Cannot run malwarebytes scan; internet not repsonding

[Jcornell16]

Here is the log.....

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/05/2013 04:04:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/05/2013 04:04:16 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

 

[Jcornell16]

I got all the way thru the scan and removed the 2 items successfully. Now what? I am just leaving the computer in this safe mode until further instruction. Here is the Malwarebytes log:


Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.04.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Bobnjill :: BOBNJILL-PC [administrator]

Protection: Disabled

5/5/2013 4:07:15 PM
mbam-log-2013-05-05 (16-07-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255804
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceTheme) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Fiery]

Hmm, while you are in safe mode and can run programs, let's run a few more.

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[Jcornell16]

I shut it down last night. Should I reboot into safe mode with networking again?

 

[Jcornell16]

I just restarted into safe mode and am following your instructions. Will reply when done. Thanks.

 

[Jcornell16]

ADW cleaner:

# AdwCleaner v2.300 - Logfile created 05/06/2013 at 14:30:23
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bobnjill - BOBNJILL-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Bobnjill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZCBAHCD\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\user.js
File Found : C:\Users\Bobnjill\AppData\Roaming\Mozilla\Firefox\Profiles\bk6s3qmz.default\bprotector_extensions.sqlite
File Found : C:\Users\Bobnjill\AppData\Roaming\Mozilla\Firefox\Profiles\bk6s3qmz.default\bprotector_prefs.js
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\Program Files (x86)\Playbryte
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\Bobnjill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\Bobnjill\AppData\Local\Wajam
Folder Found : C:\Users\Bobnjill\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Bobnjill\AppData\LocalLow\Playbryte
Folder Found : C:\Users\Bobnjill\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Bobnjill\AppData\Roaming\Babylon
Folder Found : C:\Users\Bobnjill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\584dedfb73de549
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\TBSB07898
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\Playbryte
Key Found : HKLM\SOFTWARE\Wow6432Node\584dedfb73de549
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4172460906-4023658582-3327891391-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKU\S-1-5-21-4172460906-4023658582-3327891391-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4172460906-4023658582-3327891391-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-4172460906-4023658582-3327891391-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=93b2267b-97cb-4d3e-9ac7-227b3c001e5b&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=93b2267b-97cb-4d3e-9ac7-227b3c001e5b&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=93b2267b-97cb-4d3e-9ac7-227b3c001e5b&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=93b2267b-97cb-4d3e-9ac7-227b3c001e5b&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=93b2267b-97cb-4d3e-9ac7-227b3c001e5b&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Bobnjill\AppData\Roaming\Mozilla\Firefox\Profiles\bk6s3qmz.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");

*************************

AdwCleaner[R1].txt - [17103 octets] - [06/05/2013 14:30:23]

########## EOF - C:\AdwCleaner[R1].txt - [17164 octets] ##########

 

[Jcornell16]

Malwarebytes anti root kit found no malware.

 

[Jcornell16]

Rogue Killer report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Bobnjill [Admin rights]
Mode : Remove -- Date : 05/06/2013 14:36:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][Rogue.AntiSpy-ST] HKUS\.DEFAULT[...]\RunOnce : 320CF1A49B9231980000320CBF9E37F4 (C:\ProgramData\320CF1A49B9231980000320CBF9E37F4\320CF1A49B9231980000320CBF9E37F4.exe) [x] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (cmd /c "C:\Users\Bobnjill\Desktop\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : *ForceDelete (C:\Users\Bobnjill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZCBAHCD\AdwCleaner.exe /forcedelete) [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-ST ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] c18311dfff9568e6a9f0f7cfd4cea7c8
[BSP] 9b47f7e31d1db8195ff4e5e2d8398581 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14142 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05062013_02d1436.txt >>
RKreport[1]_S_05062013_02d1435.txt ; RKreport[2]_D_05062013_02d1436.txt

 

[Jcornell16]

I tried to use the computer after all this tonight and its still doing the same thing.... No response after a few minutes. Let me know what to try next. This is so frustrating! I need my computer back :-(

 

[Fiery]

Hi,

Can you open adwCleaner again and click delete again?

