getting error appdata\roaming\babsolution\shared\NTredirect.dll


  1. Posts : 4
    Windows 7 64
       #1

    getting error appdata\roaming\babsolution\shared\NTredirect.dll


    My computer crashes as soon as it's opened.
    I'm getting two different errors. One is in the title. The other is err: Ct3302909\plugins\tbverifier.dll
    I've just been searching the net to find a fix. I read a thread that instructed another user to upload and run a couple of programs, FRST64 and RogueKiller. I have done that.
    I have attached the fix list that FRST64 sent me. Can you please give me some idea as to fix this issue? I'm losing my damn mind over it.
    Thanks so much!
    Sonja
      My Computer


  2. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #2

    Welcome to the Forum Sonjabel

    Open Notepad. Inside Notepad paste the highlighted text below


    start
    HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Belanger\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [x] <===== ATTENTION
    HKCU\...\Run: [SearchProtect] - C:\Users\Belanger\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
    HKCU\...\Run: [ConduitFloatingPlugin_dijhkeelgcfckackbgkkdaamdhaiplod] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3303797\plugins\TBVerifier.dll",RunConduitFloatingPlugin dijhkeelgcfckackbgkkdaamdhaiplod [x]
    HKCU\...\Run: [Desk 365] - "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun [x]
    HKCU\...\Run: [ConduitFloatingPlugin_nfnglnjhhbjjkfggljifgnmdgpecgjmp] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3302999\plugins\TBVerifier.dll",RunConduitFloatingPlugin nfnglnjhhbjjkfggljifgnmdgpecgjmp [x]
    HKCU\...\Policies\system: [DisableCMD] 0
    HKCU\...\Policies\system: [NoDispAppearancePage] 0
    HKCU\...\Policies\system: [NoDispBackgroundPage] 0
    HKCU\...\Policies\system: [NoDispSettingsPage] 0
    HKLM-x32\...\Run: [] - [x]
    AppInit_DLLs-x32: [0 ] ()
    URLSearchHook: (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
    URLSearchHook: (No Name) - {0bc52218-c3c2-4a28-88f7-cdc0f27bc60d} - No File
    URLSearchHook: (No Name) - {5a94bc06-d1eb-4c2b-bad7-58f33ca4b85c} - No File
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
    SearchScopes: HKLM-x32 - DefaultScope {B95AD0E5-C5EE-4D39-AEC5-39054A6C4C4E} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKCU - DefaultScope {B95AD0E5-C5EE-4D39-AEC5-39054A6C4C4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3302999&CUI=UN10536984673118320&UM=2
    SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E5EB8AC6FE48919&affID=119351&tt=110813_YTB&tsp=4973
    SearchScopes: HKCU - {3A340C4F-4C50-4F8C-86A0-185E77595A21} URL = http://start.funmoods.com/results.php?f=4&a=adknlg&q={searchTerms}
    SearchScopes: HKCU - {9DA3510B-4FA6-4E34-ABC8-AB37A007F18C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703&SSPV=IEAUTOBR
    SearchScopes: HKCU - {A4789C0D-CB2E-400D-8601-3DD3BC5D0C26} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
    SearchScopes: HKCU - {B0833FC8-7576-4ECE-8C57-74C22ACF9FA6} URL =
    SearchScopes: HKCU - {B95AD0E5-C5EE-4D39-AEC5-39054A6C4C4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3302999&CUI=UN10536984673118320&UM=2
    SearchScopes: HKCU - {BF5CDBD7-EC78-41F8-A1B1-01829572104D} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms}
    SearchScopes: HKCU - {D60F59D5-466C-450A-A079-CE29EADF53D2} URL =
    BHO-x32: Vgrabber v1.9 Toolbar - {0bc52218-c3c2-4a28-88f7-cdc0f27bc60d} - C:\Program Files (x86)\Vgrabber_v1.9\prxtbVgra.dll (Conduit Ltd.)
    BHO-x32: Vafmusic6 Toolbar - {5a94bc06-d1eb-4c2b-bad7-58f33ca4b85c} - C:\Program Files (x86)\Vafmusic6\prxtbVafm.dll (Conduit Ltd.)
    BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-x32: ShopAtHomeIEHelper Class - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
    Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
    Toolbar: HKLM-x32 - Vgrabber v1.9 Toolbar - {0bc52218-c3c2-4a28-88f7-cdc0f27bc60d} - C:\Program Files (x86)\Vgrabber_v1.9\prxtbVgra.dll (Conduit Ltd.)
    Toolbar: HKLM-x32 - Vafmusic6 Toolbar - {5a94bc06-d1eb-4c2b-bad7-58f33ca4b85c} - C:\Program Files (x86)\Vafmusic6\prxtbVafm.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    Toolbar: HKCU - No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No File
    FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303797&SearchSource=2&CUI=UN38209487638516111&UM=2&q=
    FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
    FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
    FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\126.xpi
    FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\126.xpi
    FF HKCU\...\Firefox\Extensions: [lrcsmonkey@lrcsmonkey.net] C:\Program Files (x86)\Lyrics_Monkey\126.xpi
    FF Extension: No Name - C:\Program Files (x86)\Lyrics_Monkey\126.xpi
    CHR HomePage: hxxp://search.conduit.com/?ctid=CT3302999&SearchSource=48&CUI=UN20862416561079099&UM=2
    CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3302999&SearchSource=48&CUI=UN20862416561079099&UM=2"
    CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
    CHR HKLM-x32\...\Chrome\Extension: [dijhkeelgcfckackbgkkdaamdhaiplod] - C:\Users\Belanger\AppData\Local\CRE\dijhkeelgcfckackbgkkdaamdhaiplod.crx
    CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
    CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\126.crx
    CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx
    CHR HKLM-x32\...\Chrome\Extension: [joflpaafchojilpbjjbebljnikhkdhgf] - C:\ProgramData\wxDfast\joflpaafchojilpbjjbebljnikhkdhgf.crx
    CHR HKLM-x32\...\Chrome\Extension: [nfnglnjhhbjjkfggljifgnmdgpecgjmp] - C:\Users\Belanger\AppData\Local\CRE\nfnglnjhhbjjkfggljifgnmdgpecgjmp.crx
    CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Belanger\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx
    CHR HKLM-x32\...\Chrome\Extension: [ofnnlhbgdcabppjmlijllkhekcglbjlg] - C:\Program Files (x86)\Lyrics_Monkey\126.crx
    R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
    2013-08-15 11:32 - 2013-08-15 11:34 - 00979072 _____ C:\sh4_service.log
    2013-08-15 11:27 - 2013-08-11 18:02 - 00008192 _____ C:\shldr.mbr
    2013-08-15 11:27 - 2012-11-02 16:23 - 00285747 _____ C:\shldr
    2013-08-15 07:31 - 2013-08-15 07:31 - 00228084 ____N C:\spyhunter.log
    2013-08-13 09:30 - 2013-08-13 09:30 - 00000000 ____D C:\ce9b73edfc2fc0625bce1cb036d0a0
    2013-08-11 17:58 - 2013-08-11 18:01 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
    2013-08-11 16:10 - 2013-08-11 16:10 - 00127984 _____ C:\Users\Belanger\Downloads\windowsupdate.diagcab
    2013-08-11 14:49 - 2013-08-11 14:49 - 00000000 ____D C:\0771b84e7f9d833012f8695e4514c29b
    2013-08-11 14:19 - 2013-08-11 14:19 - 00000000 ____D C:\426db4a5043a570dc62703
    2013-08-10 20:42 - 2013-08-10 20:42 - 00000000 ____D C:\6f7005d0a1d24a5d1f4e192f190ff8c6
    2013-08-10 08:32 - 2013-08-10 16:32 - 00000000 ____D C:\f14184fa6994feea379e
    2013-08-06 16:49 - 2013-08-06 16:49 - 00477028 _____ C:\ProgramData\SPL2665.tmp
    2013-08-15 12:17 - 2013-08-13 12:01 - 00000398 _____ C:\Windows\Tasks\Lyrics-Monkey Update.job
    2013-08-15 12:17 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-08-13 10:47 - 2013-08-13 10:47 - 00000000 ____D C:\Users\Belanger\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    2013-08-10 17:44 - 2011-05-27 14:46 - 00000000 ____D C:\Program Files (x86)\Coupons
    2013-08-10 16:32 - 2013-08-10 08:32 - 00000000 ____D C:\f14184fa6994feea379e
    2013-08-06 16:49 - 2013-08-06 16:49 - 00477028 _____ C:\ProgramData\SPL2665.tmp
    end


