Reply to Fiery

E

edkaeser

New Member
Thread author
Mar 6, 2013
3
[attachment=4018][attachment=4017]

Above are the 2 files you asked for. my username is edkaeser
 

Attachments

  • OTL.Txt
    110.5 KB · Views: 93
  • Extras.Txt
    57.2 KB · Views: 91
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

We got lot's to clean up :)

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
SRV - [2012/11/08 00:30:32 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=2629&t=03
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109929&tt=090212_ctrl&babsrc=SP_ss&mntrId=b482a518000000000000001f3b0083cd
IE - HKU\S-1-5-21-188676668-2732592361-3028295703-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: addon@defaulttab.com:1.4.2
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search Here"
FF - prefs.js..browser.startup.homepage: "http://www.mysearchresults.com/?c=2802&t=02"
[2012/02/15 21:46:42 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Ed\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [] File not found
O20 - HKU\S-1-5-21-188676668-2732592361-3028295703-1004 Winlogon: Shell - (C:\Documents and Settings\Ed\Application Data\skype.dat) - C:\Documents and Settings\Ed\Application Data\skype.dat ()
[2013/03/22 10:08:35 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\skype.ini
[2013/03/03 14:16:23 | 000,000,158 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2012/07/30 18:55:06 | 000,011,904 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.abs
[2012/02/15 21:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/02/15 21:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\Babylon
[2012/02/15 23:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\BabylonToolbar
[2013/01/08 17:56:08 | 000,021,674 | ---- | M] () (No name found) -- C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\addon@defaulttab.com.xpi
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.2_0\plugins/npDefaultTabSearch.dll
[2012/05/13 12:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\DefaultTab

:Files
C:\Program Files\BabylonToolbar
C:\Program Files\DefaultTab
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]
Click to expand...

Then click Run Fix. Let your PC reboot. Post the log afterwards.

Next, Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 
E

edkaeser

New Member
Thread author
Mar 6, 2013
3
Thanks Fiery,

I am back in my computer, have run the 2 programs directed and below are the reports from the scans/repairs:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ed [Admin rights]
Mode : Scan -- Date : 03/22/2013 17:23:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] agent.exe -- C:\WINDOWS\agent.exe [-] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : nvHotkey.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHW2160BJ FFS G2 +++++
--- User ---
[MBR] 60ebbf9bfb87f9d3c2e94fe1952f3b15
[BSP] 34f40102eb168d3abdcbeb9850d44794 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] 7757bf63228cb5e599e121b1d07e7da2
[BSP] 066e32c433bd1361c9f698d256c45907 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7750 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_S_03222013_02d1723.txt >>
RKreport[1]_S_03222013_02d1719.txt ; RKreport[2]_D_03222013_02d1722.txt ; RKreport[3]_S_03222013_02d1723.txt



NEXT REPORT:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ed [Admin rights]
Mode : Scan -- Date : 03/22/2013 17:19:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] agent.exe -- C:\WINDOWS\agent.exe [-] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : nvHotkey.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHW2160BJ FFS G2 +++++
--- User ---
[MBR] 60ebbf9bfb87f9d3c2e94fe1952f3b15
[BSP] 34f40102eb168d3abdcbeb9850d44794 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] 7757bf63228cb5e599e121b1d07e7da2
[BSP] 066e32c433bd1361c9f698d256c45907 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7750 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_03222013_02d1719.txt >>
RKreport[1]_S_03222013_02d1719.txt



THIRD REPORT:

# AdwCleaner v2.115 - Logfile created 03/22/2013 at 17:05:02
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ed - D97YZF1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ed\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : DefaultTabUpdate

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\searchplugins\search-here.xml
File Found : C:\Documents and Settings\Ed\Desktop\Free Dolphin Screensaver.lnk
File Found : C:\user.js
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Ed\Application Data\BabylonToolbar
Folder Found : C:\Documents and Settings\Ed\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
Folder Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\I Want This
Folder Found : C:\Documents and Settings\Ed\Local Settings\Application Data\PackageAware
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\I Want This

***** [Registry] *****

Key Found : HKCU\Software\alot
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Google\Chrome\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Key Found : HKCU\Software\I Want This
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lfnpbbobbnhhgacaclhhmjckkcaongkp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Found : HKU\S-1-5-21-188676668-2732592361-3028295703-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

File : C:\Documents and Settings\Ed\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "tt=090212_ctrl");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "b482a518000000000000001f3b0083cd");
Found : user_pref("extensions.BabylonToolbar_i.id", "b482a518000000000000001f3b0083cd");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15386");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109929&tt=090212_c[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:46:51");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1329360398);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 16);
Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1329360398");
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1329360398");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214353%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221085%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2219502%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1357685787649");
Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 7);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 4);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){function t(b,d){[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 16);
Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Found : user_pref("extensions.crossriderapp2258.2258.ver", 91);
Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Found : user_pref("extensions.crossriderapp2258.bic", "135df93eed66a15dfa389c1bb1f36640");
Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp2258.installationdate", 1330895909);
Found : user_pref("extensions.crossriderapp2258.jsver", 3);
Found : user_pref("extensions.crossriderapp2258.lastcheck", 22631839);
Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22631839);
Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340985153635");
Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340985153634");
Found : user_pref("extensions.crossriderapp2258.modetype", "production");
Found : user_pref("extensions.crossriderapp2258.updating", true);
Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Found : user_pref("extensions.enabledAddons", "crossriderapp2258@crossrider.com:0.85.90,"",{635abd67-4fe9-1b[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\94asi3h5.default\prefs.js

Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21664 octets] - [22/03/2013 17:05:02]

########## EOF - C:\AdwCleaner[R1].txt - [21725 octets] ##########


Thanks again. Is there anything else I need to do???

Ed
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Yes, we still have some work to do :)

Upload a File to Virustotal
Please visit Virustotal
  • Click the Choose File button
  • Navigate to the file C:\WINDOWS\agent.exe
  • Click the Open button
  • Click the Scan It button
  • Copy and paste the results back here please.

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
 

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
Security News Discord will switch to temporary file links to block malware delivery
Replies
1
Views
1,913
Security News
Seandc33
S
D
  • Locked
Delete Chromstera
Replies
2
Views
747
Windows Malware Removal Help & Support
nasdaq
nasdaq
CyberTech
    • Like
    • HaHa
    • +Reputation
Serious Discussion Some Outlook.com users can't send emails with attachments
Replies
4
Views
493
Office, email and business apps
ForgottenSeer 100397
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top