While in safe mode, try to run OTL. Here are the instructions:

Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Check the boxes beside LOP Check and Purity Check
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

 

[Jcornell16]

Raw the adware scan and deleted. It restarted after it cleaned. Attached are the OTL scans.

---

2nd attachment

 

[Fiery]

Hi,

Please go to control panel and uninstall the following:

SelectionLinks
Utility Chest Toolbar


Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O2 - BHO: (Toolbar BHO) - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O3 - HKU\S-1-5-21-4172460906-4023658582-3327891391-1001\..\Toolbar\WebBrowser: (Utility Chest) - {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O4 - HKLM..\Run: [Utility Chest Search Scope Monitor] C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [UtilityChest_49 Browser Plugin Loader] C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (VER_COMPANY_NAME)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{16cdf~1\browse~1.dll) - File not found
[2013/05/07 14:05:42 | 000,000,000 | ---D | C] -- C:\Users\Bobnjill\AppData\Local\UtilityChest_49

:Files
C:\Program Files (x86)\UtilityChest_49
C:\ProgramData\320CF1A49B9231980000320CBF9E37F4
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Let me know how your PC is running afterwards.

 

[Jcornell16]

Was able to remove utility chest toolbar. It told me that selection links was already removed, even though it appeared on the list of installed programs. Here is the log.....it won't let me post as an attachment for some reason, sorry.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}\ not found.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}\ not found.
File C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cf67755f-9265-449c-87cf-b945519e073b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf67755f-9265-449c-87cf-b945519e073b}\ not found.
File C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll not found.
Registry value HKEY_USERS\S-1-5-21-4172460906-4023658582-3327891391-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CF67755F-9265-449C-87CF-B945519E073B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF67755F-9265-449C-87CF-B945519E073B}\ not found.
File C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Utility Chest Search Scope Monitor not found.
File C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UtilityChest_49 Browser Plugin Loader not found.
File C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261125~1.80\{16cdf~1\browse~1.dll deleted successfully.
Folder C:\Users\Bobnjill\AppData\Local\UtilityChest_49\ not found.
========== FILES ==========
C:\Program Files (x86)\UtilityChest_49\bar\1.bin folder moved successfully.
C:\Program Files (x86)\UtilityChest_49\bar folder moved successfully.
C:\Program Files (x86)\UtilityChest_49 folder moved successfully.
C:\ProgramData\320CF1A49B9231980000320CBF9E37F4 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bobnjill\Desktop\cmd.bat deleted successfully.
C:\Users\Bobnjill\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 's
->Temporary Internet Files folder emptied: 748063 bytes

User: All Users

User: Bobnjill
->Temp folder emptied: 730106095 bytes
->Temporary Internet Files folder emptied: 648033273 bytes
->Java cache emptied: 2732571 bytes
->FireFox cache emptied: 6290848 bytes
->Flash cache emptied: 1386 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 968737803 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 26150 bytes

Total Files Cleaned = 2,248.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05072013_202128

Files\Folders moved on Reboot...
C:\Users\Bobnjill\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Jcornell16]

PC is still going to "not responding" in normal mode after a minute or 2. This is a frustrating little virus isn't it!

 

[Fiery]

Let's try this.

Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>
<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>
</ul>

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

 

[Jcornell16]

Log attached

 

[Fiery]

Hi,

Open up Notepad and paste the following:

File::
c:\program files (x86)\49Uninstall Utility Chest.dll
c:\program files (x86)\49res.dll

ClearJavaCache::

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Next, run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
• The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

 

[Jcornell16]

Combofix log

 

[Jcornell16]

Eset log results

 

[Fiery]

how is your PC running now?