Hi…

Seemingly same issue as the others… Posting logs as they come through

Many thanks for all further assistance…

Malwarebytes

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Farmski 02 :: SCRATCHY-D [administrator]

Protection: Enabled

27/06/2012 19:46:44
mbam-log-2012-06-27 (19-46-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229699
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

TDSSKiller Log

Complete Internet Repair

OLT

additional custom scan/fix

%SYSTEMDRIVE%*.exe
/md5start
WSHELPER.*
services.exe
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKCR\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /rs

OTL attachment was too big to attach…

http://www16.zippyshare.com/v/77508892/file.html

Is that all I need to give at this point or any logs that I am missing??

much appreciated thanks

aswMBR log.

Hi there as you may have noticed I have as of now been unable to discover the location of the miscreant for this… So I am using all my analysis tools to try and find it…

You can use a different on, which is the next on my list

Please RIGHT-CLICK HERE and Save As (in IE it’s “Save Target As”, in FF it’s “Save Link As”) to download Silent Runners.
[*]Save it to the desktop.
[*]Run Silent Runner’s by doubleclicking the “Silent Runners” icon on your desktop.
[*]You will receive a prompt:
Do you want to skip supplementary searches?
click NO
[*]If you receive an error just click OK and double-click it to run it again - sometimes it won’t run as it’s supposed to the first time but will in subsequent runs.
[*]You will see a text file appear on the desktop - it’s not done, let it run (it won’t appear to be doing anything!)
[*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
NOTE If you receive any warning message about scripts, please choose to allow the script to run.

Once silent runners has completed then run this OTL fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE - HKU\S-1-5-21-1166256793-323034234-1524400773-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108753&babsrc=SP_ss&mntrId=ec5198800000000000001c750837a9b4 IE - HKU\S-1-5-21-1166256793-323034234-1524400773-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 [2012/06/27 01:50:21 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Farmski 02\AppData\Roaming\Mozilla\Firefox\Profiles\iogx7ur9.default\extensions\crossriderapp435@crossrider.com [2012/02/05 21:30:50 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) [2012/05/31 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService

:Files
ipconfig /flushdns /c
C:\Windows\tasks\At*.job
C:\Program Files (x86)\BabylonToolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

hi…

the silent runners saves as a text file?? just opens as text…

is it supposed to be .bat or ???

aswMBR

It will be a text file just attach it

After you have run the OTL fix could you let me know if you still get the alerts

silent runners

http://www16.zippyshare.com/v/58762337/file.html

dont understand how to run it tho… no prompt to do anything?

otl log 2

otl log after custom fix

still betting all the same alerts tho…

Ah you have copied the programme
Could you double click silent runners - it should then run

Save it to the desktop. Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop. You will receive a prompt: Do you want to skip supplementary searches? click NO

If you receive an error just click OK and double-click it to run it again - sometimes it won’t run as it’s supposed to the first time but will in subsequent runs.
You will see a text file appear on the desktop - it’s not done, let it run (it won’t appear to be doing anything!)

Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

NOTE If you receive any warning message about scripts, please choose to allow the script to run.

Ah… had to amend the file as the it saved as .txt not .vbs…

Bear with me I am awaiting the result on another thread with a similar problem

Absolutely no worries… Thanks for all your effort, appreciated