Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Laptop...Do I have a Trojan Virus Already?! (csrss.exe)


  • Please log in to reply
14 replies to this topic

#1 KtrainHurricane

KtrainHurricane

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 05 September 2013 - 04:39 PM

Hi,

 

I was directed to this forum by some members on TomsHardware. I created a thread over there about a problem I encountered today, but figure this might be a better place to ask about it. I will copy + paste the posts I have already made/the steps I have already taken.

 

 I just got a Lenovo Thinkpad T430 laptop. I have only had it for about a week and a half. I have not really done anything on it yet except log into my school account to do some homework and check emails (I bought this computer specifically for taking to class).


I just tried to install my Canon MP620 printer today to print some class notes, but the printer keeps saying it is offline. I called Canon tech support and they logged into my computer using TeamViewer, and said the printer is fine but my network might be corrupted (printer works with all other computers at my house).

So the Canon tech support transferred me to Microsoft tech support, and he did some searching around and explaining and pointed out two "csrss.exe" files that were running in my task manager. He said that these are trojan viruses and mean that my computer has been hacked by some remote location.

Now after doing a few mins. of researched I have quickly learned that there are a necessary part of Windows and don't necessarily mean anything is wrong...but it could mean something is wrong if they have in fact been infected. My question is: how do I know if they have been infected, or if the guy I spoke to just tried to pull my chain for some money? ($300 for 5 year network protection or $500 for lifetime protection)

The printer not working is another issue that I am not really concerned about at the moment. I installed the drivers via Canon's website, but I have the hard disk as well...I am going to try the hard disk now to see if it works. I am just afraid that my brand new laptop is already corrupted.

 



The printer was automatically recognized by the computer. What I did today (first time I had to print something) was download the drivers from the Canon website...but the printer kept saying it was offline, so I called Canon tech support. The Canon tech support rep. is the one who told me to download TeamViewer.

After hanging up with them and saying I could not afford the network protection service at this time, I removed the printer from my laptop, uninstalled the drivers, and re-did everything but with the hard disc (right after I posted this thread). Everything installed, but I got a message saying that the printer could not be located.

I just ran MalwareBytes and it found 37 problems. Don't know how this happened since the computer is new. I did use it while away at a hotel for work last weekend...maybe something happened there? Anyway, I will try to re-do the printer now.

In the meantime, is there anything else I should do? Another antivirus I should download and run?



The printer works fine with my other computers at home though...so could it still possibly be a printer issue do you think?

And for what it's worth, I was told that the McAfee my computer came with was garbage and was instructed to remove it, so I did. Not sure if that was a smart move or not, but what's done is done...



I accidentally didn't select all "Found Problems" after the Malwarebytes run, so I did it again immediately after...and this time it found 44 problems. How in the hell would 7 MORE problems - in addition to the original quantity of 37 problems - be found in the time frame of less than 1 minute when I literally did absolutely nothing with the computer?!

They are all from the Vendor "PUP.Optional.SearchProtect"



I just ran adwcleaner and it found a bunch of stuff (I guess?)...wasn't familiar with the interface but it scanned really quickly, then read "pending" and I hit the "Clean" button...I then got a popup saying I must restart the computer in order to remove the problems, which I did.

I tried to download Rogue Killer from their website, but got a pop saying "Windows SmartScreen protected file from opening" or something like that... How do I go around this?



Upon restarting the computer after running adwcleaner, I got this:

# AdwCleaner v3.002 - Report created 05/09/2013 at 17:28:20
# Updated 01/09/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Kevin - LENOVO-PC
# Running from : C:\Users\Kevin\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\KeyBar_1.12
Folder Deleted : C:\Program Files (x86)\MixiDJ_V44
Folder Deleted : C:\Users\Kevin\AppData\Local\Conduit
Folder Deleted : C:\Users\Kevin\AppData\Local\cre
Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\CT3298580
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\KeyBar_1.12
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\MixiDJ_V44
Folder Deleted : C:\Users\Kevin\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kevin\AppData\Roaming\DSite
Folder Deleted : C:\Users\Kevin\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\CT3298580
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\Extensions\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}
Folder Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\user.js
File Deleted : C:\windows\Tasks\DSite.job
File Deleted : C:\windows\System32\Tasks\DSite
File Deleted : C:\windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CEF5A3EF-2F71-468B-A2E5-777F09EFA4F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEF5A3EF-2F71-468B-A2E5-777F09EFA4F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1765CD5-0FDD-4089-A6CD-C90AF1119151}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B07F78CA-F6BD-4644-BD73-D94C0C61AE17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A286F1FC-DFDB-441E-A18D-737ED438E31C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BB7A61B-CD81-4BA7-BCA9-4F539BBB6881}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.12
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V44
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\KeyBar_1.12
Key Deleted : HKLM\Software\MixiDJ_V44
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.12 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V44 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\prefs.js ]

Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.UserID", "UN51166177330365264");
Line Deleted : user_pref("CT3298580.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298580.fullUserID", "UN51166177330365264.IN.20130829135946");
Line Deleted : user_pref("CT3298580.installDate", "29/08/2013 13:59:47");
Line Deleted : user_pref("CT3298580.installSessionId", "{130E0F23-DCBC-42B5-AA14-F10812519877}");
Line Deleted : user_pref("CT3298580.installSp", "TRUE");
Line Deleted : user_pref("CT3298580.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3298580.keyword", "true");
Line Deleted : user_pref("CT3298580.originalHomepage", "about:home");
Line Deleted : user_pref("CT3298580.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298580.originalSearchEngine", "");
Line Deleted : user_pref("CT3298580.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298580.searchRevert", "false");
Line Deleted : user_pref("CT3298580.searchUserMode", "2");
Line Deleted : user_pref("CT3298580.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298580.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3298580.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V44 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&CUI=UN51166177330365264&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN51166177330365264&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298580&octid=CT3298580&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&SearchSource=2&CUI=UN51166177330365264&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.machineId", "O5PKWH7O4UP5PNXQK4LY6PHSUU2M315V5SS4OH3NDKS+VH1FLUHMZNKBMJOJCRFKQHNQ/O4UPQCUKE7P6EWUEA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN51166177330365264&UM=2&SearchSource=13");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10614 octets] - [05/09/2013 17:27:43]
AdwCleaner[S0].txt - [10259 octets] - [05/09/2013 17:28:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10320 octets] ##########

 

Mod Edit: Moved topic from Windows 8 to the more appropriate forum. ~bloopie


Edited by bloopie, 05 September 2013 - 05:04 PM.


BC AdBot (Login to Remove)

 


#2 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 05 September 2013 - 04:44 PM

I also just had my Lenovo Solution Center pop up and ask for an update. I did the update, and when I click on the "Security" tab it says that I have an antivirus installed, but not activated...but I do not know how to activate it.

 

When I open the "Action Center" it says that Windows Defender is turned off. When I click the button that says "Turn On" I just get the hour glass and it does nothing...


Edited by KtrainHurricane, 05 September 2013 - 04:53 PM.


#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 AM

Posted 05 September 2013 - 06:48 PM

Hello and Welcome -

I would take this as a first step ->

Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

How To Temporarily Disable Your Anti-virus, if required only -

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/

iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.

* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

* If not, delete the file, then download and use the one provided in Link 2.

* Do not reboot until instructed.

* Do not reboot your computer after running RKill as the malware programs will start again.

* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.

Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Now follow with this without a reboot > > Please download Malwarebytes Anti-Malware Free (aka MBAM)

* Double-click MBAM -setup.exe and follow the prompts to install the program.

* At the end, be sure to Check for Updates to be so it is current

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Scan, then click Quick Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad.

* Post the log back here.

If you are not sure of any items, post the log and ask if it should be removed.

Be sure to reboot the computer after you post the log.

 

 

Thank You -

EDITED to update links -


Edited by noknojon, 05 September 2013 - 06:59 PM.


#4 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 05 September 2013 - 09:50 PM

 Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.94  
 Mozilla Firefox (23.0.1) 
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#5 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 05 September 2013 - 09:52 PM

Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/05/2013 10:51:33 PM in x64 mode.
Windows Version: Windows 8 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\TpShocks.exe (PID: 5168) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Kevin\Desktop\rkill\rkill-09-05-2013-10-51-37.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/05/2013 10:51:59 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)


#6 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 05 September 2013 - 09:59 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.05.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Kevin :: LENOVO-PC [administrator]
 
9/5/2013 10:53:42 PM
mbam-log-2013-09-05 (22-53-42).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229324
Time elapsed: 4 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\Users\Kevin\AppData\Local\Temp\D726451B-BAB0-7891-8C06-5AFE4A97A58E\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kevin\AppData\Local\Temp\D726451B-BAB0-7891-8C06-5AFE4A97A58E\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Kevin\AppData\Local\Temp\D726451B-BAB0-7891-8C06-5AFE4A97A58E\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kevin\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kevin\AppData\Local\Temp\is357113909\WebConnect.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Users\Kevin\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Kevin\Local Settings\Temporary Internet Files\Content.IE5\B0UBG46C\Setup[1].exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
 
(end)


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 AM

Posted 06 September 2013 - 01:23 AM

PUP.Optional.Babylon.A < < This shows that you have already been browsing and is a minor infection -

Windows Defender MsMpEng.exe < This is your Antivirus and it is activated now -

 

How is the computer now ?

Do you still have any problems still, and what are they ?

 

Thank You -



#8 S3curityPlu5

S3curityPlu5

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 06 September 2013 - 05:32 AM

Sorry to barge in here, I just want to tell Kevin to be very careful when downloading and installing software.  Make sure you always go slow and uncheck any prechecked options to install other software (Like TOOLBARS and the stuff that you had on your "New" computer.  I deal with computers like this all the time with people who just download stuff and do not go slowly and read the installer boxes that pop up and they just install everything bundled with software that they install.. Please please be very careful when you download and install software.  Also I suggest you investigate (by searching Google) and always be sure that you are installing only safe software from the application vendor;s website.  For example, CCleaner should only be installed from Piriform.com website.  When you install software you must be extra careful to read each box that pops up and anytime you see you are given a choice that says Yes install this software and make Babylon Toolbar my default search provider in all browsers., You need to uncheck that box and check NO do not install Babylon toolbar?!! this is the most important thing when you are installing software willy nilly off the internet, Read all the boxes and do not install anything but the software you went looking for,  You do not usually have to choose a box Yes or No for the software you want to install.  They just try to fool you into installing other Crapware before you actually install the program.  I am sorry, it would take a long time to explain this fully, but you really should do research and read the forums on this site as well.  Also, you want to enable Windows Defender to run at Windows Startup, and you want to always be sure it is running and your firewall is enabled!! Good luck

:tophat:



#9 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 06 September 2013 - 03:13 PM

Sorry to barge in here, I just want to tell Kevin to be very careful when downloading and installing software.  Make sure you always go slow and uncheck any prechecked options to install other software (Like TOOLBARS and the stuff that you had on your "New" computer.  I deal with computers like this all the time with people who just download stuff and do not go slowly and read the installer boxes that pop up and they just install everything bundled with software that they install.. Please please be very careful when you download and install software.  Also I suggest you investigate (by searching Google) and always be sure that you are installing only safe software from the application vendor;s website.  For example, CCleaner should only be installed from Piriform.com website.  When you install software you must be extra careful to read each box that pops up and anytime you see you are given a choice that says Yes install this software and make Babylon Toolbar my default search provider in all browsers., You need to uncheck that box and check NO do not install Babylon toolbar?!! this is the most important thing when you are installing software willy nilly off the internet, Read all the boxes and do not install anything but the software you went looking for,  You do not usually have to choose a box Yes or No for the software you want to install.  They just try to fool you into installing other Crapware before you actually install the program.  I am sorry, it would take a long time to explain this fully, but you really should do research and read the forums on this site as well.  Also, you want to enable Windows Defender to run at Windows Startup, and you want to always be sure it is running and your firewall is enabled!! Good luck

:tophat:

 

 

I appreciate the info! I usually do uncheck all the toolbars and what not when downloading something, but that isn't to say it's not possible that I may have missed one...although the only software I have installed on this computer were the anti-virus programs that have been recommended here, and Itunes.

 

As far as the Windows Defender - as I posted above it is not allowing me to activate it. I don't know why...but when I click the "Turn On" button from the Action Center I just get the hour glass, and then it times out.


Edited by KtrainHurricane, 06 September 2013 - 03:13 PM.


#10 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 06 September 2013 - 03:19 PM

PUP.Optional.Babylon.A < < This shows that you have already been browsing and is a minor infection -

Windows Defender MsMpEng.exe < This is your Antivirus and it is activated now -

 

How is the computer now ?

Do you still have any problems still, and what are they ?

 

Thank You -

So what does the "PUP.Optional.Babylon.A" mean? Is it gone now? Or do I need to do something to get rid of it?

 

I haven't really had any "problems" with the computer - I have only had it for about a week and a half or so, so I haven't even had time to experience any problems. The only issue was that my printer wasn't installing...it (the printer) was offline and wasn't being recognized when running the hard disc installation. This is why I originally called Canon tech support, who told me the printer is fine and the network may be corrupted, who then transferred me to a Microsoft tech support representative that told me my network WAS in fact corrupted, which led me to post here.

 

Last night I tried for hours to get the printer to install, but had no luck. I am going to try again now and will post an update later.

 

 

The only other "problem" I have is that every time I open Google Chrome (my main browser), I get a message reading "Google Chrome did not shut down properly last time," giving me the option to Restore my last page. This is very annoying, but I believe it is an entirely different issue...



#11 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 06 September 2013 - 03:46 PM

My Lenovo Solution Center popped up with some update suggestions. It is now showing that my Windows Defender is on. One of the recommended changes is under Device Manager for the "WAN Miniport (Network Monitor) #2"...it is showing that this is Disabled. When I open the Device Manager and click Properties for this, it says "This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)"

 

Could this have to do with why my printer isn't being recognized?



#12 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 06 September 2013 - 04:55 PM

(disregard this post...)


Edited by KtrainHurricane, 06 September 2013 - 05:09 PM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 AM

Posted 06 September 2013 - 06:41 PM

My Lenovo Solution Center popped up with some update suggestions < This will always occur. It is there as a "back-up" to remind you of any errors or actions that are needed.

So what does the "PUP.Optional.Babylon.A" mean < It has been removed by Malwarebytes.

Hi -
First - I would uninstall Google Chrome from Programs and Features. I have seen it cause several browsing problems on Windows 8, so I always remove it, and it runs better.

 

Next - In your Control Panel, look in Printers, and in Device Manager to see if your printer is listed.
What install media did you get with your Printer ? Is there a CD/DVD ? Please read any info with it so you are sure it works with Windows 8.
(printer works with all other computers at my house) < Is there another Windows 8 computer at home ?

If the printer is there then Uninstall it and Reinstall it again - The printer sounds like your only problem, as you currently have no other Operating Problems..

 

Thanks -



#14 KtrainHurricane

KtrainHurricane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 06 September 2013 - 11:50 PM

My Lenovo Solution Center popped up with some update suggestions < This will always occur. It is there as a "back-up" to remind you of any errors or actions that are needed.

So what does the "PUP.Optional.Babylon.A" mean < It has been removed by Malwarebytes.

Hi -
First - I would uninstall Google Chrome from Programs and Features. I have seen it cause several browsing problems on Windows 8, so I always remove it, and it runs better.

 

Next - In your Control Panel, look in Printers, and in Device Manager to see if your printer is listed.
What install media did you get with your Printer ? Is there a CD/DVD ? Please read any info with it so you are sure it works with Windows 8.
(printer works with all other computers at my house) < Is there another Windows 8 computer at home ?

If the printer is there then Uninstall it and Reinstall it again - The printer sounds like your only problem, as you currently have no other Operating Problems..

 

Thanks -

I understand that the Lenovo program will give occasional reminders and suggestions, but I have that one error in the Device Manager (WAN Multipoint) that I do not know how to handle.

 

Are you suggesting I use a browser besides Google Chrome? Or uninstall it then re-install it to see if it cures the "Restore?" problem? I have gotten so used to Chrome that I would prefer not to use another browser if possible.

 

And the printer started working...don't know what I did or what caused it to go, but I have no problems with it anymore so I am leaving that one be. No sense in asking questions!



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 AM

Posted 07 September 2013 - 12:00 AM

Are you suggesting I use a browser besides Google Chrome? < I would remove it Fully -

Windows has installed I.E. 10 as the Default browser for Windows 8 - Try it -

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users