1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

babylon

Discussion in 'Virus & Other Malware Removal' started by bream53, Sep 28, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 2
    RAM: 1782 Mb
    Graphics Card: Intel(R) HD Graphics, 763 Mb
    Hard Drives: C: Total - 460453 MB, Free - 406347 MB;
    Motherboard: eMachines, eME729Z
    Antivirus: Microsoft Security Essentials, Updated and Enabled . / can anyone tell me how to get rid of this .babylon has set its self as my first internet server??? also i keep getting different colored words , which are underlined on nearly every site i visit, if the cursor passes over them a small flashing screen comes up saying i have won money or go to a site about surveys , please help thanks
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, my name is Mark and I will be helping you.

    IMPORTANT: Please take the time to read this first.
    For the benefit of others that are waiting for help please try to respond as fast as you can and make sure you read all of the instructions I will be giving you to follow. Time spent waiting for replies or having to repeat questions keeps other people waiting in the queue for help.

    I am in Spain at GMT+1 hour, I check my emails several times a day so will usually reply to your responses within a few hours or less unless it is night time here. During the evening here I will usually reply within minutes. Please try to do the same for a swift clean up. Some Malware needs to be dealt with quickly or it will multiply and become deeply embedded in your system and more difficult to find and remove, so quick replies will have more than one benefit.

    Keep in mind that I cannot see your PC, so please give as much detail as possible if something goes wrong or you receive any error messages.

    Malware can be unpredictable and often time consuming to remove, on rare occasions something can go awry and your system may need to have Windows re-installed. Please make sure before we start that you have copies of all your important data saved to an external hard drive or CD/DVD's. Please make sure you disconnect any external hard drives and/or Flash drives during the clean up.

    If you have run any scans that found an infection please let me know.

    DO NOT run any scans or make any changes that I have not asked you to do as this can cause misleading results and make my job much harder in trying to help you. Please also uninstall any file sharing software i.e. uTorrent, BitTorrent, etc, if you insist on keeping it do not use it until we are finished. Use of file sharing software is one of the easiest ways to get your PC infected.

    If I get no reply from you for three days I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.

    Please don't abandon the thread as soon as your PC starts to work normally again as there will be other important checks to make to help protect your system from re-infection. It is also important to follow the correct procedure when removing the tools used to ensure all quarantined infections are completely removed and infected Restore Points are safely deleted.

    Stick with me and we can quickly clean up your PC, if you cannot dedicate the time then a Reformat and Re-install will be your quickest option.

    _________________________________________________________________

    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    When complete, run your internet browser and tell me if the problem has gone or not.

    If the problem is still there please go Here, follow ALL the instructions and post the logs that are requested. Please also tell me what browser is showing the problem, if it is not Internet Explorer then please run Internet Explorer and tell me if it is showing the same problem.

    [​IMG]
     
  3. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    # AdwCleaner v2.003 - Logfile created 09/29/2012 at 18:22:18
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : kevin - KEVIN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\kevin\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Browser Manager

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Deleted on reboot : C:\ProgramData\Browser Manager
    File Deleted : C:\user.js
    File Deleted : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\BabylonMngr.xml
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Ilivid
    Folder Deleted : C:\Program Files (x86)\incredibar.com
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\blekko toolbars
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\kevin\AppData\Local\APN
    Folder Deleted : C:\Users\kevin\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\kevin\AppData\Local\Conduit
    Folder Deleted : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb
    Folder Deleted : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Folder Deleted : C:\Users\kevin\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\kevin\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\kevin\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\kevin\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Deleted : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]
    Folder Deleted : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cfffenfdjeibfomfbppoljahojkbbobb
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\incredibar.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\I
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\ilivid
    Key Deleted : HKLM\Software\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cfffenfdjeibfomfbppoljahojkbbobb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\DataMngr
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKU\S-1-5-21-1691123573-1335998989-2287301453-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={F4155D5D-C45B-4B38-B6B6-974A9261EC42}&mid=2dcf8ba5870044cf8b5b5727fb5d61a8-1a3fa2d76a299100109b029ba65d847d7bdd6403&lang=en&ds=hk014&pr=sa&d=2012-09-17 18:28:47&v=12.2.5.34&sap=hp --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=114336&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=b44d6be300000000000000a0d5ffffae --> hxxp://www.google.com

    -\\ Mozilla Firefox v [Unable to get version]

    Profile name : default
    File : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js

    C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
    Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

    -\\ Google Chrome v22.0.1229.79

    File : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences
    hi mark , thanks for your reply i have included report , now bleco has come up , ok thanks kevin
    [OK] File is clean.

