-----w- c:\documents and settings\nicholas geti\local settings\application data\Babylon
2011-12-04 04:38:43 -------- d-----w- c:\documents and settings\nicholas geti\application data\Babylon
2011-12-04 04:38:43 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2011-12-04 04:38:41 -------- d-----w- c:\program files\PDFReader
2011-12-04 03:38:43 -------- d-----w- c:\documents and settings\nicholas geti\application data\Kalmbach
2011-11-11 03:34:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-11 03:34:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-11 03:34:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-11 03:34:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-10 16:04:11 -------- d-----w- c:\program files\common files\Crystal Decisions
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-13 23:45:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-11 17:37:50 103784 ----a-w- c:\documents and settings\nicholas geti\GoToAssistDownloadHelper.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 05:33:19 135168 ----a-w- c:\windows\system32\wwipstuff.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 20:18:43.43 ===============