Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: IE Crashes, redirects, Babylon Toolbar problems

  1. #1
    Member
    Join Date
    Apr 2009
    Location
    Fort Collins, CO
    Posts
    32

    Default IE Crashes, redirects, Babylon Toolbar problems

    Hello,

    You helped me get rid of my Babylon Toolbar problem on my laptop, now both the family computers seem to have something wrong.

    Symptoms are that IE will crash when following a link from a page. I use Spybot and it found Babylon Toolbar and tried to remove it. After several attempts, it removed it but the problems still persist.

    First question. I have 2 computers with similar but not exactly the same problem.
    1) Post both in the same thread?
    2) Post each in their own thread at the same time?
    3) Post and fix one then post and fix the other?

    Thanks. Now for the logs.

    DDS Log
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by CrowleyFam at 20:43:35 on 2012-12-28
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.628 [GMT -7:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\lxblcoms.exe
    C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\explorer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
    mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\4.4.0.12\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CouponAmazing: {A2ACB108-446D-4D93-B2F9-998A9534C288} - c:\users\crowleyfam\appdata\local\couponamazing\ie\couponamazing_1355522574.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [GoogleChromeAutoLaunch_B10448EFEB3BD1E026D9BB5AF2D0576B] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [eRecoveryService] <no file>
    StartupFolder: c:\users\crowle~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{BAECE5CD-C4AA-429C-AFD8-EFD154BFC537} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20121228.001\IDSvix86.sys [2012-12-28 386720]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys [2011-10-31 340088]
    R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-3-14 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-16 106656]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca7af2c6045740;Google Update Service (gupdate1ca7af2c6045740);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-19 30192]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-12-28 14:27:04 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8247808-a284-4b7e-b220-96361a11c50d}\mpengine.dll
    2012-12-28 03:31:21 -------- d-----w- c:\windows\ERUNT
    2012-12-28 03:29:30 -------- d-----w- C:\JRT
    2012-12-26 22:20:57 -------- d-----w- c:\windows\system32\Extensions
    2012-12-26 22:20:55 -------- d-----w- c:\windows\system32\searchplugins
    2012-12-26 22:20:24 -------- d-----w- c:\programdata\BrowserProtect
    2012-12-26 22:20:07 -------- d-----w- c:\users\crowleyfam\appdata\roaming\PDFCreatorPackages
    2012-12-26 22:19:32 -------- d-----w- c:\program files\GPLGS
    2012-12-26 22:19:26 -------- d-----w- c:\users\crowleyfam\appdata\local\couponamazing
    2012-12-26 22:19:15 86016 ----a-w- c:\windows\system32\custmon32i.dll
    2012-12-26 22:18:24 -------- d-----w- c:\program files\PDFCreator
    2012-12-23 23:08:18 -------- d-----w- c:\programdata\CanonIJWSpt
    2012-12-23 23:05:01 83968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAQ.DLL
    2012-12-23 23:05:01 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAQ.DLL
    2012-12-23 23:03:53 323584 ----a-w- c:\windows\system32\CNC_AQL.dll
    2012-12-23 23:03:53 286720 ----a-w- c:\windows\system32\CNC_AQC.dll
    2012-12-23 23:03:53 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2012-12-23 23:03:53 114688 ----a-w- c:\windows\system32\CNC_AQU.dll
    2012-12-23 23:03:53 114688 ----a-w- c:\windows\system32\CNC_AQI.dll
    2012-12-23 23:02:51 310272 ----a-w- c:\windows\system32\CNMLMAQ.DLL
    2012-12-23 23:02:34 90112 ----a-w- c:\windows\system32\CNC_AQO.dll
    2012-12-23 23:02:30 184320 ----a-w- c:\windows\system32\CNMIUAQ.DLL
    2012-12-23 17:41:50 117760 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxblpp5c.dll
    2012-12-23 17:35:59 -------- d-----w- C:\drivers
    2012-12-22 10:03:02 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-22 10:03:02 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-15 22:58:12 -------- d-----w- c:\users\crowleyfam\appdata\roaming\Stencyl
    2012-12-15 22:56:44 -------- d-----w- c:\program files\Stencyl
    2012-12-14 10:07:22 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-12-14 10:07:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-12-14 10:07:04 16896 ----a-w- c:\windows\system32\winusb.dll
    2012-12-14 10:07:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-12-14 10:07:02 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-12-14 10:07:02 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-12-14 10:06:59 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-12-14 10:06:59 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-12-14 10:06:51 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-12-14 10:06:51 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-12-14 10:06:50 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2012-12-13 17:04:14 2048000 ----a-w- c:\windows\system32\win32k.sys
    2012-12-13 17:04:13 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-13 17:04:13 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    2012-12-13 17:04:10 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2012-12-13 17:04:02 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 00:54:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-09 00:54:11 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-09 00:54:10 746984 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 20:45:03.45 ===============

