Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Babylon Search Engine


  • Please log in to reply
7 replies to this topic

#1 Alumar

Alumar

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 29 January 2012 - 09:42 PM

I went to a website for downloading and unintentionally installed a program or software called Babylon search bar, after installing everytime I open my Google Chrome internet browser it automatically redirectls to Babylon search engine with Extension, i saw a couple of tutorials on youtube on how to remove it and was able to do so going through Internet options and settings in my internet browser, but I'm worried, is it completely removed from my computer, I noticed my PC running slow and my browser crashes every now and then.
My OS is Windows 7 Ultimate, thanks in advance guys.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 29 January 2012 - 10:10 PM

Hello, please run these next.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Edited by boopme, 29 January 2012 - 10:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:08 AM

Posted 29 January 2012 - 10:10 PM

edited......

Edited by Broni, 29 January 2012 - 11:28 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 Alumar

Alumar
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 29 January 2012 - 11:18 PM

Thank you for the immediate replies guys!
Here are the logs:


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````







MiniToolBox by Farbar Version: 18-01-2012
Ran by (administrator) on 30-01-2012 at 12:07:41
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connecting)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : -PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter SmartBro:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SmartBro
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.125.93.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 121.1.3.168
121.1.3.250
Primary WINS Server . . . . . . . : 10.11.12.13
Secondary WINS Server . . . . . . : 10.11.12.14
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 48-5B-39-D1-A6-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fcfc:c072:12e7:592c%11(Deprecated)
Autoconfiguration IPv4 Address. . : 169.254.89.44(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C61D4A13-9AFE-4760-8DDD-A9DC3EABEFAE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18a4:3642:86c9:c571(Preferred)
Link-local IPv6 Address . . . . . : fe80::18a4:3642:86c9:c571%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{75382D8A-1A29-494A-B949-A9C25B0DFB6E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 121.1.3.168

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.71.103
74.125.71.104
74.125.71.105
74.125.71.106
74.125.71.147
74.125.71.99


Pinging google.com [74.125.71.104] with 32 bytes of data:
Reply from 74.125.71.104: bytes=32 time=116ms TTL=39
Reply from 74.125.71.104: bytes=32 time=125ms TTL=42

Ping statistics for 74.125.71.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 116ms, Maximum = 125ms, Average = 120ms
Server: smartdns05.smart.com.ph
Address: 121.1.3.168

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=286ms TTL=37
Reply from 209.191.122.70: bytes=32 time=286ms TTL=37

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 286ms, Maximum = 286ms, Average = 286ms
Server: smartdns05.smart.com.ph
Address: 121.1.3.168

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
20...........................SmartBro
11...48 5b 39 d1 a6 a5 ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 10.125.93.32 41
10.125.93.32 255.255.255.255 On-link 10.125.93.32 296
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 10.125.93.32 41
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 10.125.93.32 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:18a4:3642:86c9:c571/128
On-link
12 306 fe80::/64 On-link
12 306 fe80::18a4:3642:86c9:c571/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/30/2012 10:28:52 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1310

Start Time: 01ccdef0878394a4

Termination Time: 9

Application Path: C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 20030ead-4aea-11e1-bb4c-b32c2ed32d02

Error: (01/30/2012 06:45:00 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c5c

Start Time: 01ccdec85d4d0580

Termination Time: 390

Application Path: C:\Users\_2\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: b9620eb1-4aca-11e1-bb4c-b32c2ed32d02

Error: (01/29/2012 09:48:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 1.0.1065.11, time stamp: 0x4d9b89de
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab86
Exception code: 0xc0000005
Fault offset: 0x00038db9
Faulting process id: 0xba4
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3

Error: (01/29/2012 09:19:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (01/29/2012 07:06:04 PM) (Source: Application Hang) (User: )
Description: The program utorrent.exe version 3.1.0.26671 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fd4

Start Time: 01ccde75cd60a85c

Termination Time: 14

Application Path: D:\Downloads\utorrent.exe

Report Id: 38f3239d-4a69-11e1-a141-fc4861376abb

Error: (01/29/2012 07:04:40 PM) (Source: Application Hang) (User: )
Description: The program uTorrent.exe version 3.1.0.26671 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 528

Start Time: 01ccde75a6aa611c

Termination Time: 12

Application Path: D:\uTorrent.exe

Report Id: 053b3d8d-4a69-11e1-a141-fc4861376abb

Error: (01/29/2012 06:57:21 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e4c

Start Time: 01ccde57db1b4420

Termination Time: 197

Application Path: C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: fe5e16ad-4a67-11e1-a141-fc4861376abb

Error: (01/29/2012 03:43:48 AM) (Source: RasClient) (User: )
Description: CoId={DF67BA23-BD35-41EA-9F1B-40FEB7C56282}: The user -PC\ dialed a connection named SmartBro which has failed. The error code returned on failure is 0.

Error: (01/29/2012 03:42:43 AM) (Source: RasClient) (User: )
Description: CoId={187D3EEA-A4C7-4298-9259-5CB0F89860D9}: The user -PC\ dialed a connection named SmartBro which has failed. The error code returned on failure is 628.

Error: (01/29/2012 03:41:58 AM) (Source: RasClient) (User: )
Description: CoId={3AD2017E-D37B-47D4-9853-A68EEA93E543}: The user -PC\ dialed a connection named SmartBro which has failed. The error code returned on failure is 0.


System errors:
=============
Error: (01/30/2012 11:07:27 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/30/2012 11:07:22 AM) (Source: Service Control Manager) (User: )
Description: The TuneUp Utilities Service service failed to start due to the following error:
%%2

Error: (01/30/2012 04:25:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/30/2012 04:24:51 AM) (Source: Service Control Manager) (User: )
Description: The TuneUp Utilities Service service failed to start due to the following error:
%%2

Error: (01/29/2012 09:04:55 PM) (Source: volmgr) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (01/29/2012 08:49:46 PM) (Source: volmgr) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (01/29/2012 08:26:12 PM) (Source: Service Control Manager) (User: )
Description: The TuneUp Utilities Service service failed to start due to the following error:
%%2

Error: (01/29/2012 03:29:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/29/2012 03:28:59 PM) (Source: Service Control Manager) (User: )
Description: The TuneUp Utilities Service service failed to start due to the following error:
%%2

Error: (01/29/2012 03:28:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:55:56 AM on ?1/?29/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (01/30/2012 10:28:52 AM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.77131001ccdef0878394a49C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe20030ead-4aea-11e1-bb4c-b32c2ed32d02

Error: (01/30/2012 06:45:00 AM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.77c5c01ccdec85d4d0580390C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exeb9620eb1-4aca-11e1-bb4c-b32c2ed32d02

Error: (01/29/2012 09:48:52 PM) (Source: Application Error)(User: )
Description: Steam.exe1.0.1065.114d9b89dentdll.dll6.1.7600.166954cc7ab86c000000500038db9ba401ccde890a866f10C:\Program Files (x86)\Steam\Steam.exeC:\Windows\SysWOW64\ntdll.dllfa34b9d8-4a7f-11e1-b979-a5dd9743e28e

Error: (01/29/2012 09:19:28 PM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (01/29/2012 07:06:04 PM) (Source: Application Hang)(User: )
Description: utorrent.exe3.1.0.26671fd401ccde75cd60a85c14D:\Downloads\utorrent.exe38f3239d-4a69-11e1-a141-fc4861376abb

Error: (01/29/2012 07:04:40 PM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.1.0.2667152801ccde75a6aa611c12D:\uTorrent.exe053b3d8d-4a69-11e1-a141-fc4861376abb

Error: (01/29/2012 06:57:21 PM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.77e4c01ccde57db1b4420197C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exefe5e16ad-4a67-11e1-a141-fc4861376abb

Error: (01/29/2012 03:43:48 AM) (Source: RasClient)(User: )
Description: {DF67BA23-BD35-41EA-9F1B-40FEB7C56282}-PC\SmartBro0

Error: (01/29/2012 03:42:43 AM) (Source: RasClient)(User: )
Description: {187D3EEA-A4C7-4298-9259-5CB0F89860D9}-PC\SmartBro628

Error: (01/29/2012 03:41:58 AM) (Source: RasClient)(User: )
Description: {3AD2017E-D37B-47D4-9853-A68EEA93E543}-PC\nSmartBro0


=========================== Installed Programs ============================

µTorrent (Version: 3.1.0)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Advertising Center (Version: 0.0.0.2)
Angry Birds Seasons (Version: 2.2.0)
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
BFlix (Version: 0.0.0.1)
Bing Bar (Version: 7.0.822.0)
Bounty Hounds PH version 1.109.60 (Version: 1.109.60)
Call of Duty: Black Ops
Camfrog Video Chat 6.1 (Version: 6.1.146)
CDisplay 1.7
CrossFire(Remove only) (Version: 20110902)
D3DX10 (Version: 15.4.2368.0902)
Fraps
GameClub Launcher PH (Remove only) (Version: 20100822)
Garena - Heroes of Newerth (Version: 2011)
Garena Plus (Version: 2011)
GodsWar (Version: 1.01.33)
GodsWar Online (Version: 2.52.002)
Google Chrome (Version: 16.0.912.77)
GunboundIS
IGG Web3D Player version 1.0.0.37 (Version: 1.0.0.37)
ImagXpress (Version: 7.0.74.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Kalydo Player 4.04.00 (Version: 4.04.00)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Menu Templates - Starter Kit (Version: 9.6.0.0)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Movie Templates - Starter Kit (Version: 9.6.0.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.23.100)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero Express Help (Version: 9.4.39.100)
Nero InfoTool (Version: 6.4.12.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.27.100)
Nero StartSmart (Version: 9.4.40.100)
Nero StartSmart Help (Version: 9.4.40.100)
Nero Vision (Version: 6.4.19.100)
Nero Vision Help (Version: 6.4.15.100)
NeroExpress (Version: 1.0.0.0)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Drivers (Version: 1.4)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Realtek High Definition Audio Driver (Version: 6.0.1.6004)
Revo Uninstaller Pro 2.5.7 (Version: 2.5.7)
RF Online version RF Online : Golden Age (Version: RF Online : Golden Age)
RF PoA - Revival Of Novus
Skype™ 5.6 (Version: 5.6.105)
SMART BRO (Version: 1.0.0.0)
Steam (Version: 1.0.0.0)
System Requirements Lab
uTorrentBar Toolbar (Version: 6.8.5.1)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 2047.29 MB
Available physical RAM: 885.18 MB
Total Pagefile: 4094.58 MB
Available Pagefile: 2740.89 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.75 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:152.7 GB) NTFS
2 Drive d: () (Fixed) (Total:232.88 GB) (Free:171.58 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Guest
UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****






Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
:: PC [administrator]

Protection: Enabled

1/30/2012 10:46:46 AM
mbam-log-2012-01-30 (10-46-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229851
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 24
HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

(end)

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:08 AM

Posted 29 January 2012 - 11:29 PM

I edited my previous reply.
When I posted I didn't see boopme's reply so I apologize and I'm out of here :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 29 January 2012 - 11:35 PM

Now ..
Click the wrench icon in the Google Chrome address bar and select Tools then Extensions
See if the Toolbar is listed ( Babylon Chrome OCR )and click on uninstall to remove.
Close that and now click the wrench icon again and select Options from the context menu.

Check and see if it is listed as the home page. Look in Home Page setting under Basics
If there replace it with the Home Page you desire.

Last...look in Manage Search Engines
If there: mouse over it and uninstall it by clicking on the X icon .
Choose another search engine,using the Home Page settings.

If that works we can mop up.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Alumar

Alumar
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 30 January 2012 - 12:32 AM

thank you guys!, that worked now I feel relieved. thank you so much..it's much appreciated.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:08 AM

Posted 30 January 2012 - 10:18 AM

You're welcome (thanks Bron for replying )

Be careful whenyou download items. Y see you also have several Toolbars installed now. You should remove them too. Also apps like utorrent expose you to many malwares in free downloads.

Good luck ot there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users