Infection ....Please help

here are the logs of adwCleaner… PLEASE HELP

AdwCleaner v3.004 - Report created 15/09/2013 at 13:56:42

Updated 15/09/2013 by Xplode

Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

Username : Home - USER

Running from : C:\Documents and Settings\Home\My Documents\Downloads\adwcleaner.exe

Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Folder Found C:\Documents and Settings\All Users\Application Data\apn

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\Tarma Installer
Product Found : BabylonObjectInstaller
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [ Browsers ] *****

-\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://search.babylon.com/?affid=110014&babsrc=nt_ss&mntrid=0416183e000000000000005345000000

-\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\clduch5h.default\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lhdegfsu.default\prefs.js ]

-\ Google Chrome v29.0.1547.66

[ File : C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


AdwCleaner[R0].txt - [5127 octets] - [15/09/2013 13:56:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5187 octets] ##########

Monitoring.

Please run & attach MBAM, OTL and aswMBR logreports.
http://forum.avast.com/index.php?topic=53253.0

Why do you think you are infected, most infections nowerdays are adware and other garbage?

Magna 86 Thank you for reply

yesterday Mbam report showed nothing infected
14/09/2013 13:51:49
mbam-log-2013-09-14 (13-51-49).txt

Scan type: Full scan (C:|D:|E:|F:|G:|H:|I:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 219341
Time elapsed: 32 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

//////////////////////////////////////////////
BUT TODAY… LOOK HERE BELOW … IS BABYLON TOOLBAR DETECTED AS PUP
MBAM REMOVES IT …BUT IT KEEPS COMING BACK AGAIN …every time …after I reboot …
so cant get rid of it…some website says this is a very very nasty PUP…and we need to get rid of it ASAP… I am not an expert on computers so pls forgive me if I keep everything at simple level…

Also pls note there is a long list files that AVAST SCAN SAYS not able to scan …they are all REMNANTS OF babylon search and destroy spybot that I had UNINSTALLED A LONG TIME AGO… shall I send u that as well?

PLs advise what shall i do next…Thank u

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.14.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
arvguest :: USER [limited]

15/09/2013 10:57:55
mbam-log-2013-09-15 (10-57-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 183703
Time elapsed: 15 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AppID{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) → Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Steve
Thank u for reply

My reg is infected with this Babylon Toolbar PUP…some web sites describe this as a very very nasty thing
(do google search) it is very alarming …

Mbam removes it but it keeps coming bak after every booting

Babylon Toolbar PUP
not so nasty... PUP = not a virus / Possible Unwanted Program

hijacks your browser search and give ad popups. usually comes bundled with other programs you download

The Babylon Search will display advertisements and sponsored links in your search results, and may collect search terms from your search queries.

here is the attachment of OTL scan

@agentstar

Where is aswMBR.txt log?

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.




:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-2052111302-1960408961-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B5A61C14-3174-4237-91E5-30D6F97B9994}&mid=2e21da0eb24b47d0813ad15dc355416c-ea3d16f5ffb7cf6e70d1b97c6fc803d06c715fca&lang=en&ds=AVG&pr=fr&d=2012-06-06 15:53:56&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - Extension: No name found = C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: No name found = C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
O3 - HKU\S-1-5-21-2052111302-1960408961-682003330-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O33 - MountPoints2\{393b2724-b606-11e1-9aab-e3e182d9e42b}\Shell - "" = AutoRun
O33 - MountPoints2\{393b2724-b606-11e1-9aab-e3e182d9e42b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393b2724-b606-11e1-9aab-e3e182d9e42b}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{436fe342-b5f7-11e1-9aa7-80d94f5434d2}\Shell - "" = AutoRun
O33 - MountPoints2\{436fe342-b5f7-11e1-9aa7-80d94f5434d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{436fe342-b5f7-11e1-9aa7-80d94f5434d2}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{44c1ad2e-83cb-11e1-a28b-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{44c1ad2e-83cb-11e1-a28b-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44c1ad2e-83cb-11e1-a28b-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{6ac3ea04-992f-11e1-9a22-a8a1e967ebcc}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac3ea04-992f-11e1-9a22-a8a1e967ebcc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ac3ea04-992f-11e1-9a22-a8a1e967ebcc}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7708af08-87c7-11e1-a2a5-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{7708af08-87c7-11e1-a2a5-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7708af08-87c7-11e1-a2a5-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7827b6c1-b7e1-11e1-9abc-c7e47109ee24}\Shell - "" = AutoRun
O33 - MountPoints2\{7827b6c1-b7e1-11e1-9abc-c7e47109ee24}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7827b6c1-b7e1-11e1-9abc-c7e47109ee24}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{843d38f1-b7c2-11e1-9ab8-9770198503bd}\Shell - "" = AutoRun
O33 - MountPoints2\{843d38f1-b7c2-11e1-9ab8-9770198503bd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{843d38f1-b7c2-11e1-9ab8-9770198503bd}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{95db3757-b871-11e1-9aca-83ffd7e9d992}\Shell - "" = AutoRun
O33 - MountPoints2\{95db3757-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95db3757-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{95db375a-b871-11e1-9aca-83ffd7e9d992}\Shell - "" = AutoRun
O33 - MountPoints2\{95db375a-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95db375a-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{95db375d-b871-11e1-9aca-83ffd7e9d992}\Shell - "" = AutoRun
O33 - MountPoints2\{95db375d-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95db375d-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{9893ac98-b7bc-11e1-9ab7-b076a798fdca}\Shell - "" = AutoRun
O33 - MountPoints2\{9893ac98-b7bc-11e1-9ab7-b076a798fdca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9893ac98-b7bc-11e1-9ab7-b076a798fdca}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{9a1c2ae9-96eb-11e1-9a12-c49a73171326}\Shell - "" = AutoRun
O33 - MountPoints2\{9a1c2ae9-96eb-11e1-9a12-c49a73171326}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a1c2ae9-96eb-11e1-9a12-c49a73171326}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{9e15b038-8924-11e1-a2a9-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{9e15b038-8924-11e1-a2a9-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e15b038-8924-11e1-a2a9-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{a1e3fc50-a35b-11e1-9a4c-b5c54da14094}\Shell - "" = AutoRun
O33 - MountPoints2\{a1e3fc50-a35b-11e1-9a4c-b5c54da14094}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1e3fc50-a35b-11e1-9a4c-b5c54da14094}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{c582d154-b87a-11e1-9acc-b62e8cdf7ab8}\Shell - "" = AutoRun
O33 - MountPoints2\{c582d154-b87a-11e1-9acc-b62e8cdf7ab8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c582d154-b87a-11e1-9acc-b62e8cdf7ab8}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{d3502d0f-b5f5-11e1-9aa6-93811688c683}\Shell - "" = AutoRun
O33 - MountPoints2\{d3502d0f-b5f5-11e1-9aa6-93811688c683}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3502d0f-b5f5-11e1-9aa6-93811688c683}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{d4b985b3-b7b4-11e1-9ab3-bd1856ab85d1}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b985b3-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b985b3-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{d4b985b6-b7b4-11e1-9ab3-bd1856ab85d1}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b985b6-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b985b6-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{e253cf25-96b3-11e1-9a0f-ddb8164f8d7e}\Shell - "" = AutoRun
O33 - MountPoints2\{e253cf25-96b3-11e1-9a0f-ddb8164f8d7e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e253cf25-96b3-11e1-9a0f-ddb8164f8d7e}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{f51d556d-b864-11e1-9ac8-947ab89be3d5}\Shell - "" = AutoRun
O33 - MountPoints2\{f51d556d-b864-11e1-9ac8-947ab89be3d5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f51d556d-b864-11e1-9ac8-947ab89be3d5}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{f95dcf50-8700-11e1-a29c-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{f95dcf50-8700-11e1-a29c-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f95dcf50-8700-11e1-a29c-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

:FILES
ipconfig /flushdns /c
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
C:\Documents and Settings\All Users\Application Data\AVG2012
C:\Documents and Settings\Home\Application Data\AVG
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:COMMANDS
[EMPTYTEMP]




[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

----- next -----

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[list]
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log