    aswMBR
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-28 20:48:46
    -----------------------------
    20:48:46.395 OS Version: Windows 6.0.6002 Service Pack 2
    20:48:46.395 Number of processors: 1 586 0x7F02
    20:48:46.396 ComputerName: CROWLEYFAM-PC UserName: CrowleyFam
    20:48:48.203 Initialize success
    20:50:01.829 AVAST engine defs: 12122801
    20:50:38.897 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
    20:50:38.901 Disk 0 Vendor: Hitachi_ ST1O Size: 152627MB BusType: 6
    20:50:38.918 Disk 0 MBR read successfully
    20:50:38.921 Disk 0 MBR scan
    20:50:38.930 Disk 0 unknown MBR code
    20:50:38.934 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
    20:50:38.958 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
    20:50:38.970 Disk 0 scanning sectors +312579760
    20:50:39.049 Disk 0 scanning C:\Windows\system32\drivers
    20:51:05.987 Service scanning
    20:51:47.667 Modules scanning
    20:52:17.036 Disk 0 trace - called modules:
    20:52:17.061 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    20:52:17.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85412510]
    20:52:17.089 3 CLASSPNP.SYS[87b9e8b3] -> nt!IofCallDriver -> [0x84f10700]
    20:52:17.094 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\00000055[0x841a3ad8]
    20:52:17.679 AVAST engine scan C:\Windows
    20:52:22.337 AVAST engine scan C:\Windows\system32
    20:59:02.625 AVAST engine scan C:\Windows\system32\drivers
    20:59:21.572 AVAST engine scan C:\Users\CrowleyFam
    21:23:07.748 AVAST engine scan C:\ProgramData
    21:41:11.279 Scan finished successfully
    09:01:52.878 Disk 0 MBR has been saved successfully to "C:\Users\CrowleyFam\Desktop\MBR.dat"
    09:01:52.888 The log file has been saved successfully to "C:\Users\CrowleyFam\Desktop\aswMBR.txt"

    I have attached the zip file as requested.

    I can also post the results of the Spybot scans if requested.

    Thanks, John

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and jpc763

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    Please be adviced, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
    This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi jpc763

    First question. I have 2 computers with similar but not exactly the same problem.
    I can clean both machines, but to do them one at a time, when the first is clean, then I can tackle the second

    Also I don't see the Attach.txt

    ===================================================

    Post your Attach.txt than you find in the same location of DDS

    =============================== Next =======================================

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    =============================== Next =======================================

    AdwCleaner

    • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    On your next reply please post :
    • Attach.txt
    • checkup.txt
    • AdwCleaner[S1].txt


    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  4. #4
    Member
    Join Date
    Apr 2009
    Location
    Fort Collins, CO
    Posts
    32

    Default

    OK, I zipped Attach and then forgot to attach it! Sorry.

