PDA

View Full Version : Spybot Search Freezes on pornHUB.ru



navyguy
2014-05-11, 21:35
http://forums.spybot.info/showthread.php?70544-Spybot-Search-Freezes-on-pornHUB-ru&p=452825#post452825

Unable to use your ERUNT (win7)11451


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Bennett at 14:10:00 on 2014-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4240 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WindowFX] C:\Program Files (x86)\Stardock\Object Desktop\WindowFX\\wfxload.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Bennett\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0E8859D7-1974-46B9-8528-C1352E14B777} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5078C12A-7CB0-4E40-868E-9E12F42059D4} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9DB92B08-C11E-4710-8128-75581F59DF93} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Bennett\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Bennett\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/03/19 22:19:35];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-16 146928]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-12-23 15672]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-10 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-10 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-10 171928]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Bennett\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-3-28 14544]
R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-7-27 30944]
R3 AWOPFilterDriver;AWOPFilterDriver;C:\Windows\System32\drivers\AWOPFilterDriver.sys [2010-3-19 19464]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2011-12-22 31336]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2011-12-22 157288]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2010-3-20 1705600]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-20 321064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-3-19 35104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-7 111616]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-23 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-23 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-20 92160]
S4 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-1-20 14648]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-20 203776]
S4 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-12-22 490496]
S4 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-7-6 137336]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
.
=============== Created Last 30 ================
.
2014-05-11 17:51:07 -------- d-----w- C:\Users\Bennett\AppData\Local\{9E426A49-9B33-4500-8964-BC5F48A8E6D5}
2014-05-11 09:46:16 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{319F700F-F199-4081-91F4-C7CB56A276D5}\offreg.dll
2014-05-11 00:06:06 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-05-11 00:05:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-10 23:58:01 -------- d-----w- C:\Users\Bennett\AppData\Local\Programs
2014-05-10 21:08:03 -------- d-----w- C:\Users\Bennett\AppData\Local\{0E239E82-4522-4CEC-B04E-784AA389BC06}
2014-05-10 00:32:45 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{319F700F-F199-4081-91F4-C7CB56A276D5}\mpengine.dll
2014-05-09 23:37:30 -------- d-----w- C:\Users\Bennett\AppData\Local\{7CD33A93-10D8-4EEF-945B-C4E9EBE723C9}
2014-05-08 09:45:21 -------- d-----w- C:\Users\Bennett\AppData\Local\{944A8EC9-4FF9-4253-BBF8-23AAA088EFDD}
2014-05-08 07:08:50 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-08 07:08:50 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-07 09:58:08 -------- d-----w- C:\Users\Bennett\AppData\Local\{C894CD4C-60BB-4F92-8005-CF318B630E8C}
2014-05-07 07:00:57 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-07 07:00:57 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-07 07:00:40 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 14:43:58 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 14:43:58 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-26 16:12:38 -------- d-----w- C:\Users\Bennett\AppData\Local\{A6144F74-6FD0-4C51-864E-99607FE8DC33}
2014-04-25 03:31:04 -------- d-----w- C:\Users\Bennett\AppData\Local\{B7EBBA6B-1544-4707-8C55-592661583A5D}
2014-04-24 09:46:12 -------- d-----w- C:\Users\Bennett\AppData\Local\{6433CE84-63D6-4C66-ACE6-67EE0F8A1A45}
2014-04-23 21:07:10 -------- d-----w- C:\Users\Bennett\AppData\Local\{0CC58FD1-CF6D-40E3-B53E-B4686A8C71E4}
2014-04-20 13:22:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-20 13:19:33 -------- d-----w- C:\Users\Bennett\AppData\Local\{A606BC02-4B15-4489-81B5-23BA2289607F}
2014-04-20 12:57:05 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-04-20 12:09:31 -------- d-----w- C:\Users\Bennett\AppData\Local\{56D8EBE2-8F5D-4EB5-BF39-05FC150C9507}
2014-04-20 11:54:25 -------- d-----w- C:\Users\Bennett\AppData\Local\{D563AF8B-1899-4752-858E-506D88EB8029}
2014-04-20 03:49:37 -------- d-----w- C:\Users\Bennett\AppData\Local\{3765E909-18C6-4DEA-A0D0-FDBA01B0920E}
2014-04-20 01:50:58 -------- d-----w- C:\Users\Bennett\AppData\Local\{3DC6A449-5C5D-4EFD-B1CD-5F0BF50D1A77}
2014-04-20 00:54:54 -------- d-----w- C:\Users\Bennett\AppData\Local\{533B22AF-7A4B-4A80-840F-B9DA102CC9A8}
2014-04-19 23:38:56 -------- d-----w- C:\Users\Bennett\AppData\Local\{38916213-F55B-45C7-A5D8-8DF71F5AA5D3}
2014-04-19 22:07:10 -------- d-----w- C:\Users\Bennett\AppData\Local\{E5405416-CD6B-4472-B524-DB8B0341BDF2}
2014-04-18 16:51:27 -------- d-----w- C:\Windows\Migration
2014-04-16 03:02:58 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
.
==================== Find3M ====================
.
2014-05-07 09:58:01 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-07 09:58:00 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-12 01:24:04 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 14:16:31.38 ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-11 14:27:47
-----------------------------
14:27:47.856 OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:47.856 Number of processors: 8 586 0x1A05
14:27:47.857 ComputerName: BENNETT-PC UserName: Bennett
14:27:50.032 Initialize success
14:28:09.631 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:28:09.633 Disk 0 Vendor: ST310005 CC45 Size: 953869MB BusType: 3
14:28:09.723 Disk 0 MBR read successfully
14:28:09.726 Disk 0 MBR scan
14:28:09.728 Disk 0 Windows VISTA default MBR code
14:28:09.730 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:28:09.736 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8818 MB offset 81920
14:28:09.747 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 945010 MB offset 18141184
14:28:09.768 Disk 0 scanning C:\Windows\system32\drivers
14:28:17.264 Service scanning
14:28:30.390 Modules scanning
14:28:30.397 Disk 0 trace - called modules:
14:28:30.426 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:28:30.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007201790]
14:28:30.436 3 CLASSPNP.SYS[fffff88001b6943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8006f1f050]
14:28:30.441 Scan finished successfully
14:28:45.029 Disk 0 MBR has been saved successfully to "C:\Users\Bennett\Desktop\MBR.dat"
14:28:45.053 The log file has been saved successfully to "C:\Users\Bennett\Desktop\aswMBR.txt"

Thought i added the .zip file but guess not.

OCD
2014-05-13, 01:20
Hi navyguy,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

AdwCleaner[S0].txt
JRT.txt
FRST.txt
Addition.txt
What symptoms are you experiencing at the moment?

navyguy
2014-05-13, 07:15
11456114571145811459No symptoms really i guess however i haven't tried running Spybot S&D yet to see if it freezes still.
One thing though while running JRT it continued to say one module wasn't working properly want to restart y or n
I restarted a couple times but it just continued saying the same thing so i hit N and got the report that way so not 100%

OCD
2014-05-13, 20:45
Hi navyguy,

I see you have/had downloaded ComboFix recently. Did you run a scan with ComboFix?

If so, locate the log and post it in your next reply.
C:\ComboFix.txt

If you are experiencing no symptoms, go ahead and try and run SpyBot.

In your next post please provide the following:

Combofix log (if available)
SpyBot progress

navyguy
2014-05-13, 23:17
Hi navyguy,

I see you have/had downloaded ComboFix recently. Did you run a scan with ComboFix?

If so, locate the log and post it in your next reply.
C:\ComboFix.txt

If you are experiencing no symptoms, go ahead and try and run SpyBot.

In your next post please provide the following:

Combofix log (if available)
SpyBot progress



I did but nothing at the location for C:\ComboFix.txt and Spybot is still freezing on the pornHUB.ru

navyguy
2014-05-13, 23:23
Actually now instead of freezing at pornHUB.ru it is freezing on pornBHO.ru

OCD
2014-05-14, 00:06
Hi navyguy,

Thank you for the information requested. Have you tried uninstalling SpyBot, rebooting and then reinstalling?

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

In your next post please provide the following:

checkup.txt
Answer to question above.

navyguy
2014-05-14, 00:23
no i haven't so i did, and still freezes at 8.9% of scan on that same item (pornBHO.ru) and i also tried using Internet Explorer and my PC blue screen'd

navyguy
2014-05-14, 00:24
i did find this http://forums.spybot.info/archive/index.php/t-37631.html

OCD
2014-05-14, 00:45
Hi navyguy,

Thanks for that link, but if I understand your issue correctly SpyBot is freezing during the scan process at pornBHO.ru. It is not indicating you are infected by pornBHO.ru.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) No Firewall or Anti-Virus

AntiVirus Program
I noticed that you don't have an Antivirus program installed on your system. As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials (http://www.microsoft.com/security/pc-security/mse.aspx)
Avast (http://www.avast.com/en-au/free-antivirus-download)

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TFC

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program

Vista, Windows 7 & 8 Right click and select "Run as Administrator"

TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

=========================

After rebooting, check and see if there is any change with SpyBot, report back the results.

navyguy
2014-05-14, 01:51
after all of that still no, still scanning for the same pornBHO.ru for the last 15mins and internet explorer still isn't working properly opens a blank page, and last time i tried going to a website it bsod

navyguy
2014-05-14, 01:56
after i made my last post i went into Microsoft Security Essentials and into the quarantine section and there sits a TrojanDropper:Win32/Dunik!rts

navyguy
2014-05-14, 02:28
Trying to run a quick scan on Microsoft Essentials again but wont get past C:\Program Files\internet explorer\F12.dll

OCD
2014-05-14, 04:42
Hi navyguy,

Items in quarantine are fine and cannot harm your system.

It seems like we having quite a bit of difficulty running tools.

Locate the copy of Combofix you currently have installed and delete it.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) rkill

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Do not reboot your computer after running rkill as the malware programs will start again.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix

Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


Download ComboFix from the following location:

Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Place ComboFix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:

rkill log
ComboFix.txt

navyguy
2014-05-14, 04:55
I'll do this post but just want to update you i currently downloaded avast and am currently doing a full sweep it's at 25% and going like a champ

OCD
2014-05-14, 05:02
:bigthumb: Post your findings when they are available.

navyguy
2014-05-14, 23:59
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/13/2014 09:55:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Bennett\Desktop\ffxiv pars\Pyskador.exe (PID: 2332) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net
127.0.0.1 ads.active.com

20 out of 30094 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 05/13/2014 09:59:24 PM
Execution time: 0 hours(s), 3 minute(s), and 26 seconds(s)



In regards to combofix, i have ran it about 4xnow everytime it restards my computer but wont restart properly and i can't get a log. When it resets my computer it just sits at the windows startup. Then i have to manually reset my computer. One time it did login properly and the combofix wind popped up saying generating report for about 5hrs then restarted the computer.

navyguy
2014-05-15, 00:02
oh and now my spybot is in all german

OCD
2014-05-15, 04:50
Hi navyguy,

Open Spybot, place a check mark in the Advanced User Mode, click the Settings icon (light switch). Locate the English (Ireland) choice and make sure it is selected, click Apply, then OK. You may need to close Spybot and reopen it to verify the language change worked.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/SpybotSettingsmenu_zps57106f8d.gif (http://s1269.photobucket.com/user/OCD-WTT/media/SpybotSettingsmenu_zps57106f8d.gif.html)

Please refrain from running Spybot for now.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot in Safe Mode w/Networking using the F8 Method:


Restart your computer.
When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows 7 Advanced Boot Options.
Select the Safe Mode with Networking option using the arrow keys.
Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.
When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.

=========================

Retry running ComboFix. Post the log if it produces one. If not let me know what issues you encountered.

In your next post please provide the following:

ComboFix.txt

navyguy
2014-05-15, 23:35
tried didn't work, however my memory is being eaten up on my task manager i have svchost.exe like 12x never seen that before one of them is taking 150k memory

navyguy
2014-05-15, 23:40
shows i have 83 processes going on in normal mode with 3% CPU usage but using 40% memory, that seems wrong.

navyguy
2014-05-16, 01:34
ComboFix 14-05-13.01 - Bennett 05/15/2014 18:08:43.7.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4936 [GMT -4:00]
Running from: C:\Users\Bennett\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Windows\wininit.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SysInfo
-------\Service_SysInfo


((((((((((((((((((((((((( Files Created from 2014-04-15 to 2014-05-15 )))))))))))))))))))))))))))))))


2014-05-15 22:17:23 . 2014-05-15 22:17:23 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2014-05-15 22:17:23 . 2014-05-15 22:17:23 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-05-15 22:17:23 . 2014-05-15 22:17:23 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-05-15 20:39:11 . 2014-05-15 20:39:17 -------- d-----w- C:\bce4e5e67c55f6a407381e0b14
2014-05-15 16:41:48 . 2014-05-15 16:41:58 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D53DA2B-D7B3-4715-AC80-C7BB29EB3F95}\offreg.dll
2014-05-15 07:06:26 . 2014-05-06 04:40:42 23544320 ----a-w- C:\Windows\system32\mshtml.dll
2014-05-15 07:06:26 . 2014-05-06 03:00:47 84992 ----a-w- C:\Windows\system32\mshtmled.dll
2014-05-15 07:06:25 . 2014-05-06 04:17:53 2724864 ----a-w- C:\Windows\system32\mshtml.tlb
2014-05-15 07:06:25 . 2014-05-06 03:07:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 00:20:24 . 2014-05-15 21:51:32 119512 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 00:20:10 . 2014-05-15 00:20:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 00:20:10 . 2014-04-03 13:51:16 63192 ----a-w- C:\Windows\system32\drivers\mwac.sys
2014-05-15 00:20:10 . 2014-04-03 13:51:04 88280 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-14 21:50:41 . 2014-05-14 21:52:26 -------- d-----w- C:\53db8d1d1263986d49b2bbfe
2014-05-14 17:10:09 . 2014-03-25 02:43:12 14175744 ----a-w- C:\Windows\system32\shell32.dll
2014-05-14 17:10:03 . 2014-05-09 06:14:03 477184 ----a-w- C:\Windows\system32\aepdu.dll
2014-05-14 17:10:02 . 2014-05-09 06:11:23 424448 ----a-w- C:\Windows\system32\aeinv.dll
2014-05-14 00:25:50 . 2014-05-14 00:25:50 -------- d-----w- C:\Program Files\7-Zip
2014-05-14 00:25:19 . 2014-05-14 00:25:19 -------- d-----w- C:\Users\Bennett\AppData\Roaming\Oracle
2014-05-14 00:24:53 . 2014-05-14 00:24:53 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-05-14 00:24:32 . 2014-05-14 00:24:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-14 00:08:36 . 2014-05-14 00:08:36 -------- d-----w- C:\Users\Bennett\AppData\Roaming\AVAST Software
2014-05-14 00:07:23 . 2014-05-14 00:07:08 423240 ----a-w- C:\Windows\system32\drivers\aswsp.sys.1400146675246
2014-05-14 00:07:23 . 2014-05-14 00:07:08 1039096 ----a-w- C:\Windows\system32\drivers\aswsnx.sys.1400146675246
2014-05-14 00:07:08 . 2014-05-14 00:07:08 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-14 00:06:33 . 2014-05-14 00:06:33 -------- d-----w- C:\Program Files\AVAST Software
2014-05-13 08:00:11 . 2014-04-17 09:31:46 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D53DA2B-D7B3-4715-AC80-C7BB29EB3F95}\mpengine.dll
2014-05-13 03:29:58 . 2014-05-13 04:04:50 -------- d-----w- C:\FRST
2014-05-13 02:41:46 . 2014-05-13 02:41:46 -------- d-----w- C:\Windows\ERUNT
2014-05-13 02:36:31 . 2010-08-30 12:34:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-13 02:35:56 . 2014-05-15 01:20:14 -------- d-----w- C:\AdwCleaner
2014-05-13 01:51:01 . 2014-05-13 01:51:01 -------- d-sh--w- C:\Users\Bennett\AppData\Local\EmieUserList
2014-05-13 01:51:01 . 2014-05-13 01:51:01 -------- d-sh--w- C:\Users\Bennett\AppData\Local\EmieSiteList
2014-05-11 00:05:42 . 2014-05-15 00:02:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-10 23:58:01 . 2014-05-10 23:58:01 -------- d-----w- C:\Users\Bennett\AppData\Local\Programs
2014-05-08 13:48:42 . 2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 07:00:59 . 2014-03-06 06:53:46 13551104 ----a-w- C:\Windows\system32\ieframe.dll
2014-05-07 07:00:57 . 2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\system32\jscript9.dll
2014-05-07 07:00:57 . 2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-07 07:00:40 . 2014-05-15 07:09:20 -------- d-s---w- C:\Windows\system32\CompatTel
2014-04-20 12:57:05 . 2014-04-20 12:57:05 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-04-18 16:51:27 . 2014-04-18 16:51:27 -------- d-----w- C:\Windows\Migration
2014-04-16 03:02:58 . 2014-04-16 03:02:58 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

OCD
2014-05-16, 06:06
Hi navyguy,

The ComboFix log you provided is not complete. Let's try a different approach.

=========================


however my memory is being eaten up on my task manager i have svchost.exe like 12x never seen that before one of them is taking 150k memory
Yes, it is normal for multiple svchost.exe processes to be running in Task Manager. Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. It manages 32-bit DLLs and other services. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. In normal conditions multiple instances of Svchost.exe run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Please delete the current copy of ComboFix you have on your desktop and follow the instructions to download a new copy of ComboFix and rename it shown below.

=========================

Try and run the renamed ComboFix in Normal Mode. If Normal Mode will not run, reboot into Safe Mode and try again.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix

Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


Download Combofix from the following location: but rename it to navyguyCF before saving it to your desktop.

Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save the renamed ComboFix.exe (navyguyCF) to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:

ComboFix.txt

navyguy
2014-05-17, 02:02
ComboFix 14-05-16.01 - Bennett 05/16/2014 17:33:46.8.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4734 [GMT -4:00]
Running from: c:\users\Bennett\Desktop\navyguyCF.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SysInfo
-------\Service_SysInfo
.
.
((((((((((((((((((((((((( Files Created from 2014-04-16 to 2014-05-16 )))))))))))))))))))))))))))))))
.
.
2014-05-16 21:42 . 2014-05-16 21:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-05-16 21:42 . 2014-05-16 21:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-16 21:42 . 2014-05-16 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-16 20:43 . 2014-05-16 20:43 119512 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-05-16 02:56 . 2014-05-16 02:56 -------- d-----w- c:\users\Bennett\AppData\Roaming\TeamViewer
2014-05-15 20:39 . 2014-05-15 20:39 -------- d-----w- C:\bce4e5e67c55f6a407381e0b14
2014-05-15 16:41 . 2014-05-15 22:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D53DA2B-D7B3-4715-AC80-C7BB29EB3F95}\offreg.dll
2014-05-15 07:06 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 07:06 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 07:06 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 07:06 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 00:20 . 2014-05-16 20:43 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 00:20 . 2014-05-15 00:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-15 00:20 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-15 00:20 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-14 21:50 . 2014-05-14 21:52 -------- d-----w- C:\53db8d1d1263986d49b2bbfe
2014-05-14 17:10 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 17:10 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 17:10 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-14 00:25 . 2014-05-14 00:25 -------- d-----w- c:\program files\7-Zip
2014-05-14 00:25 . 2014-05-14 00:25 -------- d-----w- c:\users\Bennett\AppData\Roaming\Oracle
2014-05-14 00:24 . 2014-05-14 00:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-05-14 00:24 . 2014-05-14 00:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-14 00:08 . 2014-05-14 00:08 -------- d-----w- c:\users\Bennett\AppData\Roaming\AVAST Software
2014-05-14 00:07 . 2014-05-14 00:07 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400146675246
2014-05-14 00:07 . 2014-05-14 00:07 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400146675246
2014-05-14 00:07 . 2014-05-14 00:07 43152 ----a-w- c:\windows\avastSS.scr
2014-05-14 00:06 . 2014-05-14 00:06 -------- d-----w- c:\program files\AVAST Software
2014-05-13 08:00 . 2014-04-17 09:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D53DA2B-D7B3-4715-AC80-C7BB29EB3F95}\mpengine.dll
2014-05-13 03:29 . 2014-05-13 04:04 -------- d-----w- C:\FRST
2014-05-13 02:41 . 2014-05-13 02:41 -------- d-----w- c:\windows\ERUNT
2014-05-13 02:36 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-13 02:35 . 2014-05-15 01:20 -------- d-----w- C:\AdwCleaner
2014-05-13 01:51 . 2014-05-13 01:51 -------- d-sh--w- c:\users\Bennett\AppData\Local\EmieUserList
2014-05-13 01:51 . 2014-05-13 01:51 -------- d-sh--w- c:\users\Bennett\AppData\Local\EmieSiteList
2014-05-11 00:05 . 2014-05-15 00:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-10 23:58 . 2014-05-10 23:58 -------- d-----w- c:\users\Bennett\AppData\Local\Programs
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 07:00 . 2014-03-06 06:53 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-05-07 07:00 . 2014-03-06 08:11 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-05-07 07:00 . 2014-03-06 07:46 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-07 07:00 . 2014-05-15 07:09 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-20 12:57 . 2014-04-20 12:57 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-04-18 16:51 . 2014-04-18 16:51 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 07:03 . 2010-03-30 21:45 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 00:19 . 2012-11-23 15:42 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 00:19 . 2011-08-04 08:54 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-16 03:02 . 2014-04-16 03:02 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-03 13:50 . 2011-01-20 19:20 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 13:35 . 2010-10-08 16:15 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-12 01:24 . 2012-12-11 21:10 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 09:44 . 2014-04-09 09:48 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 09:48 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 09:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 09:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 09:48 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 09:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 09:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 09:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 09:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 09:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 09:48 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowFX"="c:\program files (x86)\Stardock\Object Desktop\WindowFX\\wfxload.exe" [2006-06-07 820912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-07 98304]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-12-17 295512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Bennett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2013-1-18 1963872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe -minimized [2011-12-22 564224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/03/19 22:19];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
R2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Bennett\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys;c:\users\Bennett\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [x]
R2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Bennett\AppData\Local\Temp\ALSysIO64.sys;c:\users\Bennett\AppData\Local\Temp\ALSysIO64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Bennett\AppData\Local\Temp\00373F4.tmp;c:\users\Bennett\AppData\Local\Temp\00373F4.tmp [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [x]
R4 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe;c:\program files\Broadcom\BPowMon\BPowMon.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys;c:\windows\SYSNATIVE\drivers\AWOPFilterDriver.sys [x]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys;c:\windows\SYSNATIVE\DRIVERS\Edge7x64.sys [x]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys;c:\windows\SYSNATIVE\DRIVERS\Xeno7x64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-15 20:32 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 00:19]
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce85b8a8be1a08.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 15:21]
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 15:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-01-20 61256]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-01-20 167736]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Bennett\AppData\Local\Temp\00373F4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1207316150-2202194008-3487244567-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1207316150-2202194008-3487244567-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-16 18:44:35
ComboFix-quarantined-files.txt 2014-05-16 22:44
ComboFix2.txt 2011-01-21 00:26
ComboFix3.txt 2011-01-20 20:02
.
Pre-Run: 783,879,270,400 bytes free
Post-Run: 783,662,682,112 bytes free
.
- - End Of File - - 19F84D84771F8BAAA338B39DC8EA4F90

OCD
2014-05-17, 05:02
Hi navyguy,

Your ComboFix log looks fine. Let's try a few more scans to see if we can turn up anything that might be causing your issues.

Have you had any additional BSOD's?
What is your primary browser?
When you first noticed the issue with SpyBot, had you installed any new software or hardware around that time?

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET

Go to ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:

Answer to questions above.
MBAM.txt
ESET's log.txt
Any updates about performance I should be aware of?

navyguy
2014-05-17, 05:36
If I am in normal mode things are just slow the pc responds on a 25-30 second delay trying to open any browser. But in safe mode with networking everything works absolutely normal. Everytime i run malware bytes it get stuck on different .dll's in the internet explorer folder, today i came home from a full scan and it was at 10hrs of scanning but stuck on 12.dll or something. Only thing i've recently installed other then all of these cleaning programs was spybot search and destroy 2.

Also i have a IT friend that did a remote assistance on my computer and checked some logs and he thinks it's hardware too, this is what he said

"iaStor0 isn't responding looks like disk/disk controller on your board, I would try updating the software/driver for it. If your still getting errors/crashes, I would check your warranty - but the intel rapid storage tool should give you
an idea if a disk(s) are dying."

However i know it has to be software because a computer working 100% normal in safe mode and working at 25% in normal isn't hardware.

navyguy
2014-05-17, 05:50
f12resources.dll in the internet explorer folder is what malwarebytes gets stuck on, and ESET just froze on that exact same .dll

navyguy
2014-05-17, 07:01
Tried to reinstall spybot search and destroy 2.3 and it installed in german again. When i went to the what i think was the options item i got a SDTray.exe - Application Error that says
"The instruction at 0x000000000714DD9D9 referenced memory at 0x000000000714DD9D9. The required data was not placed into memory because of an I/O error status of 0XC0000009d.

CLick on OK to terminate the program."

navyguy
2014-05-17, 07:45
Just uninstalled avast and tried to reinstall and got "The installer is unable to initialize early avast! self-defense with error 0x0000043c! Aborting

OCD
2014-05-17, 07:48
Hi navyguy,


If your still getting errors/crashes, I would check your warranty - but the intel rapid storage tool should give you an idea if a disk(s) are dying.
Did you try updating the drivers like your friend suggested?


However i know it has to be software because a computer working 100% normal in safe mode and working at 25% in normal isn't hardware.
When you boot in safe mode you computer starts with the bare minumum running to get the computer going. It might not be completely accurate to say that just because it runs fine in safe mode that it can't be a hardware problem.


Tried to reinstall spybot search and destroy 2.3 and it installed in german again.
I really can't explain why SpyBot keeps installing in German.

The error message you posted in your last post indicates that your computer is having some difficulty communicating with the hard drive.

Reboot Your System using Last Known good Configuration

If you are unable to boot your system using the Last Known Good Configuration, just continue with the remaininder of the steps.


Restart your computer.
As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
Use the arrow keys to select the Last known good configuration menu item.
Press Enter.


After it has completed be sure to reboot the computer and test the status and report back.

navyguy
2014-05-17, 19:40
*Ok couldn't really find a restore that went to far back after all of these programs.
*Spybot still downloads in German eventhough i select English
*Avast downloads absolutely perfect no issues
*Can run computer in normal mode seems pretty quick no issues
*Downloading malware bytes i still get errors but they are no longer the 0x00000f4 errors they are file errors i think
*I used ccleaner and driverbooster to clear up some registry items and update some drivers (IT friend recommendation)
*I also reinstalled Intel extreme utility

So kind of back where we started with a cleaner computer xD

OCD
2014-05-18, 06:07
Hi navyguy,


*Ok couldn't really find a restore that went to far back after all of these programs.
Did you just roll back to a Restore point, or did you reboot to the "Last Known Good Configuration" as requested?


*Spybot still downloads in German eventhough i select English
Really have no clue why SpyBot is doing that.


*Avast downloads absolutely perfect no issues
*Can run computer in normal mode seems pretty quick no issues[/quote]
:bigthumb:


*Downloading malware bytes i still get errors but they are no longer the 0x00000f4 errors they are file errors i think
You might need to completely uninstall MBAM, reboot then download a new copy.


*I used ccleaner and driverbooster to clear up some registry items and update some drivers (IT friend recommendation)
Although recommended by a friend we try and suggest that you steer clear of any type of Registry cleaner as they have a tendency to do more harm then good.


*I also reinstalled Intel extreme utility
:bigthumb:

So kind of back where we started with a cleaner computer xD

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "chkdsk /r" (make note of the space between chkdsk and /)

=========================

What are the current symptoms you are encountering? If any.
Results of the chkdsk step

navyguy
2014-05-18, 18:38
Just did the "chkdsk /r" check it told me it had to be done on restart and when it restarted it said teh C: drive was NTFS and was clean

I didn't do the system restore or last known configuration because my f2 and f12 option when i reboot don't have and of that. F2 took me to basically my bio settings and f12 showed me my hard drive an option to test all my hard ware and a option to go to bios. My desktop is an area 51 alienware desktop idk the motherboard and the bios but couldn't find a last known good config. option, now there is a restore to defaults but that will undo my overclocking i've done to my processor.

As far as issues normal mode is a tad slower then safe mode, every other reboot either firefox pulls up right away or it doesn't at all kind of strange. However seems like stuff is kind of working better.

Oh btw remember the JRT.exe program you asked me to run couple days ago? I remember it saying i had a bad module will need to reboot to fix, well i've checked the program once or twice sense then. An it is still saying i have a bad module will need to reboot to fix. I assume it's not being fixed on reboot?

Was thinking of buying a hybrid hard drive and putting it in my tower and just moving stuff over idk, getting annoyed with this computer, don't get how it works perfect in safe mode with netowrking but normal just isn't as fast.

navyguy
2014-05-18, 19:35
Jumped on my online game today and i was running through the game when all of a sudden i fell through the ground . . . then i disconnected and couldn't open the game again unless i restarted my computer. Never happened before, obviously having latency issues now.

navyguy
2014-05-18, 19:50
ok did the f8 thing and started from last known good config. and i guess it must have been sometime recent because it has everything on my desktop that i've had recently.

navyguy
2014-05-18, 20:30
fixed the issue with malware bytes i ran a quick scan and this all came up.

navyguy
2014-05-19, 01:43
earlier i was scanning with mbites and it got to a iesetup.dll it got stuck on and when i tried using firefox it was really slow and in the lower left hand corner you could read all of these weird websites it was waiting to respond or transferring data got to the point where my pc just froze up couldn't write the names down.

navyguy
2014-05-19, 01:44
did another adware cleaner

# AdwCleaner v3.209 - Report created 18/05/2014 at 18:41:05
# Updated 18/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bennett - BENNETT-PC
# Running from : C:\Users\Bennett\Downloads\adwcleaner_3.209.exe
# Option : Scan

***** [ Services ] *****

Service Found : SystemkService

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Windows\Tasks\Driver Booster Update.job
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\systemk
Folder Found : C:\Users\Bennett\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Bennett\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Bennett\AppData\Roaming\Solvusoft
Folder Found : C:\Users\Bennett\Documents\PC Speed Maximizer

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SystemK
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SystemK
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Bennett\AppData\Roaming\Mozilla\Firefox\Profiles\gf9qf28w.default\prefs.js ]

Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Found : user_pref("browser.search.defaultenginename", "default-search.net");
Line Found : user_pref("browser.search.order.1", "default-search.net");
Line Found : user_pref("browser.search.selectedEngine", "default-search.net");

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Bennett\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=12349&tm=350&src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [17821 octets] - [12/05/2014 22:36:12]
AdwCleaner[R1].txt - [974 octets] - [14/05/2014 21:11:46]
AdwCleaner[R2].txt - [9042 octets] - [18/05/2014 18:41:05]
AdwCleaner[S1].txt - [1034 octets] - [14/05/2014 21:20:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [9162 octets] ##########

OCD
2014-05-19, 05:16
Hi navyguy,

Please only run the tools I request in the order I outline. Running tools not requested or in a different order may delay our progress.

Please do the following:

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) System File Checker (SFC)

Click on the Start button and in the Search programs and files box type the following:


command


Don't press Enter, just let the search results populate above.
In the search results, locate the Programs section.
Locate the Command Prompt shortcut and right-click on it.
Select Run as administrator.
Click Yes on the User Account Control window that appears.
Important: If you see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 (http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=8&f=11&su=p284.13.342.ip_p504.6.342.ip_&tt=2&bt=0&bts=0&zu=http%3A//windows.microsoft.com/en-us/windows7/turn-user-account-control-on-or-off) for more information.
An elevated Command Prompt window will appear.


Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter


Let the check run to completion. DO NOT reboot the PC or close the cmd window.
Copy & Paste the following command at the Command Prompt and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
Copy and Paste the contents of the file into your next post.
After the scan runs type exit to close the command prompt window

=========================

In your next post please provide the following:

AdwCleaner[S2].txt
MBAM.txt
Results of the SFC scan

navyguy
2014-05-20, 00:31
can't fet a full malwarebytes scan because it keeps freezing on c:\WINDOWS\SYSWOW64\iepeers.dll

the other scan is currently frozen at 28% in the dos window thing will sit and wait for it to finish hope it isn't frozen

navyguy
2014-05-20, 00:34
Forgot to attach this

navyguy
2014-05-20, 00:43
the sfc /scannow froze at 28% then windows said it had to refresh and then it said in the dos window "Windows Resource Protection could not perform the requested operation"

navyguy
2014-05-20, 01:10
just tried it in safe mode and again froze at 28% with the same error

navyguy
2014-05-20, 01:12
2014-05-19 16:59:12, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 16:59:12, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-05-19 17:00:04, Info CSI 0000000c [SR] Verify complete
2014-05-19 17:00:04, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:00:04, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-05-19 17:01:14, Info CSI 00000010 [SR] Verify complete
2014-05-19 17:01:14, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:01:14, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:15, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:15, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:23, Info CSI 0000000c [SR] Verify complete
2014-05-19 17:11:23, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:23, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:26, Info CSI 00000010 [SR] Verify complete
2014-05-19 17:11:26, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:26, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:29, Info CSI 00000014 [SR] Verify complete
2014-05-19 17:11:29, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:29, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:31, Info CSI 00000018 [SR] Verify complete
2014-05-19 17:11:31, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:31, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:35, Info CSI 0000001c [SR] Verify complete
2014-05-19 17:11:35, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:35, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:38, Info CSI 00000020 [SR] Verify complete
2014-05-19 17:11:38, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:38, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:41, Info CSI 00000024 [SR] Verify complete
2014-05-19 17:11:41, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:41, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:46, Info CSI 00000028 [SR] Verify complete
2014-05-19 17:11:46, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:46, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:50, Info CSI 0000002c [SR] Verify complete
2014-05-19 17:11:50, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:50, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:53, Info CSI 00000030 [SR] Verify complete
2014-05-19 17:11:54, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:54, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:57, Info CSI 00000034 [SR] Verify complete
2014-05-19 17:11:57, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:57, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-05-19 17:11:59, Info CSI 00000038 [SR] Verify complete
2014-05-19 17:11:59, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:11:59, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:04, Info CSI 0000003c [SR] Verify complete
2014-05-19 17:12:04, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:04, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:07, Info CSI 00000040 [SR] Verify complete
2014-05-19 17:12:07, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:07, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:10, Info CSI 00000044 [SR] Verify complete
2014-05-19 17:12:10, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:10, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:17, Info CSI 00000049 [SR] Verify complete
2014-05-19 17:12:17, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:17, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:22, Info CSI 00000050 [SR] Verify complete
2014-05-19 17:12:22, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:22, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:26, Info CSI 00000055 [SR] Verify complete
2014-05-19 17:12:26, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:26, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:30, Info CSI 00000059 [SR] Verify complete
2014-05-19 17:12:30, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:30, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:34, Info CSI 00000067 [SR] Verify complete
2014-05-19 17:12:34, Info CSI 00000068 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:34, Info CSI 00000069 [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:39, Info CSI 00000084 [SR] Verify complete
2014-05-19 17:12:39, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:39, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:49, Info CSI 00000088 [SR] Verify complete
2014-05-19 17:12:49, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:49, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2014-05-19 17:12:53, Info CSI 0000008c [SR] Verify complete
2014-05-19 17:12:53, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:12:53, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:00, Info CSI 00000090 [SR] Verify complete
2014-05-19 17:13:00, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:00, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:08, Info CSI 00000094 [SR] Verify complete
2014-05-19 17:13:09, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:09, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:12, Info CSI 00000098 [SR] Verify complete
2014-05-19 17:13:12, Info CSI 00000099 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:12, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:18, Info CSI 0000009e [SR] Verify complete
2014-05-19 17:13:18, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:18, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:25, Info CSI 000000c1 [SR] Verify complete
2014-05-19 17:13:25, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:25, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:34, Info CSI 000000c5 [SR] Verify complete
2014-05-19 17:13:34, Info CSI 000000c6 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:34, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:44, Info CSI 000000cb [SR] Verify complete
2014-05-19 17:13:45, Info CSI 000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:45, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:47, Info CSI 000000cf [SR] Verify complete
2014-05-19 17:13:47, Info CSI 000000d0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:47, Info CSI 000000d1 [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:48, Info CSI 000000d3 [SR] Verify complete
2014-05-19 17:13:48, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:48, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2014-05-19 17:13:50, Info CSI 000000d7 [SR] Verify complete
2014-05-19 17:13:50, Info CSI 000000d8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:13:50, Info CSI 000000d9 [SR] Beginning Verify and Repair transaction
2014-05-19 17:14:00, Info CSI 000000ec [SR] Verify complete
2014-05-19 17:14:00, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:14:00, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2014-05-19 17:14:01, Info CSI 000000f0 [SR] Verify complete
2014-05-19 17:14:01, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:14:01, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2014-05-19 17:14:04, Info CSI 000000f4 [SR] Verify complete
2014-05-19 17:14:04, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:14:04, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2014-05-19 17:14:06, Info CSI 000000f8 [SR] Verify complete
2014-05-19 17:14:06, Info CSI 000000f9 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 17:14:06, Info CSI 000000fa [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:39, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:39, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:42, Info CSI 0000000c [SR] Verify complete
2014-05-19 18:03:42, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:42, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:44, Info CSI 00000010 [SR] Verify complete
2014-05-19 18:03:44, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:44, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:47, Info CSI 00000014 [SR] Verify complete
2014-05-19 18:03:47, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:47, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:49, Info CSI 00000018 [SR] Verify complete
2014-05-19 18:03:49, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:49, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:51, Info CSI 0000001c [SR] Verify complete
2014-05-19 18:03:51, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:51, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:54, Info CSI 00000020 [SR] Verify complete
2014-05-19 18:03:54, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:54, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:56, Info CSI 00000024 [SR] Verify complete
2014-05-19 18:03:56, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:56, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-05-19 18:03:59, Info CSI 00000028 [SR] Verify complete
2014-05-19 18:03:59, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:03:59, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:01, Info CSI 0000002c [SR] Verify complete
2014-05-19 18:04:01, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:01, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:04, Info CSI 00000030 [SR] Verify complete
2014-05-19 18:04:04, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:04, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:06, Info CSI 00000034 [SR] Verify complete
2014-05-19 18:04:06, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:06, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:08, Info CSI 00000038 [SR] Verify complete
2014-05-19 18:04:08, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:08, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:11, Info CSI 0000003c [SR] Verify complete
2014-05-19 18:04:11, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:11, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:12, Info CSI 00000040 [SR] Verify complete
2014-05-19 18:04:12, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:12, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:13, Info CSI 00000044 [SR] Verify complete
2014-05-19 18:04:13, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:13, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:18, Info CSI 00000049 [SR] Verify complete
2014-05-19 18:04:18, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:18, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:22, Info CSI 00000050 [SR] Verify complete
2014-05-19 18:04:23, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:23, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:26, Info CSI 00000055 [SR] Verify complete
2014-05-19 18:04:26, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:26, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:29, Info CSI 00000059 [SR] Verify complete
2014-05-19 18:04:29, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:29, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:33, Info CSI 00000067 [SR] Verify complete
2014-05-19 18:04:33, Info CSI 00000068 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:33, Info CSI 00000069 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:38, Info CSI 00000084 [SR] Verify complete
2014-05-19 18:04:38, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:38, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:42, Info CSI 00000088 [SR] Verify complete
2014-05-19 18:04:42, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:42, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:45, Info CSI 0000008c [SR] Verify complete
2014-05-19 18:04:45, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:45, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:50, Info CSI 00000090 [SR] Verify complete
2014-05-19 18:04:50, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:50, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:53, Info CSI 00000094 [SR] Verify complete
2014-05-19 18:04:53, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:53, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2014-05-19 18:04:56, Info CSI 00000098 [SR] Verify complete
2014-05-19 18:04:57, Info CSI 00000099 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:04:57, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:02, Info CSI 0000009e [SR] Verify complete
2014-05-19 18:05:02, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:02, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:08, Info CSI 000000c1 [SR] Verify complete
2014-05-19 18:05:08, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:08, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:15, Info CSI 000000c5 [SR] Verify complete
2014-05-19 18:05:15, Info CSI 000000c6 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:15, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:22, Info CSI 000000cb [SR] Verify complete
2014-05-19 18:05:22, Info CSI 000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:22, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:23, Info CSI 000000cf [SR] Verify complete
2014-05-19 18:05:23, Info CSI 000000d0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:23, Info CSI 000000d1 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:24, Info CSI 000000d3 [SR] Verify complete
2014-05-19 18:05:24, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:24, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:26, Info CSI 000000d7 [SR] Verify complete
2014-05-19 18:05:26, Info CSI 000000d8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:26, Info CSI 000000d9 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:32, Info CSI 000000ec [SR] Verify complete
2014-05-19 18:05:32, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:32, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:33, Info CSI 000000f0 [SR] Verify complete
2014-05-19 18:05:33, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:33, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:36, Info CSI 000000f4 [SR] Verify complete
2014-05-19 18:05:36, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:36, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2014-05-19 18:05:37, Info CSI 000000f8 [SR] Verify complete
2014-05-19 18:05:37, Info CSI 000000f9 [SR] Verifying 100 (0x0000000000000064) components
2014-05-19 18:05:37, Info CSI 000000fa [SR] Beginning Verify and Repair transaction

