Earlier today my computer started becoming slow and freezes. I can’t even get the Firefox window to open or avast to do a quick scan.
Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
Ok hopefully I can get it to work
If you run into problems, try it in safe mode.
Ok, thank you I wasn’t sure if I could do that since that’s what I’ll have to do.
You’re welcome. Let’s roll.
AdwCleaner v2.202 - Logfile created 04/26/2013 at 01:52:57
Updated 23/04/2013 by Xplode
Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
User : Sabrina - SABRINA-PC
Boot Mode : Safe mode with networking
Running from : C:\Users\Sabrina\Downloads\adwcleaner.exe
Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\0dwxqr78.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\0dwxqr78.default\browsermngr_prefs.js
File Deleted : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\0dwxqr78.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\0dwxqr78.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\0dwxqr78.default\searchplugins\web-search.xml
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Sabrina\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Sabrina\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Sabrina\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{23119123-0854-469D-807A-171568457991}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\ Internet Explorer v9.0.8112.16464
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^AFA^xdm163^YY^us&ptb=579A5748-2D29-4DE9-A3E6-3AB4F33A9577&si=250652 → hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110790&tt=3712_5&babsrc=NT_ss&mntrId=80e44ef8000000000000e0b9a5d959ce → hxxp://www.google.com
-\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\0dwxqr78.default\prefs.js
C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\0dwxqr78.default\user.js … Deleted !
Deleted : user_pref(“avg.install.userHPSettings”, "hxxp://search.babylon.com/?affID=110790&tt=3712_5&babsrc=HP[…]
Deleted : user_pref(“avg.install.userSPSettings”, “Search the web (Babylon)”);
Deleted : user_pref(“browser.search.defaultenginename”, “Search the web (Babylon)”);
Deleted : user_pref(“browser.search.order.1”, “Search the web (Babylon)”);
Deleted : user_pref(“browser.search.selectedEngine”, “Web Search”);
Deleted : user_pref(“browser.startup.homepage”, "hxxp://home.mywebsearch.com/index.jhtml?ptb=579A5748-2D29-4DE[…]
Deleted : user_pref(“extensions.BabylonToolbar.admin”, false);
Deleted : user_pref(“extensions.BabylonToolbar.aflt”, “babsst”);
Deleted : user_pref(“extensions.BabylonToolbar.appId”, “{BDB69379-802F-4eaf-B541-F8DE92DD98DB}”);
Deleted : user_pref(“extensions.BabylonToolbar.autoRvrt”, “false”);
Deleted : user_pref(“extensions.BabylonToolbar.babExt”, “”);
Deleted : user_pref(“extensions.BabylonToolbar.babTrack”, “affID=110796&tt=3712_2”);
Deleted : user_pref(“extensions.BabylonToolbar.bbDpng”, “10”);
Deleted : user_pref(“extensions.BabylonToolbar.cntry”, “US”);
Deleted : user_pref(“extensions.BabylonToolbar.dfltLng”, “en”);
Deleted : user_pref(“extensions.BabylonToolbar.dp_alert”, “0”);
Deleted : user_pref(“extensions.BabylonToolbar.envrmnt”, “production”);
Deleted : user_pref(“extensions.BabylonToolbar.excTlbr”, false);
Deleted : user_pref(“extensions.BabylonToolbar.hdrMd5”, “0A91D000BB00981F865F842F70034B6F”);
Deleted : user_pref(“extensions.BabylonToolbar.hmpg”, false);
Deleted : user_pref(“extensions.BabylonToolbar.id”, “80e44ef8000000000000e0b9a5d959ce”);
Deleted : user_pref(“extensions.BabylonToolbar.instlDay”, “15593”);
Deleted : user_pref(“extensions.BabylonToolbar.instlRef”, “sst”);
Deleted : user_pref(“extensions.BabylonToolbar.lastVrsnTs”, “1.6.9.1217:16:56”);