    Here is the Security Check log:

    Results of screen317's Security Check version 0.99.56
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Norton Security Suite
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 30
    Java 7 Update 9
    Java(TM) 6 Update 5
    Adobe Reader 10.1.2 Adobe Reader out of Date!
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Windows Defender MSASCui.exe
    Windows Defender MSASCui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1 %
    ````````````````````End of Log``````````````````````

    I am posting now and closing Chrome so I can run adwcleaner. I will post that momentarily.

    Thanks, John

  5. #5
    Member
    Join Date
    Apr 2009
    Location
    Fort Collins, CO
    Posts
    32

    Default

    Here are the results of AdwCleaner

    # AdwCleaner v2.104 - Logfile created 12/30/2012 at 17:29:26
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # User : CrowleyFam - CROWLEYFAM-PC
    # Boot Mode : Normal
    # Running from : C:\Users\CrowleyFam\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\928adfe16ee848
    Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Key Deleted : HKLM\SOFTWARE\928adfe16ee848
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\CrowleyFam\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.11] : homepage = "hxxp://search.babylon.com/?affID=110801&tt=5212_7&babsrc=HP_ss&mntrId=b4d6eb49000[...]
    Deleted [l.1546] : homepage = "hxxp://search.babylon.com/?affID=110801&tt=5212_7&babsrc=HP_ss&mntrId=b4d6eb49000000[...]

    *************************

    AdwCleaner[S1].txt - [2415 octets] - [30/12/2012 17:29:26]

    ########## EOF - C:\AdwCleaner[S1].txt - [2475 octets] ##########

  6. #6
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    My response

    Hi jpc763

    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download ComboFix from one of these locations:

    Link 1
    Link 2



    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  7. #7
    Member
    Join Date
    Apr 2009
    Location
    Fort Collins, CO
    Posts
    32

    Default

    Happy New Year!

    Here is the ComboFix log.

    ComboFix 12-12-31.01 - CrowleyFam 12/31/2012 19:11:19.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.657 [GMT -7:00]
    Running from: c:\users\CrowleyFam\Downloads\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\Update.bat
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-01 02:27 . 2013-01-01 02:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-29 03:41 . 2012-12-29 03:42 -------- d-----w- c:\program files\ERUNT
    2012-12-28 14:27 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8247808-A284-4B7E-B220-96361A11C50D}\mpengine.dll
    2012-12-28 03:31 . 2012-12-28 03:31 -------- d-----w- c:\windows\ERUNT
    2012-12-28 03:29 . 2012-12-28 13:55 -------- d-----w- C:\JRT
    2012-12-26 22:20 . 2012-12-26 22:20 -------- d-----w- c:\windows\system32\Extensions
    2012-12-26 22:20 . 2012-12-26 22:20 -------- d-----w- c:\windows\system32\searchplugins
    2012-12-26 22:20 . 2012-12-26 22:20 -------- d-----w- c:\users\CrowleyFam\AppData\Roaming\PDFCreatorPackages
    2012-12-26 22:19 . 2012-12-26 22:19 -------- d-----w- c:\program files\GPLGS
    2012-12-26 22:19 . 2012-12-26 22:20 -------- d-----w- c:\users\CrowleyFam\AppData\Local\couponamazing
    2012-12-26 22:19 . 2011-10-05 05:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
    2012-12-26 22:18 . 2012-12-26 22:18 -------- d-----w- c:\program files\PDFCreator
    2012-12-23 23:08 . 2012-12-23 23:08 -------- d-----w- c:\programdata\CanonIJWSpt
    2012-12-23 23:05 . 2011-05-23 12:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAQ.DLL
    2012-12-23 23:05 . 2011-05-23 12:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAQ.DLL
    2012-12-23 23:03 . 2011-04-27 18:00 323584 ----a-w- c:\windows\system32\CNC_AQL.dll
    2012-12-23 23:03 . 2011-03-31 17:07 114688 ----a-w- c:\windows\system32\CNC_AQU.dll
    2012-12-23 23:03 . 2011-03-31 17:05 286720 ----a-w- c:\windows\system32\CNC_AQC.dll
    2012-12-23 23:03 . 2011-03-31 17:05 114688 ----a-w- c:\windows\system32\CNC_AQI.dll
    2012-12-23 23:03 . 2008-08-26 01:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2012-12-23 23:02 . 2011-05-23 12:00 310272 ----a-w- c:\windows\system32\CNMLMAQ.DLL
    2012-12-23 23:02 . 2010-11-18 15:15 90112 ----a-w- c:\windows\system32\CNC_AQO.dll
    2012-12-23 23:02 . 2011-02-03 09:20 184320 ----a-w- c:\windows\system32\CNMIUAQ.DLL
    2012-12-23 17:41 . 2007-03-23 09:10 117760 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxblpp5c.dll
    2012-12-23 17:35 . 2012-12-23 17:35 -------- d-----w- C:\drivers
    2012-12-22 10:03 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-22 10:03 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-15 22:58 . 2012-12-16 02:44 -------- d-----w- c:\users\CrowleyFam\AppData\Roaming\Stencyl
    2012-12-15 22:56 . 2012-12-16 01:12 -------- d-----w- c:\program files\Stencyl
    2012-12-14 10:07 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-12-14 10:07 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-12-14 10:07 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-12-14 10:07 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
    2012-12-14 10:07 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-12-14 10:07 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-12-14 10:06 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-12-14 10:06 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-12-14 10:06 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-12-14 10:06 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-12-14 10:06 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2012-12-13 17:04 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
    2012-12-13 17:04 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-13 17:04 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    2012-12-13 17:04 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2012-12-13 17:04 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-14 23:49 . 2011-06-13 03:07 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-09 00:54 . 2012-11-09 00:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-09 00:54 . 2012-11-09 00:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-09 00:54 . 2010-11-27 15:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
    "GoogleChromeAutoLaunch_B10448EFEB3BD1E026D9BB5AF2D0576B"="c:\program files\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
    "Skytel"="Skytel.exe" [2008-07-23 1826816]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2565520]
    .
    c:\users\CrowleyFam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 06:17]
    .
    2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 06:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-eRecoveryService - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-31 19:28
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2012-12-31 19:32:37
    ComboFix-quarantined-files.txt 2013-01-01 02:32
    .
    Pre-Run: 36,603,080,704 bytes free
    Post-Run: 36,707,987,456 bytes free
    .
    - - End Of File - - 99371C982D609B4363E97D20F6B32FA2

  8. #8
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi jpc763

    Happy new year

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.


    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Select Uninstall application on close check box and push


    Please let me know how your pc is running now and if there are any outstanding issues


    On your next reply please post :
    • Malwarebytes report
    • Eset result

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  9. #9
    Member
    Join Date
    Apr 2009
    Location
    Fort Collins, CO
    Posts
    32

    Default

    It appears that all of the problems are gone. IE and Chrome seem to be working normally now. Thanks!!!!

    Here is the MalwareBytes report
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.01.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    CrowleyFam :: CROWLEYFAM-PC [administrator]

    1/1/2013 11:15:02 AM
    mbam-log-2013-01-01 (11-15-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208049
    Time elapsed: 9 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Here is the ESET report
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=6c5d035362d2724cb0f453ea54461684
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2013-01-01 09:41:16
    # local_time=2013-01-01 02:41:16 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=5892 16776573 100 100 0 193684048 0 0
    # scanned=251004
    # found=0
    # cleaned=0
    # scan_time=8449
    esets_scanner_update returned -1 esets_gle=53251
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=6c5d035362d2724cb0f453ea54461684
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2013-01-02 12:00:44
    # local_time=2013-01-01 05:00:44 (-0700, Mountain Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=5892 16776573 100 100 0 193692416 0 0
    # scanned=250978
    # found=0
    # cleaned=0
    # scan_time=7849

  10. #10
    Member
    Join Date
    Apr 2009
    Location
    Fort Collins, CO
    Posts
    32

    Default

    Hello,

    Are we done at this point with this computer?

    Thanks again for all of your help!

    John

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •