How can I get Babylon Search off my Machine

I make Google my home page but this Babylon Search keeps coming back. It changes my browser settings and freezes up when I try to change them back. I can't find Babylon in Add/Remove. When the Babylon Search makes its uninvited visit I also get a pop-up nag box telling me my settings have changed, but it freezes up my browser when I go to tools.

I'm running the latest version of Trend anti virus, but it finds nothing. I believe this Babylon is add ware because it pops up with an option to speed up my computer.

Thank

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

Trend listed AwdCleaner.exe as a Dangerous Site. I did over ride the AV. I've got a feeling it is worthless. Should I turn it off until we are done?


# AdwCleaner v2.112 - Logfile created 02/21/2013 at 03:30:33
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mikel - MIKEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Mikel\Downloads\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
File Found : C:\user.js
Folder Found : C:\Program Files (x86)\CouponDropDown
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Mikel\AppData\Local\CouponDropDown
Folder Found : C:\Users\Mikel\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Mikel\AppData\Roaming\Babylon
Folder Found : C:\Users\Mikel\AppData\Roaming\Mozilla\Firefox\Profiles\8zb8mxm6.default\extensions\crossriderapp4352@crossrider.com
Folder Found : C:\Users\Mikel\AppData\Roaming\Mozilla\Firefox\Profiles\8zb8mxm6.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Mikel\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\CouponDropDown
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-2172474303-1248213363-80862838-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2172474303-1248213363-80862838-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-2172474303-1248213363-80862838-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60045

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Mikel\AppData\Roaming\Mozilla\Firefox\Profiles\8zb8mxm6.default\prefs.js

Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=112670&tt=280812_2003_3512_5");
Found : user_pref("extensions.BabylonToolbar.babext", "babExt");
Found : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Found : user_pref("extensions.BabylonToolbar.bbDpng", "21");
Found : user_pref("extensions.BabylonToolbar.cntry", "US");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Found : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.firstrun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "29201D34492D2C098B3FF8BA37597458");
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.hrdid", "2211c516000000000000386077fc0e81");
Found : user_pref("extensions.BabylonToolbar.id", "2211c516000000000000386077fc0e81");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15581");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.instlday", "15581");
Found : user_pref("extensions.BabylonToolbar.instlref", "sst");
Found : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Found : user_pref("extensions.BabylonToolbar.keywordurl", "");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.124:14:59");
Found : user_pref("extensions.BabylonToolbar.lastdp", 26);
Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newtab", "false");
Found : user_pref("extensions.BabylonToolbar.newtaburl", "");
Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"64\",\"lastVrsn\":\"64\",\"vrsnLoad\[...]
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Found : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Found : user_pref("extensions.BabylonToolbar.sg", "azb");
Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Found : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "sst");
Found : user_pref("extensions.BabylonToolbar.srcext", "sst");
Found : user_pref("extensions.BabylonToolbar.srch", "");
Found : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.tlbrid", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.124:14:59");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.124:14:59");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112670&tt=280812_2003_3512_5");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "sst");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.124:14:59");
Found : user_pref("extensions.crossriderapp4352.4352.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp4352.4352.InstallationTime", 1346212851);
Found : user_pref("extensions.crossriderapp4352.4352.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp4352.4352.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp4352.4352.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp4352.4352.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp4352.4352.active", true);
Found : user_pref("extensions.crossriderapp4352.4352.addressbar", "");
Found : user_pref("extensions.crossriderapp4352.4352.addressbarenhanced", "");
Found : user_pref("extensions.crossriderapp4352.4352.backgroundjs", "\n\n//\n");
Found : user_pref("extensions.crossriderapp4352.4352.backgroundver", 38);
Found : user_pref("extensions.crossriderapp4352.4352.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp4352.4352.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp4352.4352.changeprevious", false);
Found : user_pref("extensions.crossriderapp4352.4352.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie.InstallationTime.value", "1346212851");
Found : user_pref("extensions.crossriderapp4352.4352.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_aoi.value", "1346212851");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_arbitrary_code.expiration", "Thu Feb 21 201[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_blocklist.expiration", "Thu Feb 21 2013 03:[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_cf_bu1.value", "1361282354");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_country_code.expiration", "Mon Feb 25 2013 [...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_crr.value", "1361438309");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_currenttime.value", "%221361395669%22");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_parent_zoneid.value", "%2214019%22");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_pc_20120828.value", "1346213066791");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_product_id.value", "%221162%22");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_sr[adultfriendfinder.com].expiration", "Sun[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_sr[adultfriendfinder.com].value", "13611104[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_sr[cams.com].expiration", "Thu Feb 21 2013 [...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_sr[cams.com].value", "1361412151");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_sr[fling.com].expiration", "Tue Feb 26 2013[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_sr[fling.com].value", "1361308668");
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie._GPL_zoneid.value", "%2273564%22");
Found : user_pref("extensions.crossriderapp4352.4352.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie.dbtest.value", "1346213055310");
Found : user_pref("extensions.crossriderapp4352.4352.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4352.4352.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%[...]
Found : user_pref("extensions.crossriderapp4352.4352.description", "CouponDropDown saves you money by displa[...]
Found : user_pref("extensions.crossriderapp4352.4352.domain", "");
Found : user_pref("extensions.crossriderapp4352.4352.enablesearch", false);
Found : user_pref("extensions.crossriderapp4352.4352.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp4352.4352.group", 0);
Found : user_pref("extensions.crossriderapp4352.4352.homepage", "");
Found : user_pref("extensions.crossriderapp4352.4352.iframe", false);
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_appVer.value", "91");
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_lastVersion.value", "0");
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_nextCheck.expiration", "Thu Feb 21[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_remote_resources.expiration", "Fri[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp4352.4352.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Found : user_pref("extensions.crossriderapp4352.4352.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp4352.4352.manifesturl", "");
Found : user_pref("extensions.crossriderapp4352.4352.name", "CouponDropDown");
Found : user_pref("extensions.crossriderapp4352.4352.newtab", "");
Found : user_pref("extensions.crossriderapp4352.4352.opensearch", "");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1.ver", 4);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1000014.ver", 15);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_1000015.ver", 33);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_16.ver", 5);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp4352.4352.plugins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp4352.4352.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Found : user_pref("extensions.crossriderapp4352.4352.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Found : user_pref("extensions.crossriderapp4352.4352.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp4352.4352.pluginsversion", 58);
Found : user_pref("extensions.crossriderapp4352.4352.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp4352.4352.searchstatus", 0);
Found : user_pref("extensions.crossriderapp4352.4352.setnewtab", false);
Found : user_pref("extensions.crossriderapp4352.4352.settingsurl", "");
Found : user_pref("extensions.crossriderapp4352.4352.thankyou", "");
Found : user_pref("extensions.crossriderapp4352.4352.updateinterval", 360);
Found : user_pref("extensions.crossriderapp4352.4352.ver", 91);
Found : user_pref("extensions.crossriderapp4352.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp4352.apps", "4352");
Found : user_pref("extensions.crossriderapp4352.bic", "139708bf79532068f1adc4f53f6c0117");
Found : user_pref("extensions.crossriderapp4352.cid", 4352);
Found : user_pref("extensions.crossriderapp4352.firstrun", false);
Found : user_pref("extensions.crossriderapp4352.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp4352.installationdate", 1346212985);
Found : user_pref("extensions.crossriderapp4352.lastcheck", 22690472);
Found : user_pref("extensions.crossriderapp4352.lastcheckitem", 22690639);
Found : user_pref("extensions.crossriderapp4352.modetype", "production");
Found : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.5.0,%7Bb9db16a4-6edc-47ec-a1f4-b86292[...]
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_sst&mntrId=2211c516000000000000386077[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Mikel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [24413 octets] - [21/02/2013 03:30:33]

########## EOF - C:\AdwCleaner[R1].txt - [24474 octets] ##########

Should I turn it off until we are done?

Only if it's necessary for certain scans.

Remove the Adware:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

SETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3cc9881c73163948adf22b68fdb6bc51
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-27 03:18:47
# local_time=2012-10-26 10:18:47 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 4134327 4134327 0 0
# compatibility_mode=5893 16776574 100 94 60061407 102846068 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134519
# found=14
# cleaned=14
# scan_time=5308
C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll a variant of Win32/Toolbar.CrossRider.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\AppData\Local\Temp\CouponDropDown.exe a variant of Win32/Toolbar.CrossRider.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\AppData\Local\Temp\KMP_3.3.0.33.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\AppData\Local\Temp\FE21B367-BAB0-7891-A850-8C5680371DE5\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\AppData\Local\Temp\is1566002423\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\acdsee setup(1).exe a variant of Win32/Soft32Downloader.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\acdsee setup(2).exe a variant of Win32/Soft32Downloader.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\acdsee setup(3).exe a variant of Win32/Soft32Downloader.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\acdsee setup.exe a variant of Win32/Soft32Downloader.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\Brothersoft_downloader_For_Orbit_Downloader.exe a variant of Win32/BSDownloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\kmplayer.exe a variant of Win32/InstallCore.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\SoftonicDownloader_for_acdsee-free(1).exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Mikel\Downloads\SoftonicDownloader_for_acdsee-free.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3cc9881c73163948adf22b68fdb6bc51
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-28 01:24:29
# local_time=2012-10-27 08:24:29 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 4212267 4212267 0 0
# compatibility_mode=5893 16776574 100 94 60139347 102924008 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134557
# found=0
# cleaned=0
# scan_time=6911
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3cc9881c73163948adf22b68fdb6bc51
# engine=13217
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-22 12:32:29
# local_time=2013-02-21 06:32:29 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 70248338 113036599 0 0
# scanned=144539
# found=0
# cleaned=0
# scan_time=5466

How's the computer working now? Any other issues?

Seems to be ok. I wonder why my AV didn't catch this?

Thanks

I wonder why my AV didn't catch this?

Because it's more like malware than a virus. That's why you need layered protection. What type of protection do you have?

I'm just using the Trend Titanium on three machines. What do you recommend? I also have OTC and Security Check, but don't use them. I've been told registry cleaners can cause more harm than good.

I'm just using the Trend Titanium on three machines. What do you recommend? I also have OTC and Security Check, but don't use them. I've been told registry cleaners can cause more harm than good.

That's correct, registry cleaners are bad news. Do you have a license to install Trend Titanium on all three computer? If yes, not a problem. If no, you can download and install MicroSoft Security Essential which is an AV and Malware protection program.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
You should also make sure your Windows Firewall is enabled.

Yes. I bought the Trend for three computers. I haven't registered it yet. It seems to work okay for the bigger bugs, but the malware got by it.

If I install the Security Essentials. Will it conflict with the Trend AV? That is, can I run my AV and just use the SE from time to time just to check for any malware my AV may have missed, like the Babylon bug we just removed?

I may already have this program. Is this log from Security Essentials. It was recommended by GeekPolice last year.


Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 25
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader X (10.1.6)
Mozilla Firefox (19.0)
Google Chrome 24.0.1312.57
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro AMSP AMSP_LogServer.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

If I install the Security Essentials. Will it conflict with the Trend AV? That is, can I run my AV and just use the SE from time to time just to check for any malware my AV may have missed, like the Babylon bug we just removed?

Your best bet is to go with Trend Titanium even if it doesn't protect against malware. MBAM (the paid version) would be your best bet against malware. The free version doesn't provide full-time scanning but is also very effective if you initiate the scans frequently.

Malwarebytes' Anti-Malware (MBAM)

If you already have Malwarebytes be sure to check for updates before scanning!

Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link


•Double-click mbam-setup.exe and follow the prompts to install the program.

•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

•If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

•If an update is found, it will download and install the latest version.
•Once the program has loaded, select Perform Quick Scan, then click Scan.

•When the scan is complete, click OK, then Show Results to view the results.

•Be sure that everything is checked, and click Remove Selected.

•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

•Copy and Paste the contents of the report in your reply.

•Exit MBAM.
.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

******************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
****************************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Dave: Looks like everything is working well now. I have another laptop identical to this one, only it is using Explorer instead of Fire Fox. I keep getting a pop up wanting me to upgrade jave It says Orical Java. Should I say okay, or do you think it is maleware. I will open another thread for this problem if you like. But both machines are identical except for the browser.

These two machines are both Toshiba Satellites L775 bought the same day both using the same AV. I think this is just a Toshiba Update, but not sure.

I keep getting a pop up wanting me to upgrade jave It says Orical Java. Should I say okay, or do you think it is maleware.

Just to be on the safe side just ignore that pop-up and do this:

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.