Reply to Fiery

[edkaeser]

[attachment=4018][attachment=4017]

Above are the 2 files you asked for. my username is edkaeser

 

[Fiery]

Hi,

We got lot's to clean up

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
SRV - [2012/11/08 00:30:32 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=2629&t=03
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109929&tt=090212_ctrl&babsrc=SP_ss&mntrId=b482a518000000000000001f3b0083cd
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: addon@defaulttab.com:1.4.2
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search Here"
FF - prefs.js..browser.startup.homepage: "http://www.mysearchresults.com/?c=2802&t=02"
[2012/02/15 21:46:42 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Ed\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [] File not found
O20 - HKU\S-1-5-21-188676668-2732592361-3028295703-1004 Winlogon: Shell - (C:\Documents and Settings\Ed\Application Data\skype.dat) - C:\Documents and Settings\Ed\Application Data\skype.dat ()
[2013/03/22 10:08:35 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\skype.ini
[2013/03/03 14:16:23 | 000,000,158 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2012/07/30 18:55:06 | 000,011,904 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.abs
[2012/02/15 21:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/02/15 21:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\Babylon
[2012/02/15 23:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\BabylonToolbar
[2013/01/08 17:56:08 | 000,021,674 | ---- | M] () (No name found) -- C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\addon@defaulttab.com.xpi
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.2_0\plugins/npDefaultTabSearch.dll
[2012/05/13 12:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\DefaultTab

:Files
C:\Program Files\BabylonToolbar
C:\Program Files\DefaultTab
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot. Post the log afterwards.

Next, Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[edkaeser]

Thanks Fiery,

I am back in my computer, have run the 2 programs directed and below are the reports from the scans/repairs:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ed [Admin rights]
Mode : Scan -- Date : 03/22/2013 17:23:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] agent.exe -- C:\WINDOWS\agent.exe [-] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : nvHotkey.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHW2160BJ FFS G2 +++++
--- User ---
[MBR] 60ebbf9bfb87f9d3c2e94fe1952f3b15
[BSP] 34f40102eb168d3abdcbeb9850d44794 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] 7757bf63228cb5e599e121b1d07e7da2
[BSP] 066e32c433bd1361c9f698d256c45907 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7750 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_S_03222013_02d1723.txt >>
RKreport[1]_S_03222013_02d1719.txt ; RKreport[2]_D_03222013_02d1722.txt ; RKreport[3]_S_03222013_02d1723.txt



NEXT REPORT:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ed [Admin rights]
Mode : Scan -- Date : 03/22/2013 17:19:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] agent.exe -- C:\WINDOWS\agent.exe [-] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : nvHotkey.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHW2160BJ FFS G2 +++++
--- User ---
[MBR] 60ebbf9bfb87f9d3c2e94fe1952f3b15
[BSP] 34f40102eb168d3abdcbeb9850d44794 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] 7757bf63228cb5e599e121b1d07e7da2
[BSP] 066e32c433bd1361c9f698d256c45907 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7750 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_03222013_02d1719.txt >>
RKreport[1]_S_03222013_02d1719.txt



THIRD REPORT:

# AdwCleaner v2.115 - Logfile created 03/22/2013 at 17:05:02
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ed - D97YZF1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ed\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : DefaultTabUpdate

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\searchplugins\search-here.xml
File Found : C:\Documents and Settings\Ed\Desktop\Free Dolphin Screensaver.lnk
File Found : C:\user.js
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Ed\Application Data\BabylonToolbar
Folder Found : C:\Documents and Settings\Ed\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
Folder Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\I Want This
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\PackageAware
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\I Want This

***** [Registry] *****

Key Found : HKCU\Software\alot
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Google\Chrome\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Key Found : HKCU\Software\I Want This
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Found : HKU\S-1-5-21-188676668-2732592361-3028295703-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

File : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "tt=090212_ctrl");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "b482a518000000000000001f3b0083cd");
Found : user_pref("extensions.BabylonToolbar_i.id", "b482a518000000000000001f3b0083cd");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15386");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109929&tt=090212_c[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:46:51");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1329360398);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 16);
Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1329360398");
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1329360398");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214353%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221085%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2219502%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1357685787649");
Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 7);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 4);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){function t(b,d){[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 16);
Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Found : user_pref("extensions.crossriderapp2258.2258.ver", 91);
Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Found : user_pref("extensions.crossriderapp2258.bic", "135df93eed66a15dfa389c1bb1f36640");
Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp2258.installationdate", 1330895909);
Found : user_pref("extensions.crossriderapp2258.jsver", 3);
Found : user_pref("extensions.crossriderapp2258.lastcheck", 22631839);
Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22631839);
Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340985153635");
Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340985153634");
Found : user_pref("extensions.crossriderapp2258.modetype", "production");
Found : user_pref("extensions.crossriderapp2258.updating", true);
Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Found : user_pref("extensions.enabledAddons", "crossriderapp2258@crossrider.com:0.85.90,"",{635abd67-4fe9-1b[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\prefs.js

Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21664 octets] - [22/03/2013 17:05:02]

########## EOF - C:\AdwCleaner[R1].txt - [21725 octets] ##########


Thanks again. Is there anything else I need to do???

Ed

 

[Fiery]

Yes, we still have some work to do

Upload a File to Virustotal
Please visit Virustotal

• Click the Choose File button
• Navigate to the file C:\WINDOWS\agent.exe
• Click the Open button
• Click the Scan It button
• Copy and paste the results back here please.

Download TDSSkiller from here

• Double-Click on TDSSKiller.exe to run the application
• When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
• After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
  
  
• click Start scan .
  
• If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
• If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt