Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Closed Topic
 
Topic Tools
  #46  
Old March 22nd, 2012, 12:53 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\Babyl onToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\Ba bylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Babylon\Setup\Setup.ex e Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\user\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\BACK UP\Backup Set 2011-02-13 211257\Backup Files 2011-02-13 211257\Backup files 1.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\BACK UP\Backup Set 2011-05-10 111602\Backup Files 2011-05-10 111602\Backup files 1.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\BACK UP\Backup Set 2011-07-30 153440\Backup Files 2011-07-30 153440\Backup files 1.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined


  #47  
Old March 23rd, 2012, 12:30 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
More a clean up than locating any new malware. How are things running now - any issues we still need to address?
  #48  
Old March 23rd, 2012, 07:36 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
Started to get the occaisional freeze,not had that for ages,there is still the odd long delay with some sites,you mentioned an alternative to Avast maybe that's worth having a go at.I read somewhere that Avast slows down performance and the advice was to do without anti virus entirely! not sure about that bit,seems very chancey.Is there a free alternative to Avast that you could recommend
  #49  
Old March 24th, 2012, 12:08 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
Gotta check with you before we move on. You posted a new request in our other forum. Is this for this system we are addressing?
  #50  
Old March 25th, 2012, 12:08 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
Yes
I didn't think there would be a connection
  #51  
Old March 25th, 2012, 09:30 PM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
May be a permissions issue related to IE, but yes, better to address all issues here, until we have completed what we are doing first.

If you would, go ahead and uninstall Avast. With the many changes it has made lately, and perhaps has become corrupted after all the other changes, we really need to eliminate it as a cause there. Be sure to reboot after, then check for change/issues.

Please just minimize your net activities for now, but hold off on installing any antivirus program until we have assessed things.
  #52  
Old March 26th, 2012, 08:25 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
Have unistalled Avast and I E pop has dissapeared at last.
  #53  
Old March 26th, 2012, 10:32 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
sill getting this everytime I shut down....Do not power off installing 1 update of 2,I get this every time I close down,been happening for about a month now.
  #54  
Old March 27th, 2012, 01:24 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
How is everything else doing, except for this 1 of 2 update? Including the issue you started that other thread for.

Shutdown messages like that do smack of Windows updates, which may be something the Windows 7 forum folks will have to help on.
  #55  
Old March 27th, 2012, 09:14 AM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
With the odd exc exception it's a lot quicker without Avast,though now I don't have any antivirus at all.
  #56  
Old March 27th, 2012, 08:42 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
Every time I boot up now,I get the prompt to install Google Chrome even though I unistalled Google Chrome and desktop has changed in appearance.
  #57  
Old March 28th, 2012, 12:14 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
Here are some free antivirus options you may want to consider, and if uninstalling Avast did bring the improvements you sought, maybe choose some other program this time.

That Google issue is likely just a startup we can remove. Open HijackThis, select Do a system scan and save logfile. Use copy/paste and post that log back here for review.

Last edited by Jintan; March 29th, 2012 at 12:21 AM. Reason: Added the missing link.
  #58  
Old March 28th, 2012, 08:45 AM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
Hi Jintan
You mention here are some free anti virus options but I can't see them,maybe it was a typo ,,putting here instead of there.

MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--
End of file - 4896 bytes

This is the Hijack report above
  #59  
Old March 29th, 2012, 12:31 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,626
Not seeing Google as installed in the older install logs, but it has a bad habit of leaving things behind. Actually, if you uninstall it's Google Update program, it pretty much doesn't uninstall, and always leaves it's active services behind. Must be some bad coding error, because I am sure Google wouldn't purposefully leave active things on systems. Probably can't afford to pay for better coders, or something like that.


Make a copy of the following list, then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Assuming Avast is also removed now, Fix this as well in HijackThis.

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

Reboot, and check for change.

Sorry, I left out the link in my last post, so if you check that now you will see those alternative free security softwares available.
  #60  
Old March 31st, 2012, 10:32 AM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,312
Apart from the occaisional freeze things are a lot better ,I changed to Rising antivirus from Avast
Thanks very much
Closed Topic

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:14 AM.