Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.21.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 doug :: DOUGNETBOOK [administrator] 21-sep-13 12:13:44 mbam-log-2013-09-21 (12-13-44).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 367206 Time elapsed: 2 hour(s), 6 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E5A4F553-8105-1978-AFB9-CB391D0E05C1} (PUP.Optional.Tarma.A) -> No action taken. HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> No action taken. HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> No action taken. HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken. Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?affID=119292&babsrc=HP_ss&mntrId=3E58904CE51562B5) Good: (http://www.google.com) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully. Folders Detected: 1 C:\Users\doug\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. Files Detected: 4 C:\Program Files\GoforFiles\uninstall.exe (PUP.Optional.GoForFiles.A) -> No action taken. C:\ProgramData\InstallMate\{2A64806C-C067-470A-A5E1-8845F187A29A}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\InstallMate\{2A64806C-C067-470A-A5E1-8845F187A29A}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken. C:\Users\doug\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. (end)