Babylon Search Engine Problem

[Brids17]

So I accidentally downloaded a toolbar called "Babylon Search Engine" and it's been changing my home page, opening itself in new tabs and causing java applications in my browser to not function properly. I was told to do the full scan and post all the logs, so here they are.

ComboFix 11-11-07.03 - Steven 07/11/2011 16:39:02.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3582.2598 [GMT -4:00]
Running from: c:\users\Steven\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 20:44 . 2011-11-07 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-07 20:23 . 2011-11-07 20:23 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F8212C-989C-40B3-BAF4-9B6E14BB28E8}\offreg.dll
2011-11-07 01:33 . 2011-11-07 01:33 -------- d-----w- c:\program files\Common Files\Java
2011-11-07 01:32 . 2011-11-07 01:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-07 01:32 . 2011-11-07 01:32 -------- d-----w- c:\program files\Java
2011-11-06 23:35 . 2011-11-06 23:36 -------- d-----w- c:\programdata\WinZip
2011-11-06 23:35 . 2011-11-06 23:37 -------- d-----w- c:\program files\Google
2011-11-06 23:28 . 2011-11-06 23:28 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-11-06 23:28 . 2007-08-21 17:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2011-11-04 18:59 . 2011-10-18 09:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F8212C-989C-40B3-BAF4-9B6E14BB28E8}\mpengine.dll
2011-10-27 06:01 . 2011-10-27 06:01 -------- d-----w- c:\program files\Microsoft.NET
2011-10-26 20:30 . 2007-03-15 19:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-10-26 20:30 . 2007-03-12 19:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-10-26 20:30 . 2007-03-12 19:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2011-10-26 06:00 . 2011-10-26 06:00 -------- d-----w- c:\windows\system32\Wat
2011-10-26 02:48 . 2011-08-15 04:25 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 09:30 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-10-25 09:28 . 2009-11-25 15:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-25 09:28 . 2009-11-25 15:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-25 09:28 . 2009-11-25 15:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-25 09:28 . 2009-11-25 15:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-25 09:28 . 2009-11-25 15:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-25 09:19 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-25 09:18 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-25 06:56 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-25 06:56 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2011-10-25 06:56 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2011-10-25 06:56 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2011-10-25 06:54 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-25 06:54 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-10-25 06:54 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-10-25 06:54 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-10-25 06:54 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-25 06:51 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-10-25 06:51 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-25 06:51 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-25 06:51 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-25 06:51 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-25 06:51 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-25 06:51 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-25 06:50 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-10-25 06:50 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 06:50 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 06:50 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-25 06:50 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-25 06:50 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-10-25 06:50 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-25 06:49 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-10-25 06:49 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-10-25 06:48 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-10-25 06:48 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-10-25 06:48 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-10-25 06:48 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2011-10-25 06:46 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-10-25 06:45 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-25 06:45 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-25 06:45 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-25 06:45 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2011-10-25 06:45 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-10-25 06:41 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-25 06:41 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-25 06:41 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-10-25 06:40 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-25 06:40 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-25 06:40 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-10-25 06:40 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-10-25 06:40 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-10-25 06:40 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-10-25 06:40 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-10-25 06:40 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-10-25 06:40 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-10-25 06:40 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-10-25 06:40 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-10-25 06:37 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-10-25 06:37 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-10-25 06:37 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-10-25 06:37 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-10-25 06:37 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-10-25 06:37 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-10-25 06:35 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-10-25 06:34 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-10-25 06:34 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-10-25 06:34 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-10-25 06:32 . 2011-10-24 22:02 -------- d-----w- c:\windows\Panther
2011-10-25 06:25 . 2011-10-25 06:25 -------- d-----w- C:\Windows.old
2011-10-25 01:53 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-24 22:50 . 2011-10-24 22:50 -------- d-----w- c:\programdata\ATI
2011-10-24 22:49 . 2011-10-24 22:49 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-10-24 22:48 . 2011-10-24 22:50 -------- d-----w- c:\program files\ATI Technologies
2011-10-24 22:48 . 2011-10-24 22:48 -------- d-----w- c:\program files\ATI
2011-10-24 22:27 . 2011-11-05 00:54 -------- d-----w- c:\program files\Common Files\Steam
2011-10-24 22:27 . 2011-11-07 20:21 -------- d-----w- c:\program files\Steam
2011-10-24 22:25 . 2011-10-24 22:25 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-24 22:21 . 2011-10-24 22:21 -------- d-----w- c:\program files\Ask.com
2011-10-24 22:20 . 2011-10-24 22:21 -------- d-----w- c:\programdata\Avira
2011-10-24 22:20 . 2011-10-24 22:20 -------- d-----w- c:\program files\Avira
2011-10-24 22:20 . 2011-09-18 11:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-24 22:20 . 2011-09-16 02:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-24 22:20 . 2011-09-16 02:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-24 22:20 . 2011-11-07 01:33 -------- d-sh--w- c:\windows\Installer
2011-10-24 22:19 . 2011-10-24 22:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 22:13 . 2011-10-24 22:13 -------- d-----w- c:\windows\system32\Macromed
2011-10-24 22:08 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-10-24 22:07 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-10-24 22:07 . 2011-11-07 20:27 -------- d-----w- c:\windows\system32\wbem\Performance
2011-10-24 22:03 . 2011-11-06 23:35 -------- d-----w- c:\users\Steven
2011-10-17 05:19 . 2011-10-17 05:19 -------- d-----w- C:\AMD
2011-10-17 04:47 . 2011-10-17 04:47 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 06:53 . 2011-11-07 00:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-28 01:41 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-22 23:53 787744 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-28 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-28 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-10-24 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-28 397992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 23:35]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 23:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=52953096000000000000f46d0496e698
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\kf8oeqmk.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=52953096000000000000f46d0496e698&tlver=1.4.35.10&affID=100474
FF - user.js: extentions.y2layers.installId - 0331dab2-c11b-41ce-9594-c23bb5b60e7c
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-07 16:45:39
ComboFix-quarantined-files.txt 2011-11-07 20:45
.
Pre-Run: 931,504,525,312 bytes free
Post-Run: 931,530,878,976 bytes free
.
- - End Of File - - C72D49AA5E0F6675D6F1405B11314681







Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8109

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07/11/2011 4:51:39 PM
mbam-log-2011-11-07 (16-51-39).txt

Scan type: Quick scan
Objects scanned: 151726
Time elapsed: 1 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:53:28 PM, on 07/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Steven\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3867 bytes

 

[KSoD]

You need to remove the Ask Toolbar. This can be hijack for malicious purposes. I would recommend removing all Toolbars as they are a prime source for such things.

 

[Brids17]

Can you explain how to do that? I've never used any of these programs before.

 

[KSoD]

Control Panel>Programs

Select Program you want to remove, click Uninstall.

 

[Brids17]

I don't have any toolbar related thing in there. I've done everything I could think of to remove the toolbar, including deleting it from my program files. I've uninstalled everything Babylon related before I did this as well disabled and removed it in my add-ons in my browser. Everything I've read about this toolbar suggests it's very difficult to remove and none of their suggestions have worked for me.

 

[KSoD]

Try using Revo Uninstaller.

 

[Brids17]

No change, still shows all the same programs windows would show...*sigh* this is getting annoying. I don't understand why nothing everyone suggests will work.

 

[KSoD]

Could just be that you got a real nasty infection. Maybe you should learn more about prevention than removal. Would save you this massive headache of trying to find ways to get rid of it instead of never getting it in the first place.

Try using Spybot or Super Antispyware. Or just leave the toolbars deactivated within IE and let them stay. As long as they are not active they cant do any harm.