    click on File > Save As

    File name : Fixlist.txt

    Location to save to : Desktop

    Save as type : All files

    Click on Save button . Close Notepad

    Open FRST64.exe from the Desktop and click on [Fix] button . Once done it will create a new log called Fixlog.txt upload the log.


    Once you're done with running the FRST64.exe tool

    run these tools

    AdwCleaner

    Click here AdwCleaner

    Click on Download Now button

    Save to the Desktop

    Right-click on AdwCleaner.exe and choose

    Click the Clean button


       Note
    The log file is at C:\AdwCleaner[n].txt


    Download Junkware Removal Toolkit

    Click here Junkware Removal Tool to download

    Drag the JRT.exe from the Downloads folder to your Desktop

    Right click JRT.exe and choose

    Once done upload the JRT.txt file
      My Computer


  3. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #3

    Once you're done with those two . Run the next tool

    Malwarebytes

    Download Link MalwareBytes

    When the installation is done uncheck Enable free trial of Malwarebytes (see image below )



    Update the definitions and do a full scan

    On the Scanner tab:
    Make sure the "Perform Full Scan" option is selected.
    Then click on the Scan button.
    If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    Make sure that everything is checked, and click Remove Selected.
    When removal is completed, a log report will open in Notepad.
    The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    Copy and paste the contents of that report in your next reply and exit MBAM.

    Log looks like this : mbam-log-yyyy-mm-dd

    Log located : C:\Users\{Your UserName}\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs or C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
      My Computer


  4. Posts : 4
    Windows 7 64
    Thread Starter
       #4

    As soon as I downloaded the junk tool, my whole system crashed and has yet to recover. I tried opening in safe mode as well. It's just a black screen that has a floater saying, "No input found". Kinda freaking out.
      My Computer


  5. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #5

    Download a new FRST64.exe file and run it in System Recovery . Follow the Instructions below

       Warning
    You will need a USB FLASH DRIVE


       Tip
    Download the Tool from a non infected PC


    Farbar Recovery Scan Tool

    Choose one that goes with your OS bit version . Save the file to a USB Flash drive

    32-bit Version OS Farbar Recovery Scan Tool

    64-Bit Version OS Farbar Recovery Scan Tool x64


       Note
    Click the button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System


    Plug the flash drive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    Restart the computer.
    As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    Use the arrow keys to select Repair Your Computer menu item.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    Insert the installation disc.
    Restart your computer.
    If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    Click Repair your computer.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair


    • System Restore


    • Windows Complete PC Restore


    • Windows Memory Diagnostic Tool


    • Command Prompt


    Select Command Prompt

    In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

       Note
    Replace letter X with the drive letter of your flash drive.


       Tip
    Type the commands below to see what your letter is for the USB drive and press ENTER after each command


    Code:
    Diskpart
    List volume
    The tool will start to run.
    When the tool opens click Yes to disclaimer.
    Press Scan button.
    FRST will let you know when the scan is complete and has written the FRST.txt to file

    Upload the FRST.txt file

       Note
    FRST.txt file will be inside the root of the USB Flash Drive
      My Computer


  6. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #6

    The "No input found" take a look at your Monitor cable . Unplug it from the PC and plug it back in. Also try removing a stick of RAM . Turn the PC off unplug the power cord from the back of the PC and remove the side panel and remove a memory stick ( don't forget to touch something metal to ground yourself )
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:33.
Find Us