remove babylon

Hi! I followed the forum http://forum.avast.com/index.php?topic=90622.0 for advice to remove babylon and got to the point of running OTL and I have the OTL.Txt and Extras.Txt. What is my next step

See the “Attachments and other options” while you are making a post (below the typebox)

edit: Then just attach the logs and wait for one of the experts to review them and tell you what to do next.

Sorry, here is the attatchment

Hi,

Could you visit the topic here >> http://forum.avast.com/index.php?topic=53253.0 . Download and run aswMBR and post that log into your next reply.

here is the log

Hi keenflores,

I notice that you have both Avast and McAfee running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either Avast or McAfee (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It’s fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you’re asking for trouble.

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E92B46EA-7BFE-44E4-ACC5-BC99BECD00B7}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKU\S-1-5-21-365790398-1778176985-195927391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111441&babsrc=HP_ss&mntrId=86035f1800000000000000225fe5f522
IE - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111441&babsrc=SP_ss&mntrId=86035f1800000000000000225fe5f522
IE - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..\SearchScopes\{E92B46EA-7BFE-44E4-ACC5-BC99BECD00B7}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=111441&babsrc=KW_ss&mntrId=86035f1800000000000000225fe5f522&q="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111441&babsrc=HP_ss&mntrId=86035f1800000000000000225fe5f522"
[2012/03/26 23:16:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\2xbclc34.default\extensions\ffxtlbr@babylon.com
[2012/03/26 23:16:03 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/02/09 17:22:42 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O15 - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-365790398-1778176985-195927391-1000\..Trusted Ranges: GD ([http] in Local intranet)
O33 - MountPoints2\{315b7511-8e70-11de-9158-00256451ccc3}\Shell - "" = AutoRun
O33 - MountPoints2\{315b7511-8e70-11de-9158-00256451ccc3}\Shell\AutoRun\command - "" = D:\setup.exe
[2012/03/26 23:16:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Babylon
[2012/03/26 23:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/26 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Babylon

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )


In your next post please post the logs created by OTL after the fix and after you run a new scan.