Spybot Search Freezes on pornHUB.ru

[navyguy]

http://forums.spybot.info/showthrea...rch-Freezes-on-pornHUB-ru&p=452825#post452825

Unable to use your ERUNT (win7)View attachment dds.txt


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Bennett at 14:10:00 on 2014-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4240 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WindowFX] C:\Program Files (x86)\Stardock\Object Desktop\WindowFX\\wfxload.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Bennett\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0E8859D7-1974-46B9-8528-C1352E14B777} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5078C12A-7CB0-4E40-868E-9E12F42059D4} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9DB92B08-C11E-4710-8128-75581F59DF93} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Bennett\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Bennett\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/03/19 22:19:35];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-16 146928]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-12-23 15672]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-10 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-10 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-10 171928]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Bennett\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-3-28 14544]
R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-7-27 30944]
R3 AWOPFilterDriver;AWOPFilterDriver;C:\Windows\System32\drivers\AWOPFilterDriver.sys [2010-3-19 19464]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2011-12-22 31336]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2011-12-22 157288]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2010-3-20 1705600]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-20 321064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-3-19 35104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-7 111616]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-23 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-23 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-20 92160]
S4 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-1-20 14648]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-20 203776]
S4 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-12-22 490496]
S4 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-7-6 137336]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
.
=============== Created Last 30 ================
.
2014-05-11 17:51:07 -------- d-----w- C:\Users\Bennett\AppData\Local\{9E426A49-9B33-4500-8964-BC5F48A8E6D5}
2014-05-11 09:46:16 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{319F700F-F199-4081-91F4-C7CB56A276D5}\offreg.dll
2014-05-11 00:06:06 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-05-11 00:05:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-10 23:58:01 -------- d-----w- C:\Users\Bennett\AppData\Local\Programs
2014-05-10 21:08:03 -------- d-----w- C:\Users\Bennett\AppData\Local\{0E239E82-4522-4CEC-B04E-784AA389BC06}
2014-05-10 00:32:45 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{319F700F-F199-4081-91F4-C7CB56A276D5}\mpengine.dll
2014-05-09 23:37:30 -------- d-----w- C:\Users\Bennett\AppData\Local\{7CD33A93-10D8-4EEF-945B-C4E9EBE723C9}
2014-05-08 09:45:21 -------- d-----w- C:\Users\Bennett\AppData\Local\{944A8EC9-4FF9-4253-BBF8-23AAA088EFDD}
2014-05-08 07:08:50 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-08 07:08:50 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-07 09:58:08 -------- d-----w- C:\Users\Bennett\AppData\Local\{C894CD4C-60BB-4F92-8005-CF318B630E8C}
2014-05-07 07:00:57 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-07 07:00:57 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-07 07:00:40 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 14:43:58 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 14:43:58 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-26 16:12:38 -------- d-----w- C:\Users\Bennett\AppData\Local\{A6144F74-6FD0-4C51-864E-99607FE8DC33}
2014-04-25 03:31:04 -------- d-----w- C:\Users\Bennett\AppData\Local\{B7EBBA6B-1544-4707-8C55-592661583A5D}
2014-04-24 09:46:12 -------- d-----w- C:\Users\Bennett\AppData\Local\{6433CE84-63D6-4C66-ACE6-67EE0F8A1A45}
2014-04-23 21:07:10 -------- d-----w- C:\Users\Bennett\AppData\Local\{0CC58FD1-CF6D-40E3-B53E-B4686A8C71E4}
2014-04-20 13:22:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-20 13:19:33 -------- d-----w- C:\Users\Bennett\AppData\Local\{A606BC02-4B15-4489-81B5-23BA2289607F}
2014-04-20 12:57:05 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-04-20 12:09:31 -------- d-----w- C:\Users\Bennett\AppData\Local\{56D8EBE2-8F5D-4EB5-BF39-05FC150C9507}
2014-04-20 11:54:25 -------- d-----w- C:\Users\Bennett\AppData\Local\{D563AF8B-1899-4752-858E-506D88EB8029}
2014-04-20 03:49:37 -------- d-----w- C:\Users\Bennett\AppData\Local\{3765E909-18C6-4DEA-A0D0-FDBA01B0920E}
2014-04-20 01:50:58 -------- d-----w- C:\Users\Bennett\AppData\Local\{3DC6A449-5C5D-4EFD-B1CD-5F0BF50D1A77}
2014-04-20 00:54:54 -------- d-----w- C:\Users\Bennett\AppData\Local\{533B22AF-7A4B-4A80-840F-B9DA102CC9A8}
2014-04-19 23:38:56 -------- d-----w- C:\Users\Bennett\AppData\Local\{38916213-F55B-45C7-A5D8-8DF71F5AA5D3}
2014-04-19 22:07:10 -------- d-----w- C:\Users\Bennett\AppData\Local\{E5405416-CD6B-4472-B524-DB8B0341BDF2}
2014-04-18 16:51:27 -------- d-----w- C:\Windows\Migration
2014-04-16 03:02:58 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
.
==================== Find3M ====================
.
2014-05-07 09:58:01 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-07 09:58:00 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-12 01:24:04 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 14:16:31.38 ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-11 14:27:47
-----------------------------
14:27:47.856 OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:47.856 Number of processors: 8 586 0x1A05
14:27:47.857 ComputerName: BENNETT-PC UserName: Bennett
14:27:50.032 Initialize success
14:28:09.631 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:28:09.633 Disk 0 Vendor: ST310005 CC45 Size: 953869MB BusType: 3
14:28:09.723 Disk 0 MBR read successfully
14:28:09.726 Disk 0 MBR scan
14:28:09.728 Disk 0 Windows VISTA default MBR code
14:28:09.730 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:28:09.736 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8818 MB offset 81920
14:28:09.747 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 945010 MB offset 18141184
14:28:09.768 Disk 0 scanning C:\Windows\system32\drivers
14:28:17.264 Service scanning
14:28:30.390 Modules scanning
14:28:30.397 Disk 0 trace - called modules:
14:28:30.426 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:28:30.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007201790]
14:28:30.436 3 CLASSPNP.SYS[fffff88001b6943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8006f1f050]
14:28:30.441 Scan finished successfully
14:28:45.029 Disk 0 MBR has been saved successfully to "C:\Users\Bennett\Desktop\MBR.dat"
14:28:45.053 The log file has been saved successfully to "C:\Users\Bennett\Desktop\aswMBR.txt"

Thought i added the .zip file but guess not.

 

[OCD]

Hi navyguy,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Download AdwCleaner v3: Scan & Clean

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• Click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Download Junkware Removal Tool to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

• AdwCleaner[S0].txt
• JRT.txt
• FRST.txt
• Addition.txt
• What symptoms are you experiencing at the moment?

 

[navyguy]

View attachment FRST.txtView attachment AdwCleaner[S0].txtView attachment JRT.txtView attachment Addition.txtNo symptoms really i guess however i haven't tried running Spybot S&D yet to see if it freezes still.
One thing though while running JRT it continued to say one module wasn't working properly want to restart y or n
I restarted a couple times but it just continued saying the same thing so i hit N and got the report that way so not 100%

 

[OCD]

Hi navyguy,

I see you have/had downloaded ComboFix recently. Did you run a scan with ComboFix?

If so, locate the log and post it in your next reply.
C:\ComboFix.txt

If you are experiencing no symptoms, go ahead and try and run SpyBot.

In your next post please provide the following:

• Combofix log (if available)
• SpyBot progress

 

[navyguy]

Hi navyguy,

I see you have/had downloaded ComboFix recently. Did you run a scan with ComboFix?

If so, locate the log and post it in your next reply.
C:\ComboFix.txt

If you are experiencing no symptoms, go ahead and try and run SpyBot.

In your next post please provide the following:

• Combofix log (if available)
• SpyBot progress

I did but nothing at the location for C:\ComboFix.txt and Spybot is still freezing on the pornHUB.ru

 

[navyguy]

Actually now instead of freezing at pornHUB.ru it is freezing on pornBHO.ru

 

[OCD]

Hi navyguy,

Thank you for the information requested. Have you tried uninstalling SpyBot, rebooting and then reinstalling?

=========================

Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

In your next post please provide the following:

• checkup.txt
• Answer to question above.

 

[navyguy]

no i haven't so i did, and still freezes at 8.9% of scan on that same item (pornBHO.ru) and i also tried using Internet Explorer and my PC blue screen'd

 

[navyguy]

i did find this http://forums.spybot.info/archive/index.php/t-37631.html

 

[OCD]

Hi navyguy,

Thanks for that link, but if I understand your issue correctly SpyBot is freezing during the scan process at pornBHO.ru. It is not indicating you are infected by pornBHO.ru.

=========================

No Firewall or Anti-Virus

AntiVirus Program
I noticed that you don't have an Antivirus program installed on your system. As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials
Avast

=========================

Reboot

=========================

TFC

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
  • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

=========================

After rebooting, check and see if there is any change with SpyBot, report back the results.

 

[navyguy]

after all of that still no, still scanning for the same pornBHO.ru for the last 15mins and internet explorer still isn't working properly opens a blank page, and last time i tried going to a website it bsod

 

[navyguy]

after i made my last post i went into Microsoft Security Essentials and into the quarantine section and there sits a TrojanDropper:Win32/Dunik!rts

 

[navyguy]

Trying to run a quick scan on Microsoft Essentials again but wont get past C:\Program Files\internet explorer\F12.dll

 

[OCD]

Hi navyguy,

Items in quarantine are fine and cannot harm your system.

It seems like we having quite a bit of difficulty running tools.

Locate the copy of Combofix you currently have installed and delete it.

rkill

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.

• Windows XP : Double click on the icon to run it.
• Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

=========================

ComboFix

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:
  
  Link
  
  * IMPORTANT !!! Place ComboFix.exe on your Desktop
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
  
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:

• rkill log
• ComboFix.txt

 

[navyguy]

I'll do this post but just want to update you i currently downloaded avast and am currently doing a full sweep it's at 25% and going like a champ

 

[OCD]

:bigthumb: Post your findings when they are available.

 

[navyguy]

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/13/2014 09:55:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Bennett\Desktop\ffxiv pars\Pyskador.exe (PID: 2332) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net
127.0.0.1 ads.active.com

20 out of 30094 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 05/13/2014 09:59:24 PM
Execution time: 0 hours(s), 3 minute(s), and 26 seconds(s)



In regards to combofix, i have ran it about 4xnow everytime it restards my computer but wont restart properly and i can't get a log. When it resets my computer it just sits at the windows startup. Then i have to manually reset my computer. One time it did login properly and the combofix wind popped up saying generating report for about 5hrs then restarted the computer.

 

[navyguy]

oh and now my spybot is in all german

 

[OCD]

Hi navyguy,

Open Spybot, place a check mark in the Advanced User Mode, click the Settings icon (light switch). Locate the English (Ireland) choice and make sure it is selected, click Apply, then OK. You may need to close Spybot and reopen it to verify the language change worked.



Please refrain from running Spybot for now.

=========================

Reboot in Safe Mode w/Networking using the F8 Method:

• Restart your computer.
• When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows 7 Advanced Boot Options.
• Select the Safe Mode with Networking option using the arrow keys.
• Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.
• When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.

=========================

Retry running ComboFix. Post the log if it produces one. If not let me know what issues you encountered.

In your next post please provide the following:

• ComboFix.txt

 

[navyguy]

tried didn't work, however my memory is being eaten up on my task manager i have svchost.exe like 12x never seen that before one of them is taking 150k memory