Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

kernel stack crashes during scans and backups help!!


  • Please log in to reply
13 replies to this topic

#1 librasentertainment

librasentertainment

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 04 July 2013 - 03:04 PM

My computer only crashes if I run a malwarebytes scan, avast scan or try to backup files. My computer slows down everytime I get an unresponsive plugin or scripts message when I am on the internet. Someone has tried to log into my facebook account and my email so I figured that maybe I had been hacked but other than that I never really notice any problems. Here are the logs for the DDS scan. It did allow me to do that. Please let me know if I can help you with anything else!

 

 

Also I forgot to mention the kernel stack errors that I got were x0000007 and x0000007e I think. I may have messed up the zeros.

 

DDS:

 

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.25.2
Run by bestbuy at 14:37:20 on 2013-07-04
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1014.166 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112854&tt=010812_hpdel_3112_1&babsrc=HP_ss&mntrId=64c34f10000000000000001b778e716f
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6822
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6822
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6822
uURLSearchHooks: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} -
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No File
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.29.1\bh\BabylonToolbar.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.29.1\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "c:\users\bestbuy\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: go.com\community.abcfamily
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{876F1865-E9B2-492C-9E68-23F446C5AB61} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DfLogon - LogonDll.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bestbuy\appdata\roaming\mozilla\firefox\profiles\4uhirxrd.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\users\bestbuy\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\bestbuy\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\bestbuy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112854&tt=010812_hpdel_3112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 64c34f10000000000000001b778e716f
FF - user.js: extensions.BabylonToolbar.instlDay - 15555
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:29:16
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-4 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-4 175176]
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2013-7-3 14080]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-4 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-4 369584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-4 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-4 66336]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2009-1-10 300544]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2012-7-5 33792]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-1 40776]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2009-1-22 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2009-1-22 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2009-1-22 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2009-1-22 90880]
.
=============== Created Last 30 ================
.
2013-07-04 17:08:30    740840    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ba7928ed-b418-403e-aa45-504f2ad0ab59}\gapaengine.dll
2013-07-04 07:58:14    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-07-04 07:58:14    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-07-04 07:58:14    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-04 07:58:11    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-07-04 07:55:09    41664    ----a-w-    c:\windows\avastSS.scr
2013-07-04 07:53:22    --------    d-----w-    c:\program files\AVAST Software
2013-07-04 07:43:15    --------    d-----w-    c:\programdata\AVAST Software
2013-07-04 02:56:30    740840    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{4d8f5227-970a-4d53-b605-1ae5ddabd6f5}\gapaengine.dll
2013-07-03 23:41:45    --------    d-----w-    c:\users\bestbuy\appdata\roaming\DiskDefrag
2013-07-03 22:33:54    14080    ----a-w-    c:\windows\system32\drivers\BootDefragDriver.sys
2013-07-03 22:33:54    101664    ----a-w-    c:\windows\system32\BootDefrag.exe
2013-07-03 05:27:58    1650992    ----a-w-    c:\program files\mozilla firefox\plugins\npdivx32.dll
2013-07-03 05:26:48    --------    d-----w-    c:\programdata\GlarySoft
2013-07-03 05:18:53    --------    d-----w-    c:\program files\Glary Utilities 3
2013-07-02 07:43:32    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{fb238c46-e13a-4256-a836-30682ba38f84}\offreg.dll
2013-07-02 06:54:37    7068072    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{fb238c46-e13a-4256-a836-30682ba38f84}\mpengine.dll
2013-07-01 20:53:46    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-01 06:40:49    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-07-01 06:40:49    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-07-01 06:40:49    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-07-01 06:40:49    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-07-01 06:40:49    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-07-01 06:00:16    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-01 05:40:42    7068072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{cfacbd81-a923-47d7-b8a7-60415be3e7ce}\mpengine.dll
2013-06-12 03:19:07    914792    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-12 03:19:07    31232    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-06-12 03:19:00    443904    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-12 03:18:59    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-06-12 03:18:50    3603832    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-12 03:18:49    3551096    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-12 03:16:00    812544    ----a-w-    c:\windows\system32\certutil.exe
2013-06-12 03:15:59    985600    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-12 03:15:59    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-12 03:15:59    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-12 03:15:58    41984    ----a-w-    c:\windows\system32\certenc.dll
2013-06-12 03:13:20    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
.
==================== Find3M  ====================
.
2013-07-01 05:59:38    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-01 05:59:37    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-12 03:36:00    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-12 03:35:59    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 22:39:39    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-16 22:28:26    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-05-16 22:27:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-16 22:16:57    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 08:59:12    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-04-15 14:20:04    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-04-09 01:36:18    2049024    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 14:40:45.74 ===============
 

Attached Files


Edited by librasentertainment, 04 July 2013 - 03:07 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 08 July 2013 - 07:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review. Please restart the computer before running this tool.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 librasentertainment

librasentertainment
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 10 July 2013 - 05:32 AM

ok I hope this turned out correct. I could barely get my computer to function to even check my email.

 

 

adwcleanser:

 

# AdwCleaner v2.304 - Logfile created 07/10/2013 at 03:27:07
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : bestbuy - AR2J401PP5
# Boot Mode : Normal
# Running from : C:\Users\bestbuy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\MacroGaming
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\bestbuy\AppData\Local\APN
Folder Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde
Folder Deleted : C:\Users\bestbuy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\bestbuy\AppData\Roaming\BabylonToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\SWEETIE
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112854&tt=010812_hpdel_3112_1&babsrc=HP_ss&mntrId=64c34f10000000000000001b778e716f --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\bestbuy\AppData\Roaming\Mozilla\Firefox\Profiles\4uhirxrd.default\prefs.js

C:\Users\bestbuy\AppData\Roaming\Mozilla\Firefox\Profiles\4uhirxrd.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "64c34f10000000000000001b778e716f");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15555");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112854&tt=010812_hpdel_3112_1");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.112:29:16");
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B20a82645-c095-46ed-80e3[...]

-\\ Google Chrome v28.0.1500.71

File : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.392] : homepage = "hxxp://search.babylon.com/?affID=112854&tt=010812_hpdel_3112_1&babsrc=HP_ss&mntrId=6[...]
Deleted [l.622] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112854&tt=010812_hpdel_3112_[...]

*************************

AdwCleaner[S1].txt - [13865 octets] - [10/07/2013 03:27:07]