Deleted : user_pref(“extensions.BabylonToolbar.mntrvrsn”, “1.3.1”);
Deleted : user_pref(“extensions.BabylonToolbar.newTab”, false);
Deleted : user_pref(“extensions.BabylonToolbar.prdct”, “BabylonToolbar”);
Deleted : user_pref(“extensions.BabylonToolbar.prtnrId”, “babylon”);
Deleted : user_pref(“extensions.BabylonToolbar.sg”, “none”);
Deleted : user_pref(“extensions.BabylonToolbar.smplGrp”, “none”);
Deleted : user_pref(“extensions.BabylonToolbar.srcExt”, “ss”);
Deleted : user_pref(“extensions.BabylonToolbar.tlbrId”, “tb9”);
Deleted : user_pref(“extensions.BabylonToolbar.tlbrSrchUrl”, "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[…]
Deleted : user_pref(“extensions.BabylonToolbar.vrsn”, “1.6.9.12”);
Deleted : user_pref(“extensions.BabylonToolbar.vrsnTs”, “1.6.9.1217:16:56”);
Deleted : user_pref(“extensions.BabylonToolbar.vrsni”, “1.6.9.12”);
Deleted : user_pref(“extensions.BabylonToolbar_i.babExt”, “”);
Deleted : user_pref(“extensions.BabylonToolbar_i.babTrack”, “affID=110796&tt=3712_2”);
Deleted : user_pref(“extensions.BabylonToolbar_i.newTab”, false);
Deleted : user_pref(“extensions.BabylonToolbar_i.smplGrp”, “none”);
Deleted : user_pref(“extensions.BabylonToolbar_i.srcExt”, “ss”);
Deleted : user_pref(“extensions.BabylonToolbar_i.vrsnTs”, “1.6.9.1217:16:56”);
Deleted : user_pref(“extensions.ffxtlbr@babylon.com.install-event-fired”, true);
Deleted : user_pref(“extensions.mywebsearch.prevDefaultEngine”, “”);
Deleted : user_pref(“extensions.mywebsearch.prevSelectedEngine”, “”);
Deleted : user_pref(“extensions.toolbar.mindspark.5zMembers.homepage”, "hxxp://home.mywebsearch.com/index.jh[…]
Deleted : user_pref(“keyword.URL”, "hxxp://websearch.shopathome.com?user_id={819494c7-42ec-4a9c-a25f-731d2e8c0[…]
Deleted : user_pref(“sweetim.toolbar.previous.browser.search.defaultenginename”, “Search the web (Babylon)”);
Deleted : user_pref(“sweetim.toolbar.urls.homepage”, "hxxp://search.babylon.com/?affID=110790&tt=3712_5&babsrc[…]
-\ Google Chrome v [Unable to get version]
File : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
AdwCleaner[S1].txt - [7940 octets] - [26/04/2013 01:52:57]
########## EOF - C:\AdwCleaner[S1].txt - [8000 octets] ##########
I was working on getting the second log, but while performing the scan it took hours and still hadn’t finished and I fell asleep. But I’ll work on getting it again.
here is the 2nd log:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.26.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Sabrina :: SABRINA-PC [administrator]
Protection: Disabled
4/26/2013 12:38:38 PM
mbam-log-2013-04-26 (12-38-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220975
Time elapsed: 4 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL log
Could you temporarily uninstall MBAM please and let me know if that makes a difference
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
When I do this, will it erase all my files, like photos and music and documents?
No, don’t worry.
TFC will just clear all temporary files
Ok, just removed mbam and ran the link you provided. My computer is still slow and Firefox won’t open or the start menu.
OK lets use a bigger hammer
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
I’m still waiting on ComboFix to create the log report.
I’m not sure if ComboFix created the log because when my computer rebooted it didn’t come up with Safe Mode and even though it said ComboFix was creating the log, it stayed stuck on the same screen. My computer is still acting the same and the internet browser won’t open. Right now I’m on Safe Mode.
Could you run a fresh OTL log please and I will check it out
OTL Log: