Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Mshta.exe problem, japanese porn site pop up [Solved]


  • This topic is locked This topic is locked
22 replies to this topic

#16 bgirl8fasolla

bgirl8fasolla

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 09 February 2013 - 02:24 AM

Yap, its getting better, thanks to you :D I think nothing from the found list I want to keep. Here is the log # AdwCleaner v2.111 - Logfile created 02/09/2013 at 15:13:56 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Kanisius - KANISIUS-PC # Boot Mode : Normal # Running from : C:\Users\Kanisius\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Folder Found : C:\Program Files (x86)\1ClickDownload Folder Found : C:\Program Files (x86)\LayoutsExpress Folder Found : C:\Program Files (x86)\Minibar Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Premium Folder Found : C:\Users\Kanisius\AppData\Local\APN Folder Found : C:\Users\Kanisius\AppData\Local\Babylon Folder Found : C:\Users\Kanisius\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Kanisius\AppData\LocalLow\Minibar Folder Found : C:\Users\Kanisius\AppData\Roaming\Babylon Folder Found : C:\Users\Kanisius\AppData\Roaming\eType Folder Found : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF} Folder Found : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions\ffxtlbr@babylon.com Folder Found : C:\Users\Kanisius\AppData\Roaming\OpenCandy Folder Found : C:\Users\Kanisius\AppData\Roaming\yourfiledownloader ***** [Registry] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\DSNR Labs Key Found : HKCU\Software\IM Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Minibar Key Found : HKCU\Software\PIP Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\YourFileDownloader Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BabylonToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\Software\Minibar Key Found : HKLM\Software\PIP Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FC012DB-DD59-53D3-D67A-973DB35961D7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D6598005-A921-4F83-B6E6-F4F030D1BF37} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FC012DB-DD59-53D3-D67A-973DB35961D7} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LayoutsExpress Key Found : HKLM\Software\YourFileDownloader Key Found : HKLM\SOFTWARE\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C} Key Found : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964} Key Found : HKLM\SOFTWARE\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKU\S-1-5-21-1372548219-439290359-1192898563-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112472&tt=120912_nocpc_3712_6&babsrc=NT_ss&mntrId=9ab6c35800000000000050e549eec3ee -\\ Mozilla Firefox v16.0.2 (en-US) File : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js [OK] File is clean. File : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\prefs.js Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("extensions.505453fa2b1fc.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Found : user_pref("extensions.BabylonToolbar.admin", false); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false"); Found : user_pref("extensions.BabylonToolbar.babExt", ""); Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=112472&tt=120912_nocpc_3712_6"); Found : user_pref("extensions.BabylonToolbar.babext", "babExt"); Found : user_pref("extensions.BabylonToolbar.babtrack", "babTrack"); Found : user_pref("extensions.BabylonToolbar.bbDpng", "5"); Found : user_pref("extensions.BabylonToolbar.cntry", "ID"); Found : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Found : user_pref("extensions.BabylonToolbar.dfltlng", "en"); Found : user_pref("extensions.BabylonToolbar.dfltsrch", "false"); Found : user_pref("extensions.BabylonToolbar.dp_alert", "0"); Found : user_pref("extensions.BabylonToolbar.dpk", "a239ee63432785bc9c5f6d9c56596c52"); Found : user_pref("extensions.BabylonToolbar.dpkLst", "1169821598,3855095921,302281469,2400444324,3654782829[...] Found : user_pref("extensions.BabylonToolbar.envrmnt", "production"); Found : user_pref("extensions.BabylonToolbar.excTlbr", false); Found : user_pref("extensions.BabylonToolbar.firstrun", false); Found : user_pref("extensions.BabylonToolbar.hdrMd5", "F660A803FEC37D4C0FCF27448FA75808"); Found : user_pref("extensions.BabylonToolbar.hmpg", false); Found : user_pref("extensions.BabylonToolbar.hrdid", "9ab6c35800000000000050e549eec3ee"); Found : user_pref("extensions.BabylonToolbar.id", "9ab6c35800000000000050e549eec3ee"); Found : user_pref("extensions.BabylonToolbar.instlDay", "15598"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.instlday", "15598"); Found : user_pref("extensions.BabylonToolbar.instlref", "sst"); Found : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false"); Found : user_pref("extensions.BabylonToolbar.keywordurl", ""); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1217:08:13"); Found : user_pref("extensions.BabylonToolbar.lastdp", 5); Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); Found : user_pref("extensions.BabylonToolbar.newTab", false); Found : user_pref("extensions.BabylonToolbar.newtab", "false"); Found : user_pref("extensions.BabylonToolbar.newtaburl", ""); Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"33\",\"lastVrsn\":\"33\",\"vrsnLoad\[...] Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon"); Found : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1"); Found : user_pref("extensions.BabylonToolbar.sg", "azb"); Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Found : user_pref("extensions.BabylonToolbar.smplgrp", "azb"); Found : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar.srcext", "ss"); Found : user_pref("extensions.BabylonToolbar.srch", ""); Found : user_pref("extensions.BabylonToolbar.srchprvdr", ""); Found : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Found : user_pref("extensions.BabylonToolbar.tlbrid", "base"); Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12"); Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1217:08:13"); Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12"); Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1217:08:13"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112472&tt=120912_nocpc_3712_6"); Found : user_pref("extensions.BabylonToolbar_i.newTab", false); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=3412_[...] Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1217:08:13"); -\\ Google Chrome v24.0.1312.57 File : C:\Users\Kanisius\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [12475 octets] - [09/02/2013 15:13:56] ########## EOF - C:\AdwCleaner[R1].txt - [12536 octets] ##########

    Advertisements

Register to Remove


#17 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 09 February 2013 - 05:11 AM

Lots of adware found....lets clear it out.....
  • Please re-run AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK if asked.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

#18 bgirl8fasolla

bgirl8fasolla

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 09 February 2013 - 06:01 AM

Hello, this is the log # AdwCleaner v2.111 - Logfile created 02/09/2013 at 18:40:49 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Kanisius - KANISIUS-PC # Boot Mode : Normal # Running from : C:\Users\Kanisius\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Folder Deleted : C:\Program Files (x86)\1ClickDownload Folder Deleted : C:\Program Files (x86)\LayoutsExpress Folder Deleted : C:\Program Files (x86)\Minibar Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\Users\Kanisius\AppData\Local\APN Folder Deleted : C:\Users\Kanisius\AppData\Local\Babylon Folder Deleted : C:\Users\Kanisius\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Kanisius\AppData\LocalLow\Minibar Folder Deleted : C:\Users\Kanisius\AppData\Roaming\Babylon Folder Deleted : C:\Users\Kanisius\AppData\Roaming\eType Folder Deleted : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF} Folder Deleted : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions\ffxtlbr@babylon.com Folder Deleted : C:\Users\Kanisius\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Kanisius\AppData\Roaming\yourfiledownloader ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\DSNR Labs Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Minibar Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YourFileDownloader Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\Software\Minibar Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FC012DB-DD59-53D3-D67A-973DB35961D7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D6598005-A921-4F83-B6E6-F4F030D1BF37} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FC012DB-DD59-53D3-D67A-973DB35961D7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LayoutsExpress Key Deleted : HKLM\Software\YourFileDownloader Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112472&tt=120912_nocpc_3712_6&babsrc=NT_ss&mntrId=9ab6c35800000000000050e549eec3ee --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (en-US) File : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js [OK] File is clean. File : C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\prefs.js C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("extensions.505453fa2b1fc.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112472&tt=120912_nocpc_3712_6"); Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt"); Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "5"); Deleted : user_pref("extensions.BabylonToolbar.cntry", "ID"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false"); Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0"); Deleted : user_pref("extensions.BabylonToolbar.dpk", "a239ee63432785bc9c5f6d9c56596c52"); Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "1169821598,3855095921,302281469,2400444324,3654782829[...] Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production"); Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.firstrun", false); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "F660A803FEC37D4C0FCF27448FA75808"); Deleted : user_pref("extensions.BabylonToolbar.hmpg", false); Deleted : user_pref("extensions.BabylonToolbar.hrdid", "9ab6c35800000000000050e549eec3ee"); Deleted : user_pref("extensions.BabylonToolbar.id", "9ab6c35800000000000050e549eec3ee"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15598"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.instlday", "15598"); Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst"); Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false"); Deleted : user_pref("extensions.BabylonToolbar.keywordurl", ""); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1217:08:13"); Deleted : user_pref("extensions.BabylonToolbar.lastdp", 5); Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); Deleted : user_pref("extensions.BabylonToolbar.newTab", false); Deleted : user_pref("extensions.BabylonToolbar.newtab", "false"); Deleted : user_pref("extensions.BabylonToolbar.newtaburl", ""); Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"33\",\"lastVrsn\":\"33\",\"vrsnLoad\[...] Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1"); Deleted : user_pref("extensions.BabylonToolbar.sg", "azb"); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "azb"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss"); Deleted : user_pref("extensions.BabylonToolbar.srch", ""); Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", ""); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1217:08:13"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12"); Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1217:08:13"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112472&tt=120912_nocpc_3712_6"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=3412_[...] Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1217:08:13"); -\\ Google Chrome v24.0.1312.57 File : C:\Users\Kanisius\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [12590 octets] - [09/02/2013 15:13:56] AdwCleaner[S1].txt - [12812 octets] - [09/02/2013 18:40:49] ########## EOF - C:\AdwCleaner[S1].txt - [12873 octets] ##########

#19 bgirl8fasolla

bgirl8fasolla

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 09 February 2013 - 06:02 AM

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (for.)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Smartfren Connex EC306-2 UI OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#20 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 09 February 2013 - 06:11 AM

Java 7 Update 9 <--should be Update 13
Java version out of Date! <-----Go to control panel > Java > Update Tab > Update Now

Adobe Reader 10.1.5 Adobe Reader out of Date! <---please check for an update if available

You have out dated programs on the system which are vulnerable to malware.
Please update or uninstall them
Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

#21 bgirl8fasolla

bgirl8fasolla

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 09 February 2013 - 07:46 AM

Hello, the pop up haven't appear from yesterday :D I have updated the java now then I uninstalled the sofware you said. Thank you very much for assisting and helping me all this time I'll be more cautious next time :wavey:

#22 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 09 February 2013 - 12:23 PM

OK...Take Care :) MrC

#23 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 10 February 2013 - 05:20 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users