Virus

Tech Wizard · Apr 2, 2014

I have noticed this virus that keeps popping up from time to time, something about babylon. I ran the programs mentioned in the post and here are the logs.

# AdwCleaner v3.023 - Report created 02/04/2014 at 17:53:35
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : JORDAN SPITERI - JORDANSPITER-PC
# Running from : C:\Users\JORDAN SPITERI\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\JORDAN SPITERI\AppData\LocalLow\Delta
Folder Deleted : C:\Users\JORDAN SPITERI\AppData\Roaming\Babylon
File Deleted : C:\Windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB9F92CC-E818-4081-A712-F03A63A7A4BE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB9F92CC-E818-4081-A712-F03A63A7A4BE}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\5848fd1b63aeb49
Key Deleted : HKLM\SOFTWARE\5848fd1b63aeb49
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16982

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\JORDAN SPITERI\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [2114 octets] - [02/04/2014 17:50:41]
AdwCleaner[S0].txt - [2117 octets] - [02/04/2014 17:53:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2177 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by JORDAN SPITERI on Wed 02/04/2014 at 18:13:42.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-479719188-3673928009-977237635-1003\Software\sweetim

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/04/2014 at 18:20:45.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.02.03

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
JORDAN SPITERI :: JORDANSPITER-PC [administrator]

2/04/2014 6:25:21 PM
mbam-log-2014-04-02 (18-25-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212480
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

voyagerfan99 · Apr 2, 2014

You forgot to post an OTL log.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

johnb35 · Apr 2, 2014

Would also need to know what web browser you use as it shows you have an outdated version of Internet Explorer. It shows version 7 when version 9 is the latest. Not safe at all to be using either version actually. Firefox, Pale Moon or Chrome would be better alternatives.

Tech Wizard · Apr 2, 2014

johnb35 said:
Would also need to know what web browser you use as it shows you have an outdated version of Internet Explorer. It shows version 7 when version 9 is the latest. Not safe at all to be using either version actually. Firefox, Pale Moon or Chrome would be better alternatives.

I do use chrome

Tech Wizard · Apr 2, 2014

Here's the OTL log:

OTL logfile created on: 3/04/2014 7:36:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JORDAN SPITERI\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1013.81 Mb Total Physical Memory | 279.49 Mb Available Physical Memory | 27.57% Memory free
2.24 Gb Paging File | 0.78 Gb Available in Paging File | 34.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.65 Gb Total Space | 137.49 Gb Free Space | 77.83% Space Free | Partition Type: NTFS

Computer Name: JORDAN-PC | User Name: JORDAN SPITERI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\JORDAN SPITERI\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\JORDAN SPITERI\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\RacAgent.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Users\JORDAN SPITERI\AppData\Local\Temp\~WSE782.tmp ()
MOD - C:\Users\JORDAN SPITERI\AppData\Local\Temp\~WSE475.tmp ()
MOD - C:\Users\JORDAN SPITERI\AppData\Local\Temp\~WSDEAA.tmp ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()

========== Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GSService) -- C:\Windows\System32\GSService.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (ICScsiSV) -- C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 3\IcVzMon.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (MP4ConverterAudio) -- C:\Windows\System32\drivers\MP4ConverterAudio.sys (Windows (R) Win 7 DDK provider)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EF1C2798-173B-4CF5-BB35-C102DCFACB00}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {EF1C2798-173B-4CF5-BB35-C102DCFACB00}
IE - HKCU\..\SearchScopes\{EF1C2798-173B-4CF5-BB35-C102DCFACB00}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYN_en-GBAU523
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2013/02/27 16:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google

mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\JORDAN SPITERI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\JORDAN SPITERI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JORDAN SPITERI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\JORDAN SPITERI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\JORDAN SPITERI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\JORDAN SPITERI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\JORDAN SPITERI\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\JORDAN SPITERI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FD479AD-2604-4FCD-8FC9-9A2A2E2E02BA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA0EFCBD-4B7C-4132-9FC7-D8291626A432}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/02 21:42:06 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\AppData\Local\Apple Computer
[2014/04/02 21:42:01 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\AppData\Roaming\Apple Computer
[2014/04/02 21:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/02 21:40:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2014/04/02 21:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/02 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/02 21:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/04/02 21:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/04/02 21:36:30 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\AppData\Local\Apple
[2014/04/02 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2014/04/02 21:34:21 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/04/02 21:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/04/02 21:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/04/02 21:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/04/02 18:13:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/02 17:50:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/24 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\AppData\Local\Seven Zip
[2014/03/24 17:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2014/03/24 16:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2014/03/23 20:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/03/23 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\AppData\Roaming\Oracle
[2014/03/23 20:12:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/03/23 20:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/23 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\AppData\Roaming\Malwarebytes
[2014/03/23 18:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/23 18:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/23 18:45:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/23 18:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/23 18:20:10 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\AppData\Local\MP4-Converter
[2014/03/23 18:17:07 | 000,023,576 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\MP4ConverterAudio.sys
[2014/03/23 17:48:09 | 000,000,000 | ---D | C] -- C:\Users\JORDAN SPITERI\Documents\Project X (All Songs)
[2013/02/16 10:57:23 | 001,051,984 | ---- | C] (BitTorrent Inc.) -- C:\Program Files\uTorrent.exe

