I’m using windows 7 and don’t know how to backup the registry, since the directions for ERUNT don’t say anything about windows 7.

Spybot found Babylon toolbar – but I don’t think I have it and think it’s a false positive; however, want to be sure. I haven’t downloaded anything but security updates and library books to my kindle. I have few programs and don’t like extra stuff and know that Babylon is malware and wouldn’t download it.

I run windows 7 home premium, with FF with adblock plus, better privacy, cookie monster, FEBE, Flagfox, Ghostery, LinkExtend, Norton Vulnerability Protection, Noscripts, Redirect Remover, and WOT.

I have Comodo Firewall with + Defense+ disabled as was told it would interfere with Norton Anti-virus that I have. I also have spybot, Malwarebytes, SypwareBlaster, PeerBlock, Winpatrol, Sandboxie, RevoUninstaller, CCleaner, and TFC. I update daily and run full scans daily with Norton, Spybot, and Malewarebytes. I have open DNS on my router.

I scan online every week or two with ESET, BitDefender Online Scanner, F-Secure Online Scanner, Kaspersky Online Scanner, Panda ActiveScan, or Norman Malware Cleaner. I test with ShieldsUp! Whenever a change to router or firewall. I also check with the online scanner at Secunia regularly.

I don’t have a hosting program and MVPS made my computer run too slow to use and with Hostsman I couldn’t connect the internet.

Change my passwords, etc. I clean temp files and defrag several times a week, sometimes daily.

Anyway just want to be sure that I don’t have Babylon (there is no Babylon tool bar on my browsers and haven’t downloaded anything that should have it).

I've attached screen shot.

Babylon.Toolbar: [SBI $0DBCD782] Data (File, nothing done)
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Properties.size=2360
Properties.md5=E6BE9A902506350BFB83F7E3134A5B00
Properties.filedate=1344710445
Properties.filedatetext=2012-08-11 10:40:44


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-10-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-11-20 Includes\Adware.sbi (*)
2012-12-04 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2012-12-04 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-12-05 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-12-05 Includes\TrojansC-03.sbi (*)
2012-11-29 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-12-03 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by 93 at 8:10:23 on 2012-12-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6304 [GMT -8:00]
.
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\93\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\93\AppData\Local\Temp\_uninst_63804310.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{05CB42DF-789B-4A69-B73F-6F198706A277} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D4FC7483-FD60-46A0-BFF8-3316B4C43C91} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs= c:\windows\syswow64\guard32.dll C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\debl2a9d.default-1344712026600\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-12 15:59; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-10-12 15:59; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 63804310;63804310;C:\Windows\System32\drivers\63804310.sys [2012-6-30 460888]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309000.009\symds64.sys [2012-10-1 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309000.009\symefa64.sys [2012-10-1 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 38144]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20121205.001\IDSviA64.sys [2012-12-6 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309000.009\ironx64.sys [2012-10-1 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1309000.009\symnets.sys [2012-10-1 405624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-16 203264]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-18 13336]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-8 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2012-5-16 1705600]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-5-16 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-16 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-5-16 321064]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-18 48488]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-5-16 158976]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-9-3 25584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-30 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-18 1255736]
.
=============== Created Last 30 ================
.
2012-12-02 03:08:09 -------- d-----w- C:\Program Files\iPod
2012-12-02 03:08:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-02 03:08:08 -------- d-----w- C:\Program Files\iTunes
2012-12-02 03:08:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-11-21 05:01:14 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox.bak
2012-11-15 04:02:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 04:02:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 04:02:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 04:02:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 03:57:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 03:57:48 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 03:57:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 03:57:48 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 03:57:47 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 03:57:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 03:57:47 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 03:43:04 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-15 03:43:04 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-15 03:43:04 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-15 03:43:04 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-15 03:43:04 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-15 03:43:04 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-15 03:43:04 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-15 03:43:04 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-15 03:43:04 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-15 03:43:04 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-15 03:43:04 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-15 03:43:04 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-15 03:42:15 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-15 03:42:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-15 03:42:13 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-15 03:42:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-15 03:42:13 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-15 03:41:55 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 03:41:55 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-11 17:47:07 -------- d-----w- C:\Users\93\AppData\Roaming\OverDrive
2012-11-10 23:36:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-10 23:36:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-10 23:36:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-10 23:36:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-10 23:36:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-10 23:36:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-10 23:36:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-11-07 23:38:00 38144 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-11-07 23:37:59 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-11-07 23:37:57 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-11-07 23:37:36 41240 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-11-07 23:37:34 301264 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-11-07 23:37:31 390392 ----a-w- C:\Windows\System32\guard64.dll
2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-23 01:43:41 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-23 01:43:41 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-23 01:43:41 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-23 01:41:46 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-23 01:41:45 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-22 18:38:01 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-22 18:30:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-22 18:30:16 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 8:10:59.69 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-07 08:12:17
-----------------------------
08:12:17.082 OS Version: Windows x64 6.1.7601 Service Pack 1
08:12:17.082 Number of processors: 4 586 0x1E05
08:12:17.082 ComputerName: 93-PC UserName: 93
08:12:25.491 Initialize success
08:20:23.192 AVAST engine defs: 12120700
08:33:44.066 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
08:33:44.066 Disk 0 Vendor: ST310005 CC49 Size: 953869MB BusType: 8
08:33:44.082 Disk 0 MBR read successfully
08:33:44.082 Disk 0 MBR scan
08:33:44.097 Disk 0 Windows VISTA default MBR code
08:33:44.097 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
08:33:44.097 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12168 MB offset 81920
08:33:44.128 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941660 MB offset 25001984
08:33:44.160 Disk 0 scanning C:\Windows\system32\drivers
08:33:52.630 Service scanning
08:34:07.388 Modules scanning
08:34:07.388 Disk 0 trace - called modules:
08:34:07.435 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:34:07.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e0c060]
08:34:07.950 3 CLASSPNP.SYS[fffff8800220143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b0e050]
08:34:15.516 AVAST engine scan C:\Windows
08:34:18.776 AVAST engine scan C:\Windows\system32
08:37:01.516 Disk 0 MBR has been saved successfully to "C:\Users\93\Desktop\MBR.dat"
08:37:01.516 The log file has been saved successfully to "C:\Users\93\Desktop\aswMBR.txt"
08:37:02.436 AVAST engine scan C:\Windows\system32\drivers
08:37:19.409 AVAST engine scan C:\Users\93
08:37:45.898 AVAST engine scan C:\ProgramData
08:39:10.426 Scan finished successfully
08:44:31.486 Disk 0 MBR has been saved successfully to "C:\Users\93\Desktop\MBR.dat"
08:44:31.486 The log file has been saved successfully to "C:\Users\93\Desktop\aswMBR.txt"

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click on the program and select RUN AS ADMINISTATOR





Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop


Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg








Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

I backed up my documents and have a windows 7 disc and programs discs.



# AdwCleaner v2.011 - Logfile created 12/09/2012 at 00:16:43
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : 93 - 93-PC
# Boot Mode : Normal
# Running from : C:\Users\93\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\n8xtzvib.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\n8xtzvib.default\browsermngr_prefs.js
File Deleted : C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\n8xtzvib.default\searchplugins\BabylonMngr.xml
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\debl2a9d.default-1344712026600\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\n8xtzvib.default\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114066&tt=090812_ppc_3212_6&babsrc[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.ghostery.uiLog", "{\"type\":\"sub_object_block\",\"ref\":\"www.youtube.com/wat[...]
Deleted : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\[...]

Profile name : default-1344712026600 [Profil par défaut]
File : C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\debl2a9d.default-1344712026600\prefs.js

Deleted : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\[...]

Profile name : default
File : C:\Users\4\AppData\Roaming\Mozilla\Firefox\Profiles\3d6ylvue.default\prefs.js

Deleted : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\[...]

*************************

AdwCleaner[S1].txt - [2679 octets] - [09/12/2012 00:16:43]

########## EOF - C:\AdwCleaner[S1].txt - [2739 octets] ##########

How do I uninstall AdwCleaner?


as per my post I run full scans on malwarebytes daily and it's not found anything; however, ran the quickscan. It still found nothing.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
93 :: 93-PC [administrator]

09-Dec-12 12:21:22 AM
mbam-log-2012-12-09 (00-21-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226041
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Good Morning,

You can just drag C:\Users\93\Downloads\AdwCleaner.exe to the trash, it just ran, it wasn't installed

Babylon gone ?

Yes - thank you very much.

However, when I ran TFC I got a windows error message - see screen shot.

Well, Babylon is gone, not sure why your getting an error with TFC.

You can try this other cleaner. In lew of Select All, just do one modual at time until there all done. If you have sites you access and cant remember the passwords or do not have them written down than bypass Cookies

Please download ATF Cleaner (http://majorgeeks.com/ATF_Cleaner_d4949.html) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility. If you want to keep your log on info, just click on Select All and then uncheck cookies

http://i24.photobucket.com/albums/c30/ken545/Atribune.jpg
Thank You Atribune

Thank you for the suggestions on cleaners.

BTW, any idea how I got Babylon without getting the toolbar or downloading (or anything but updates to security and library books)?

Any ideas to beef up my security (other than hosting files I've had problems with)?

Thank you very much.

Hi,

Found these on Google


Note that a number of legitimate product developers are partnering with download sites that include add-ons like Babylon if you're not careful to uncheck the boxes that install it by default.


Unfortunately, software developers are giving up their ethics in order to make a buck or two on downloads of their products, by allowing download sites to install cr&p like the babylon toolbar (which is adware).



Irfanview itself is not malware, but when Irfanview began optionally
installing the Google Toolbar with it's executable installations, many of us
raised eyebrows. I am very leery of corporate toolbars, such as the Google
Toolbar.

Upon installing Irfanview, you can opt to not install the Google Toolbar, or
you can download a zip file to manually install Irfanview which won't
include the Google Toolbar installation



A good example is when you update things like Java, Adobe, Flash Player and a few others ( you wont find this in windows updates ) you need to really stop and read through the prompts before you click next, one of these programs if your not paying attention installs the ASK Toolbar, many more examples. Before you download that program or app, you may want to Google it and see if its ok.





How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Thank you. But I never check any tool bars and haven't downloaded anything - just updating Spybot, Malewarebytes, Spywareblaster, windows, etc. - so nothing to check.

I appreciate your help.

Thank you.

What your updating wont cause a problem, but like I said, whatever you download and install, even programs from a computer store shrinkwrapped in a box, read the EULA (End User Licence Agreement ) prior to the install.

Take care my friend,

Ken :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.