Author Topic: baidubar removal still hasnt worked  (Read 2472 times)

Offline zone12

  • Full Member
  • ***
  • Posts: 169
  • Gender: Male
    • Personal Message (Offline)
baidubar removal still hasnt worked
« on: January 22, 2009, 01:52:48 AM »
Hi guys I ve been trying to still remove this one piece of Adware but nothing is working does anyone know of something that is able to remove this I've tryed malware's bytes ,Spybot,super anti, hijackthis,freefixer
it seems to be rewrighting its self and it made freefixer delete other things instead. Hijackthis just couldnt do it. I tryed to delete its reg but regedit just freezes up upon trying.every scaner just froze up
Reformat is a always a fallback, restore disk is however better than a disk partion

Offline zone12

  • Full Member
  • ***
  • Posts: 169
  • Gender: Male
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #1 on: January 22, 2009, 01:55:13 AM »
I hvnt tryied an avast full scan but it might just fight that off too would a bo0t scan work?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:35 ??, on 2009-1-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
Reformat is a always a fallback, restore disk is however better than a disk partion

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #2 on: January 22, 2009, 01:55:31 AM »
Have you tried scanning in safe mode?

Quote
every scaner just froze up

If the malicious software is running, it will prevent the scanners from doing their job.  Scanning in safe mode would be the best bet.

Also, have Avast do a boot time scan.

Let us know, and good luck!
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline zone12

  • Full Member
  • ***
  • Posts: 169
  • Gender: Male
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #3 on: January 22, 2009, 01:56:11 AM »
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-220523388-1292428093-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'xzhou')
O4 - HKUS\S-1-5-21-220523388-1292428093-725345543-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'xzhou')
O4 - HKUS\S-1-5-21-220523388-1292428093-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'YanGao')
O4 - S-1-5-21-220523388-1292428093-725345543-1004 Startup: Æô¶¯·ÉËÙÍÁ¶¹.lnk = ? (User 'xzhou')
O4 - S-1-5-21-220523388-1292428093-725345543-1004 User Startup: Æô¶¯·ÉËÙÍÁ¶¹.lnk = ? (User 'xzhou')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: ????5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ????5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP M1319 Receive Fax Service (HPM1319RcvFaxSrvc) - Marvell - C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe

--
End of file - 9576 bytes
Reformat is a always a fallback, restore disk is however better than a disk partion

Offline zone12

  • Full Member
  • ***
  • Posts: 169
  • Gender: Male
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #4 on: January 22, 2009, 01:56:58 AM »
How do I boot up this Xp hp compaq in safe mode?
Reformat is a always a fallback, restore disk is however better than a disk partion

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #5 on: January 22, 2009, 01:58:10 AM »
All windows computers are the same.  Right before getting the Windows boot screen, hit F8.  You should then be able to select safe mode as your choice.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #6 on: January 22, 2009, 02:04:43 AM »
I just clicked on recent posts from you, and it seems like you've been having problems with this computer for QUITE some time.  Have you ever thought about a complete system reinstall?  You might be better off.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #7 on: January 22, 2009, 02:07:57 AM »
Nevermind, I think they were previous problems.  Just do the safe mode scans, you should be ok after that
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline Spiritsongs

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1761
  • Ad-aware orientated Support forum(s)
    • Personal Message (Offline)
Out-of-date Java, etc
« Reply #8 on: January 22, 2009, 06:28:29 AM »
 :)  Hi :

 According to your HijackThis Log, you seem to have multiple, old "Versions/
 Updates" of Java, a serious security risk . Should ONLY have 1 "Version/
 Update" of Java on a computer. Therefore, I recommend you use the FREE
 "JavaRa" from http://raproducts.org .

 I noticed "Orbit Downloader" in your Log; are you aware this program is on
 your computer ? IF yes, what do you know about this program AND by what
 "means" was this program downloaded to your computer ? Do you know this
 program has P2P "capabilities", which MAY QUADRUPLE your chances of
 getting malware on your computer ?
« Last Edit: January 22, 2009, 06:43:41 AM by Spiritsongs »
For the Best in what counts in Life :
www.tacf.org

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69207
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: baidubar removal still hasnt worked
« Reply #9 on: January 22, 2009, 03:40:06 PM »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: baidubar removal still hasnt worked
« Reply #10 on: January 22, 2009, 05:19:10 PM »
Alternatively, you can change your IE settings to not use any third-party toolbars.

Tools > Internet Options.

Click the "Advanced" Tab.  Uncheck "Enable Third-Party Browser Extensions."

I also like to check "Empty Temporary Internet Files When Browser is Closed" as well, just to delete any bad programs if they are saved to the disk after web browsing.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline zone12

  • Full Member
  • ***
  • Posts: 169
  • Gender: Male
    • Personal Message (Offline)
Re: Out-of-date Java, etc
« Reply #11 on: January 25, 2009, 06:51:13 PM »
:)  Hi :

 According to your HijackThis Log, you seem to have multiple, old "Versions/
 Updates" of Java, a serious security risk . Should ONLY have 1 "Version/
 Update" of Java on a computer. Therefore, I recommend you use the FREE
 "JavaRa" from http://raproducts.org .

 I noticed "Orbit Downloader" in your Log; are you aware this program is on
 your computer ? IF yes, what do you know about this program AND by what
 "means" was this program downloaded to your computer ? Do you know this
 program has P2P "capabilities", which MAY QUADRUPLE your chances of
 getting malware on your computer ?


Yeah I know I have orbit i use it for Dling youtube vids and It seems that this bar has something that rewrites its self
Reformat is a always a fallback, restore disk is however better than a disk partion

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now