    -\\ Opera v [Unable to get version]

    File : C:\Users\kevin\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [21586 octets] - [29/09/2012 18:22:18]

    ########## EOF - C:\AdwCleaner[S1].txt - [21647 octets] ##########
     
  4. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark i wish to thank up again for your help even if this does not help / where did this problem come from and how did it get on my comp??????
     
  5. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome. The cleaner has removed several undesirable items and you should find that Babylon has gone, please let me know.

    You probably got it installed with an item of software. There are many programs that have toolbars and search engines bundled with them and during installation you get a choice to install or not. Unfortunately if you don't read everything and you miss the options they get installed without you realising.
     
  6. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark yes i think its gone but "mystart by incredibar.com has come up
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That wasn't expected as the scan results show it was deleted, may be something got left behind, please run another scan (exactly the same as before) with ADWCleaner and post the log. When done check you browser again and tell me if it is still there.

    Also please tell me what browser this is appearing in.
     
  8. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark now before a new run i have 5 search sites that have opened / 1 google thats ok / 2- searchnu/ 3 avg/ 4 babylon/ 5 blekko ????? do i do another run now ??? thanks
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Yes, do another scan.
     
  10. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    # AdwCleaner v2.003 - Logfile created 09/30/2012 at 15:20:06
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : kevin - KEVIN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\kevin\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421


    -\\ Mozilla Firefox v [Unable to get version]

    Profile name : default
    File : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v22.0.1229.79

    File : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.47] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://www.searchnu.com/406", "hxxps://isearch.avg.com/?cid={F4155D5D-C45B-4B38-B6B6-974A9261EC42}&mid=2dcf8ba5870044cf8b5b5727fb5d61a8-1a3fa2d76a299100109b029ba65d847d7bdd6403&lang=en&ds=hk014&pr=sa&d=2012-09-17 18:28:47&v=12.2.5.34&sap=hp", "hxxp://search.babylon.com/?affID=114336&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=b44d6be300000000000000a0d5ffffae", "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=7D5668D5EE666E50ACFF8B50592C33D9&tbp=homepage" ]
    Deleted [l.1709] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://www.searchnu.com/406", "hxxps://isearch.avg.com/?cid={F4155D5D-C45B-4B38-B6B6-974A9261EC42}&mid=2dcf8ba5870044cf8b5b5727fb5d61a8-1a3fa2d76a299100109b029ba65d847d7bdd6403&lang=en&ds=hk014&pr=sa&d=2012-09-17 18:28:47&v=12.2.5.34&sap=hp", "hxxp://search.babylon.com/?affID=114336&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=b44d6be300000000000000a0d5ffffae", "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=7D5668D5EE666E50ACFF8B50592C33D9&tbp=homepage" ]

    -\\ Opera v [Unable to get version]

    File : C:\Users\kevin\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [21641 octets] - [29/09/2012 18:22:18]
    AdwCleaner[S2].txt - [2973 octets] - [30/09/2012 15:20:06]

    ########## EOF - C:\AdwCleaner[S2].txt - [3033 octets] ##########
    now my preferences are invalid????
     
  11. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark hope this helps this time thanks kevin
     
  12. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    me again mark ,what is utorrent it has come up on my start page????
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That sounds like an improvement, please run the scan again.
     
  14. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    # AdwCleaner v2.003 - Logfile created 10/01/2012 at 02:43:56
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : kevin - KEVIN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\kevin\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421


    -\\ Mozilla Firefox v [Unable to get version]

    Profile name : default
    File : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v22.0.1229.79

    File : C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Opera v [Unable to get version]

    File : C:\Users\kevin\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [21641 octets] - [29/09/2012 18:22:18]
    AdwCleaner[S2].txt - [3100 octets] - [30/09/2012 15:20:06]
    AdwCleaner[S3].txt - [1146 octets] - [01/10/2012 02:43:56]

    ########## EOF - C:\AdwCleaner[S3].txt - [1206 octets] ##########
    hi mark this is the result
     
  15. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark my first site is ok but my start is my second page????????????
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1070679