========== Files - Modified Within 30 Days ==========

[2020/11/10 11:28:21 | 000,007,052 | ---- | M] () -- C:\Users\JORDAN SPITERI\Documents\cc_20201110_102814.reg
[2014/04/03 07:29:55 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/03 07:29:52 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/03 07:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/02 21:41:10 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/02 21:11:15 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/02 21:11:14 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/02 21:09:17 | 000,007,896 | ---- | M] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140402_210858.reg
[2014/04/02 21:07:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/02 21:03:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/02 21:02:53 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/02 21:01:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/03/30 19:07:38 | 000,071,198 | ---- | M] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140330_190724.reg
[2014/03/24 17:33:38 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/03/23 20:32:42 | 000,000,844 | ---- | M] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140323_203238.reg
[2014/03/23 18:45:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/23 18:40:36 | 000,007,862 | ---- | M] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140323_184032.reg
[2014/03/23 18:24:42 | 000,050,688 | ---- | M] () -- C:\Users\JORDAN SPITERI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/23 17:39:18 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/19 17:37:35 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/03/19 14:21:45 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2020/11/10 11:28:18 | 000,007,052 | ---- | C] () -- C:\Users\JORDAN SPITERI\Documents\cc_20201110_102814.reg
[2014/04/02 21:41:10 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/02 21:36:14 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/04/02 21:09:14 | 000,007,896 | ---- | C] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140402_210858.reg
[2014/03/30 19:07:33 | 000,071,198 | ---- | C] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140330_190724.reg
[2014/03/24 17:33:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/03/23 20:32:41 | 000,000,844 | ---- | C] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140323_203238.reg
[2014/03/23 18:45:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/23 18:40:34 | 000,007,862 | ---- | C] () -- C:\Users\JORDAN SPITERI\Documents\cc_20140323_184032.reg
[2014/03/23 18:16:48 | 000,443,080 | ---- | C] () -- C:\Windows\System32\GSService.exe
[2014/03/19 17:37:35 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/03/19 17:37:32 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/09 13:40:45 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/02/27 18:58:09 | 050,533,476 | ---- | C] () -- C:\Program Files\15415241k0t0rcollec.part3.rar.part
[2013/02/27 18:58:07 | 037,952,016 | ---- | C] () -- C:\Program Files\15415241k0t0rcollec.part4.rar.part
[2013/02/27 18:37:13 | 532,081,664 | ---- | C] () -- C:\Program Files\15415241k0t0rcollec.part2.rar.part
[2013/02/27 18:37:13 | 530,787,036 | ---- | C] () -- C:\Program Files\15415241k0t0rcollec.part1.rar.part
[2013/02/11 17:08:52 | 000,050,688 | ---- | C] () -- C:\Users\JORDAN SPITERI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/06 20:44:53 | 000,000,680 | ---- | C] () -- C:\Users\JORDAN SPITERI\AppData\Local\d3d9caps.dat
[2013/02/06 20:23:13 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2013/02/06 19:44:45 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2013/02/06 19:42:04 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/06 23:38:48 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/02/06 23:31:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 02:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/15 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\JORDAN SPITERI\AppData\Roaming\AVG2013
[2014/03/23 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\JORDAN SPITERI\AppData\Roaming\Oracle
[2014/03/24 16:55:31 | 000,000,000 | ---D | M] -- C:\Users\JORDAN SPITERI\AppData\Roaming\SystemRequirementsLab
[2013/02/15 18:12:59 | 000,000,000 | ---D | M] -- C:\Users\JORDAN SPITERI\AppData\Roaming\TuneUp Software
[2014/04/03 07:49:45 | 000,000,000 | ---D | M] -- C:\Users\JORDAN SPITERI\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

johnb35 · Apr 2, 2014

I don't see any leftovers of babylon anymore. I would suggest running a temp file cleaner such as Ccleaner or ATF cleaner.

Tech Wizard · Apr 3, 2014

Thanks for your help.

Virus

Tech Wizard

Member

voyagerfan99

Master of Turning Things Off and Back On Again

johnb35

Administrator

Tech Wizard

Member

Tech Wizard

Member

johnb35

Administrator

Tech Wizard

Member