Hi,
Please can anyone help me assessing the seriousness of my Scan results. Quite a lot of stuff was found but i'm afraid due to my complete computer illiteracy it means very little to me.
The reason i did the scan is because i have been a victim of bank fraud recently and my bank account, online banking, credit card have been hacked. I have been told to take my computer to a computer specialist and have it wiped but i can't afford it at the moment. Also i haven't been given an answer [and are unlikely to be] to how i was hacked yet so before i wipe my computer and any other computers i may have used i want to try and work out the source of my fraud, if i can. I realise the original source of my fraud may have not been online also.
Here are my results:
Search results from Spybot - Search & Destroy
08/12/2011 02:06:10
Scan took 00:24:05.
Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore
Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1
Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1
Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore
Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd
Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1
Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1
Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd
Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry Value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}
Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1
Babylon.Toolbar: [SBI $07586C96] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}
Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1
Babylon.Toolbar: [SBI $07586C96] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}
Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc
Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1
Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}
Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1
Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}
Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc
DoubleClick: [SBI $7F76510F] Tracking cookie (Firefox: Charmaine (default)) (Browser: Cookie, nothing done)
Log: [SBI $7F76510F] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=47261
Properties.md5=1328DC4A7D71CF897F599AC41F6C7365
Properties.filedate=1323271180
Properties.filedatetext=2011-12-07 15:19:40
Log: [SBI $7F76510F] Install: DtcInstall.log (File, nothing done)
C:\Windows\DtcInstall.log
Properties.size=2790
Properties.md5=26B91E0E7E8FDC29A64DD08089316F07
Properties.filedate=1292957106
Properties.filedatetext=2010-12-21 18:45:06
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\WinRAR\ArcHistory
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\WinRAR\General\LastFolder
Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (134) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (49) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.0.6.131 DLL (build: 20111005) ---
I thought i should also let you know that i had problems with the Babylon toolbar before, which is mentioned in the results alot, but i thought it had all been removed a few months ago hence my continuing to use the computer.
My friend told me everything had been removed and it was safe to be used. I have actually had Avira antivirus running in real time protection mode since then, even though i was told not to because it will slow my computer down.
I also ran a full Avira scan the other day and it found nothing at all.
I also ran a Malwarebytes scan an it only found the following:
Files Infected:
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\1000000600002i\svchost.exe (Rootkit.Dropper) -> No action taken.
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\1000000800002i\svchost.exe (Rootkit.Dropper) -> No action taken.
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\1000000b00002i\rundll32.exe (Rootkit.Dropper) -> No action taken.
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\4000002c0600002i\photoshop.exe (Rootkit.Dropper) -> No action taken.
I realise no one is obliged to help me so i am very grateful for anyone that does if they can.
Cheers.