########## EOF - C:\AdwCleaner[S1].txt - [13926 octets] ##########
 

 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.3 (07.09.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by bestbuy on Wed 07/10/2013 at  3:43:29.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3F4FD92E-0C84-4452-94DC-A7095EF1642B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"



~~~ FireFox

Successfully deleted: [File] "C:\Users\bestbuy\AppData\Roaming\mozilla\firefox\profiles\4uhirxrd.default\extensions\DivXWebPlayer@divx.com.xpi"
Emptied folder: C:\Users\bestbuy\AppData\Roaming\mozilla\firefox\profiles\4uhirxrd.default\minidumps [97 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\bestbuy\appdata\local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/10/2013 at  3:49:43.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

combofix:

 

ComboFix 13-07-09.01 - bestbuy 07/10/2013   4:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1014.258 [GMT -5:00]
Running from: c:\users\bestbuy\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
c:\program files\INSTALL.LOG
c:\windows\system32\AutoRun.inf
c:\windows\TEMP\sig9C52.tmp
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))
.
.
2013-07-10 09:41 . 2012-12-20 20:46    740840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23C5D915-F10F-4981-8EEF-CC31CE5D1BD3}\gapaengine.dll
2013-07-10 09:36 . 2013-07-10 09:36    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-07-10 09:36 . 2013-07-10 09:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-10 09:35 . 2013-07-10 09:35    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-07-10 09:35 . 2013-07-10 09:35    --------    d-----w-    c:\users\Experience\AppData\Local\temp
2013-07-10 08:43 . 2013-07-10 08:43    --------    d-----w-    c:\windows\ERUNT
2013-07-10 08:37 . 2012-12-20 20:46    740840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5307E1B-E679-4B16-924B-407A7A489ADF}\gapaengine.dll
2013-07-10 08:24 . 2013-06-12 04:18    7068072    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3333294A-FEEA-4EB9-9B64-718128615727}\mpengine.dll
2013-07-04 07:58 . 2013-05-09 08:59    29816    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-07-04 07:58 . 2013-07-04 07:58    369584    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-07-04 07:58 . 2013-05-09 08:59    56080    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-07-04 07:58 . 2013-05-09 08:59    49760    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-07-04 07:58 . 2013-07-04 07:58    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-07-04 07:58 . 2013-07-04 07:58    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-04 07:58 . 2013-05-09 08:59    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-07-04 07:58 . 2013-05-09 08:59    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-07-04 07:58 . 2013-05-09 08:58    229648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-07-04 07:55 . 2013-05-09 08:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-07-04 07:53 . 2013-07-04 07:53    --------    d-----w-    c:\program files\AVAST Software
2013-07-04 07:43 . 2013-07-04 07:53    --------    d-----w-    c:\programdata\AVAST Software
2013-07-04 00:02 . 2013-07-04 00:02    --------    d-----w-    c:\programdata\NVIDIA
2013-07-03 23:41 . 2013-07-03 23:41    --------    d-----w-    c:\users\bestbuy\AppData\Roaming\DiskDefrag
2013-07-03 22:33 . 2013-06-25 08:20    101664    ----a-w-    c:\windows\system32\BootDefrag.exe
2013-07-03 22:33 . 2013-04-24 06:52    14080    ----a-w-    c:\windows\system32\drivers\BootDefragDriver.sys
2013-07-03 05:26 . 2013-07-03 05:26    --------    d-----w-    c:\programdata\GlarySoft
2013-07-03 05:18 . 2013-07-04 02:14    --------    d-----w-    c:\program files\Glary Utilities 3
2013-07-01 06:40 . 2013-07-01 06:40    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-01 06:40 . 2013-07-01 06:40    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-01 06:40 . 2013-07-01 06:40    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-01 06:40 . 2013-07-01 06:40    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-01 06:40 . 2013-07-01 06:40    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-01 06:39 . 2013-07-01 06:40    --------    d-----w-    c:\program files\QuickTime
2013-07-01 06:00 . 2013-07-01 05:59    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-01 05:40 . 2013-06-12 02:18    7068072    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFACBD81-A923-47D7-B8A7-60415BE3E7CE}\mpengine.dll
2013-06-12 03:19 . 2013-05-08 03:40    914792    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-12 03:19 . 2013-05-08 01:58    31232    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-06-12 03:19 . 2013-05-02 04:04    443904    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-12 03:18 . 2013-05-02 04:03    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-06-12 03:18 . 2013-05-02 22:03    3603832    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-12 03:18 . 2013-05-02 22:03    3551096    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-12 03:16 . 2013-04-24 01:46    812544    ----a-w-    c:\windows\system32\certutil.exe
2013-06-12 03:15 . 2013-04-24 04:00    985600    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-12 03:15 . 2013-04-24 04:00    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-12 03:15 . 2013-04-24 04:00    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-12 03:15 . 2013-04-24 04:00    41984    ----a-w-    c:\windows\system32\certenc.dll
2013-06-12 03:13 . 2013-04-17 12:30    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 05:59 . 2012-06-22 23:41    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-01 05:59 . 2010-07-14 22:01    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-12 03:36 . 2012-04-02 23:15    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-12 03:35 . 2011-08-12 08:08    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 02:18 . 2011-12-31 17:39    7068072    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2013-05-02 15:28 . 2009-10-02 22:27    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-15 05:46    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 05:46    37376    ----a-w-    c:\windows\system32\cdd.dll
2009-05-01 21:02 . 2013-07-03 05:27    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2013-07-03 05:28    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-09-03 18:19 . 2013-07-03 05:27    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]
"Facebook Update"="c:\users\bestbuy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-26 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile webConnect Manager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 17:09    63712    ----a-w-    c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-10-26 02:20    138096    ----atw-    c:\users\bestbuy\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22    3739648    ----a-w-    c:\users\bestbuy\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 05:30    421776    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 19:50    887432    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 19:50    532040    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-01-08 06:47    107000    ----a-w-    c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-07-27 01:48    405504    ----a-w-    c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
2007-07-13 04:27    5252936    ----a-w-    c:\program files\Spare Backup\SpareBackup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 12:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-26 14:34    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"UVCSti"="f:\studio.vs\UVCSti.exe"
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
"Persistence"="c:\windows\system32\igfxpers.exe"
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
"IgfxTray"="c:\windows\system32\igfxtray.exe"
"RunUVC"="f:\studio.vs\RUNUVC.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-10 06:58    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:36]
.
2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954648031-419757427-2791540538-1000Core.job
- c:\users\bestbuy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26 02:20]
.
2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954648031-419757427-2791540538-1000UA.job
- c:\users\bestbuy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26 02:20]
.
2013-07-10 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-06-25 09:04]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-09 04:20]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc09e955a59139.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-09 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6822
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: go.com\community.abcfamily
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
FF - ProfilePath - c:\users\bestbuy\AppData\Roaming\Mozilla\Firefox\Profiles\4uhirxrd.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-07-04 02:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
Notify-DfLogon - LogonDll.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Google Update - c:\users\bestbuy\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-OfficeScanNT Monitor - c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe
AddRemove-InterAct Math Plugin - c:\program files\Intellipro
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-07-10  04:53:18 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-10 09:52
.
Pre-Run: 155,335,614,464 bytes free
Post-Run: 155,060,211,712 bytes free
.
- - End Of File - - E87E19F0D73F464D6E53EA9F48020CC0
5C616939100B85E558DA92B899A0FC36
 

 

 

checkup:

 

 Results of screen317's Security Check version 0.99.68  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Antivirus                
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player     11.7.700.224  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0)
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.71  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Client Antimalware NisSrv.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 10 July 2013 - 08:54 AM

Looking better.

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know what problem persists.

#5 librasentertainment

librasentertainment
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 10 July 2013 - 05:37 PM

I am doing the things you asked now, but I forgot to let you know that I got another blue screen during an avast scan again. it mentioned checking installed software. the scan said it had made it to 80% then dropped back down to 50 again then crashed. I have not tried to do a malwarebytes scan yet.

 

 

update: adobe flashplayer update installed. the adobe reader said that it is already installed. I think that is the one that I had issues with recently. I was told by firefox that it needed to be updated but the link that is available for the newer version takes you to an older one. the one the link sent me to is adobe reader 10.1.4 I have 10.1.7.

 

My computer is also saying I have updates to install. Do I need to do those now?


Edited by librasentertainment, 10 July 2013 - 05:45 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 11 July 2013 - 07:19 AM

Download Revo Uninstaller and remove any programs you are having difficulties in completing the removal using the Add/Remove Programs list.

Download and run this Revo Uninstaller and delete the Adove Reader
You can download the tool from here.
http://majorgeeks.com/Revo_Uninstaller_d5706.html

When done restart the computer normally.

Insall the latest version of the Reader.
===

If all goes well, do the same with the Flash program.
Remove it, restart the computer and get the new version.
===

Keep me posted.

#7 librasentertainment

librasentertainment
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 11 July 2013 - 11:39 AM

I do not see any old versions of adobe reader to get rid of. But how is it saying that my version is old if my version is higher than the one you sent me? are there any other programs that I need to get rid of? I am still getting the script errors anytime I am online.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 12 July 2013 - 07:24 AM

Please run the SecurityCheck tool one more time.
Post the log.

If the versions of Flash or the Reader reported are older than the ones installed please let me know the versions you have.

I will report this to the owner of the tool.
It may just be that the tools has to be updated.
===

Are you still getting this error?

Cause of STOP 0x00000007 Errors
STOP 0x00000007 errors are likely caused by hardware or device driver issues.

Source: http://pcsupport.about.com/od/findbyerrormessage/a/stop0x00000007.htm

===
 

I am still getting the script errors anytime I am online.

Can you post the exact error message it may help in identifying the culprit.

Also are these error occuring in all you browsers?

#9 librasentertainment

librasentertainment
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 12 July 2013 - 11:15 PM

I am still trying to find out about the other requests but here are the scan results.

 

 

Results of screen317's Security Check version 0.99.68  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus                
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Client Antimalware NisSrv.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 13 July 2013 - 06:15 AM

Remove this old version of Adobe Reader 9 using the Add/Remove Programs list.
Restart the computer normally.

Keep me posted on the other issues.

#11 librasentertainment

librasentertainment
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 18 July 2013 - 02:48 PM

I deleted the older version of adobe reader 9. I am still getting script errors popping up during the time I use the internet. I have not ran another scan today to see if it still crashes. does it matter if I try avast or malarebytes?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 19 July 2013 - 05:59 AM

I am still getting script errors popping up during the time I use the internet.

What is the exact error message.

You can run Malwarebytes any time you like.

You can certainly make a scan with AVAST.

#13 librasentertainment

librasentertainment
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 24 July 2013 - 01:42 AM

I tried scanning with avast and it crashed. Kernel stack inpage error 0x33499000 with a software or hardware need to be checked type of error. There is also 0x00000077, 0x0000056, 0x00000056, and 0x00000000.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 AM

Posted 24 July 2013 - 08:42 AM

Looks like you have some Hardware or driver issues.

The KERNEL_STACK_INPAGE_ERROR bug check has a value of 0x00000077
http://kernelstackinpageerror.blogspot.ca/2012/04/how-to-fix-stop-0x00000077-or-stop-0x77.html

This is not my forte, I suggest you start a new topic in the Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html

An expert in that field should be able to help you better than I can.

I will keep this topic open for 5 days, should you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users