Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

babylon Popup Virus

This is a discussion on babylon Popup Virus within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi all my problem is, when im on my comp, i get this annoying pop-up page called 'babylon' ive tried


Reply
 
Thread Tools Search this Thread
Old 11-20-2011, 10:12 AM   #1
Registered Member
 
illuminati's Avatar
 
Join Date: Mar 2008
Location: liverpool,uk
Posts: 308
OS: windows 7 service pack 1


Twisted

Hi all my problem is, when im on my comp, i get this annoying pop-up page called 'babylon' ive tried deleting it but it wont go, i even went into my comp and tried to get rid of it in program files, please help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by rita at 18:05:06 on 2011-11-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1013.186 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe
C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\TELEVI~2\bar\1.bin\64medint.exe
C:\PROGRA~1\TELEVI~2\bar\1.bin\64medint.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredimail.com/mb89?a=6PQcTADRxU
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=adknlg&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: {adecbed6-0366-4377-a739-e69dfba04663} - Catcher Class
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Facebook Update] "c:\users\rita\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TelevisionFanatic Search Scope Monitor] "c:\progra~1\televi~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
mRun: [TelevisionFanatic Browser Plugin Loader] c:\progra~1\televi~2\bar\1.bin\64brmon.exe
StartupFolder: c:\users\rita\appdata\roaming\microsoft\windows\start menu\programs\startup\TalkTalk Setup CD Reporting Tool.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D6A8D459-3764-4690-B17B-A7A14A6DF796} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rita\appdata\roaming\mozilla\firefox\profiles\mr3y41lr.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30054&client_id=f79898f8a8b652526cb824d7&camp_id=17&install_time=2011-11-05T22:40:53Z&pr=auto&tb_version=1.0.11000(G)&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\soccerinfernoei\installr\2.bin\NPj2EISb.dll
FF - plugin: c:\program files\televisionfanatic\bar\1.bin\NP64Stub.dll
FF - plugin: c:\users\rita\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - f1f069ad-4f03-4102-bdae-2d1fc3b15adc
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl7940929b;MpKsl7940929b;c:\programdata\microsoft\microsoft antimalware\definition updates\{fdc92bd4-88fa-4c85-bbac-84a4391c80ec}\MpKsl7940929b.sys [2011-11-20 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2011-11-20 42504]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-9-8 1500160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 136176]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-29 1343400]
.
=============== Created Last 30 ================
.
2030-08-29 13:22:31 56832 ------w- c:\windows\system32\iyvu9_32.dll
2030-08-29 13:22:31 143872 ------w- c:\windows\system32\iacenc.dll
2011-11-20 15:31:45 -------- d-----w- c:\program files\TelevisionFanatic
2011-11-20 15:31:18 -------- d-----w- c:\program files\TelevisionFanaticEI
2011-11-20 15:08:40 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fdc92bd4-88fa-4c85-bbac-84a4391c80ec}\MpKsl7940929b.sys
2011-11-20 15:08:38 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fdc92bd4-88fa-4c85-bbac-84a4391c80ec}\offreg.dll
2011-11-20 13:02:35 -------- d-----w- c:\users\rita\appdata\roaming\Malwarebytes
2011-11-20 13:02:26 -------- d-----w- c:\programdata\Malwarebytes
2011-11-20 09:18:34 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fdc92bd4-88fa-4c85-bbac-84a4391c80ec}\mpengine.dll
2011-11-19 14:07:56 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-11-19 05:47:38 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-17 20:24:11 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8b650cf-db34-444e-9fae-884dd0312343}\gapaengine.dll
2011-11-17 20:22:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-17 20:14:10 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7a881a2b-3607-4834-a911-710df7594f0f}\mpengine.dll
2011-11-17 20:14:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-17 14:04:32 -------- d-----w- c:\program files\iPod
2011-11-17 14:04:22 -------- d-----w- c:\program files\iTunes
2011-11-15 08:03:27 -------- d-----w- C:\found.004
2011-11-10 12:34:33 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2011-11-09 15:11:44 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:11:43 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 15:11:42 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 15:55:58 -------- d-----w- c:\users\rita\appdata\roaming\Systweak
2011-11-07 15:55:54 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-05 15:34:50 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-11-05 15:34:49 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-05 15:11:22 -------- d-----w- c:\users\rita\appdata\local\Apple Computer
2011-11-05 15:10:19 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-05 15:09:27 -------- d-----w- c:\users\rita\appdata\local\Apple
2011-11-05 15:08:14 -------- d-----w- c:\program files\Bonjour
2011-10-30 16:56:11 -------- d-----w- c:\program files\MyWebSearch
2011-10-30 16:55:42 -------- d-----w- c:\program files\FunWebProducts
2011-10-30 10:09:15 -------- d-----w- c:\users\rita\appdata\roaming\AVG
2011-10-22 21:47:59 -------- d-sh--w- C:\found.003
2011-10-22 07:17:52 -------- d-----w- c:\program files\VideoLAN
2011-10-22 07:17:07 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-10-22 07:17:04 -------- d-----w- c:\programdata\Tarma Installer
2011-10-22 07:16:23 -------- d-----w- c:\program files\Photo Notifier and Animation Creator
2011-10-22 07:16:22 -------- d-----w- c:\programdata\Photo Notifier and Animation Creator
2011-10-22 07:16:06 -------- d-----w- c:\program files\Conduit
2011-10-22 07:16:05 -------- d-----w- c:\users\rita\appdata\local\Conduit
2011-10-22 07:15:13 -------- d-----w- c:\users\rita\appdata\local\IM
2011-10-22 07:14:54 -------- d-----w- c:\programdata\IncrediMail
2011-10-22 07:14:54 -------- d-----w- c:\programdata\IM
.
==================== Find3M ====================
.
2011-11-10 08:05:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-30 23:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-29 08:00:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-26 15:15:45 201821 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
.hope this helps
============= FINISH: 18:05:59.16 ===============

__________________
illuminati is offline   Reply With Quote
Old 11-21-2011, 07:57 AM   #2
Registered Member
 
illuminati's Avatar
 
Join Date: Mar 2008
Location: liverpool,uk
Posts: 308
OS: windows 7 service pack 1



thanks for all you help its gone phew!
__________________
illuminati is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
PLEASE HELP Stubborn Malware
Hey, early this week these messages from a fake program called Security Guard 2012 started popping up, it wanted me to pay for it and it made fake blue screens and reboot screens..it also redirected sites sometimes, didn't let me use certain programs, wouldn't let McAfee Real-Time scanning stay on...
Mike_Jack's_Gal Inactive Malware Help Topics 16 10-28-2011 04:17 PM
Unknown threat...
Yesterday i've searched for a cooking recipe on a russian website and when i clicked on a link that Google showed me as a search result i found out that my antivirus (Avira) found something like JAVA/Exdoer.BV then antivirus sent it to quarantine and deleted. When i closed and reenter Firefox i...
Alonzo Resolved HJT Threads 24 06-18-2011 12:22 PM
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:29 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts