getting error appdata\roaming\babsolution\shared\NTredirect.dll

[Sonjabel]

My computer crashes as soon as it's opened.
I'm getting two different errors. One is in the title. The other is err: Ct3302909\plugins\tbverifier.dll
I've just been searching the net to find a fix. I read a thread that instructed another user to upload and run a couple of programs, FRST64 and RogueKiller. I have done that.
I have attached the fix list that FRST64 sent me. Can you please give me some idea as to fix this issue? I'm losing my damn mind over it.
Thanks so much!
Sonja

 

[VistaKing]

Welcome to the Forum Sonjabel

Open Notepad. Inside Notepad paste the highlighted text below


start
HKCU\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Belanger\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [x] <===== ATTENTION
HKCU\...\Run: [SearchProtect] - C:\Users\Belanger\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
HKCU\...\Run: [ConduitFloatingPlugin_dijhkeelgcfckackbgkkdaamdhaiplod] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3303797\plugins\TBVerifier.dll",RunConduitFloatingPlugin dijhkeelgcfckackbgkkdaamdhaiplod [x]
HKCU\...\Run: [Desk 365] - "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun [x]
HKCU\...\Run: [ConduitFloatingPlugin_nfnglnjhhbjjkfggljifgnmdgpecgjmp] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3302999\plugins\TBVerifier.dll",RunConduitFloatingPlugin nfnglnjhhbjjkfggljifgnmdgpecgjmp [x]
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs-x32: [0 ] ()
URLSearchHook: (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
URLSearchHook: (No Name) - {0bc52218-c3c2-4a28-88f7-cdc0f27bc60d} - No File
URLSearchHook: (No Name) - {5a94bc06-d1eb-4c2b-bad7-58f33ca4b85c} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
SearchScopes: HKLM-x32 - DefaultScope {B95AD0E5-C5EE-4D39-AEC5-39054A6C4C4E} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {B95AD0E5-C5EE-4D39-AEC5-39054A6C4C4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3302999&CUI=UN10536984673118320&UM=2
SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E5EB8AC6FE48919&affID=119351&tt=110813_YTB&tsp=4973
SearchScopes: HKCU - {3A340C4F-4C50-4F8C-86A0-185E77595A21} URL = http://start.funmoods.com/results.php?f=4&a=adknlg&q={searchTerms}
SearchScopes: HKCU - {9DA3510B-4FA6-4E34-ABC8-AB37A007F18C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703&SSPV=IEAUTOBR
SearchScopes: HKCU - {A4789C0D-CB2E-400D-8601-3DD3BC5D0C26} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {B0833FC8-7576-4ECE-8C57-74C22ACF9FA6} URL =
SearchScopes: HKCU - {B95AD0E5-C5EE-4D39-AEC5-39054A6C4C4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3302999&CUI=UN10536984673118320&UM=2
SearchScopes: HKCU - {BF5CDBD7-EC78-41F8-A1B1-01829572104D} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms}
SearchScopes: HKCU - {D60F59D5-466C-450A-A079-CE29EADF53D2} URL =
BHO-x32: Vgrabber v1.9 Toolbar - {0bc52218-c3c2-4a28-88f7-cdc0f27bc60d} - C:\Program Files (x86)\Vgrabber_v1.9\prxtbVgra.dll (Conduit Ltd.)
BHO-x32: Vafmusic6 Toolbar - {5a94bc06-d1eb-4c2b-bad7-58f33ca4b85c} - C:\Program Files (x86)\Vafmusic6\prxtbVafm.dll (Conduit Ltd.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: ShopAtHomeIEHelper Class - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll No File
Toolbar: HKLM-x32 - Vgrabber v1.9 Toolbar - {0bc52218-c3c2-4a28-88f7-cdc0f27bc60d} - C:\Program Files (x86)\Vgrabber_v1.9\prxtbVgra.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Vafmusic6 Toolbar - {5a94bc06-d1eb-4c2b-bad7-58f33ca4b85c} - C:\Program Files (x86)\Vafmusic6\prxtbVafm.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
Toolbar: HKCU - No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No File
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303797&SearchSource=2&CUI=UN38209487638516111&UM=2&q=
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF HKCU\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\LyriXeeker\126.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\126.xpi
FF HKCU\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Lyrics_Monkey\126.xpi
FF Extension: No Name - C:\Program Files (x86)\Lyrics_Monkey\126.xpi
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3302999&SearchSource=48&CUI=UN20862416561079099&UM=2
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3302999&SearchSource=48&CUI=UN20862416561079099&UM=2"
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dijhkeelgcfckackbgkkdaamdhaiplod] - C:\Users\Belanger\AppData\Local\CRE\dijhkeelgcfckackbgkkdaamdhaiplod.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\126.crx
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx
CHR HKLM-x32\...\Chrome\Extension: [joflpaafchojilpbjjbebljnikhkdhgf] - C:\ProgramData\wxDfast\joflpaafchojilpbjjbebljnikhkdhgf.crx
CHR HKLM-x32\...\Chrome\Extension: [nfnglnjhhbjjkfggljifgnmdgpecgjmp] - C:\Users\Belanger\AppData\Local\CRE\nfnglnjhhbjjkfggljifgnmdgpecgjmp.crx
CHR HKLM-x32\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\Belanger\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx
CHR HKLM-x32\...\Chrome\Extension: [ofnnlhbgdcabppjmlijllkhekcglbjlg] - C:\Program Files (x86)\Lyrics_Monkey\126.crx
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
2013-08-15 11:32 - 2013-08-15 11:34 - 00979072 _____ C:\sh4_service.log
2013-08-15 11:27 - 2013-08-11 18:02 - 00008192 _____ C:\shldr.mbr
2013-08-15 11:27 - 2012-11-02 16:23 - 00285747 _____ C:\shldr
2013-08-15 07:31 - 2013-08-15 07:31 - 00228084 ____N C:\spyhunter.log
2013-08-13 09:30 - 2013-08-13 09:30 - 00000000 ____D C:\ce9b73edfc2fc0625bce1cb036d0a0
2013-08-11 17:58 - 2013-08-11 18:01 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-11 16:10 - 2013-08-11 16:10 - 00127984 _____ C:\Users\Belanger\Downloads\windowsupdate.diagcab
2013-08-11 14:49 - 2013-08-11 14:49 - 00000000 ____D C:\0771b84e7f9d833012f8695e4514c29b
2013-08-11 14:19 - 2013-08-11 14:19 - 00000000 ____D C:\426db4a5043a570dc62703
2013-08-10 20:42 - 2013-08-10 20:42 - 00000000 ____D C:\6f7005d0a1d24a5d1f4e192f190ff8c6
2013-08-10 08:32 - 2013-08-10 16:32 - 00000000 ____D C:\f14184fa6994feea379e
2013-08-06 16:49 - 2013-08-06 16:49 - 00477028 _____ C:\ProgramData\SPL2665.tmp
2013-08-15 12:17 - 2013-08-13 12:01 - 00000398 _____ C:\Windows\Tasks\Lyrics-Monkey Update.job
2013-08-15 12:17 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 10:47 - 2013-08-13 10:47 - 00000000 ____D C:\Users\Belanger\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-10 17:44 - 2011-05-27 14:46 - 00000000 ____D C:\Program Files (x86)\Coupons
2013-08-10 16:32 - 2013-08-10 08:32 - 00000000 ____D C:\f14184fa6994feea379e
2013-08-06 16:49 - 2013-08-06 16:49 - 00477028 _____ C:\ProgramData\SPL2665.tmp
end


click on File > Save As

File name : Fixlist.txt

Location to save to : Desktop

Save as type : All files

Click on Save button . Close Notepad

Open FRST64.exe from the Desktop and click on [Fix] button . Once done it will create a new log called Fixlog.txt upload the log.


Once you're done with running the FRST64.exe tool

run these tools

AdwCleaner

Click here AdwCleaner

:ar: Click on Download Now button

:ar: Save to the Desktop

:ar: Right-click on AdwCleaner.exe and choose

:ar: Click the Clean button

   Note

The log file is at C:\AdwCleaner[n].txt

:ar: Download Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file

 

[VistaKing]

Once you're done with those two . Run the next tool

Malwarebytes

Download Link :ar: MalwareBytes

When the installation is done uncheck Enable free trial of Malwarebytes (see image below )

Update the definitions and do a full scan

:ar: On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
:ar: If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
:ar: The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
:ar: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
:ar: Click OK to close the message box and continue with the removal process.
:ar: Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
:ar: Make sure that everything is checked, and click Remove Selected.
:ar: When removal is completed, a log report will open in Notepad.
:ar: The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
:ar: Copy and paste the contents of that report in your next reply and exit MBAM.

Log looks like this : mbam-log-yyyy-mm-dd

Log located : C:\Users\{Your UserName}\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs or C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

[Sonjabel]

As soon as I downloaded the junk tool, my whole system crashed and has yet to recover. I tried opening in safe mode as well. It's just a black screen that has a floater saying, "No input found". Kinda freaking out.

 

[VistaKing]

Download a new FRST64.exe file and run it in System Recovery . Follow the Instructions below

   Warning

You will need a

USB FLASH DRIVE

   Tip

Download the Tool from a non infected PC

Farbar Recovery Scan Tool

Choose one that goes with your OS bit version . Save the file to a USB Flash drive

32-bit Version OS :ar: Farbar Recovery Scan Tool

64-Bit Version OS :ar: Farbar Recovery Scan Tool x64

   Note

Click the rb: button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System

Plug the flash drive into the infected PC.

Enter System Recovery Options.

:ar: To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

:ar: To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

:ar: On the System Recovery Options menu you will get the following options:

• Startup Repair

• System Restore

• Windows Complete PC Restore

• Windows Memory Diagnostic Tool

• Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

   Note

Replace letter X with the drive letter of your flash drive.

   Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file

Upload the FRST.txt file

   Note

FRST.txt file will be inside the root of the USB Flash Drive

 

[VistaKing]

The "No input found" take a look at your Monitor cable . Unplug it from the PC and plug it back in. Also try removing a stick of RAM . Turn the PC off unplug the power cord from the back of the PC and remove the side panel and remove a memory stick ( don't forget to touch something metal to ground yourself )