navyguy
2014-05-20, 04:08
ok got rid of those 2 .dll files and malwarebytes finally finished a scan

navyguy
2014-05-20, 04:31
well after getting rid of those .dll's in the momWOW64 file that mbytes couldn't get past, and cleared the log. I installed spybot search and destroy again, it installed in german again but i used your pictures to put it back to english and guess what it got past the 8.9% pornhub freeze thing ^^

navyguy
2014-05-20, 04:48
here is the spybot search and destroy log

OCD
2014-05-20, 07:58
Hi navyguy,


ok got rid of those 2 .dll files and malwarebytes finally finished a scan
Did you delete the .dll files?
If so, which .dll files and what were the file locations? (file path)

navyguy
2014-05-20, 12:46
C:\windows\sysWOW64\ieui.dll
C:\windows\sysWOW64\iepeers.dll
C:\windows\sysWOW64\iesetup.dll


All 3 of these were all updated on the 6th of May 2014 and were all 3 freezing up malwarebytes. Yes i deleted them. There are some other ones that look fishy but no program has picked them up so i'm sure they are either fine or i'm wrong.

navyguy
2014-05-20, 12:49
I also was recommended to this link to try on my .dlls just in case.

http://www.youtube.com/watch?v=t-6dmZjDZjw

OCD
2014-05-20, 23:15
Hi navyguy,

Randomly deleting files that some of the tools I might request you to run get hung up on doesn't mean that those files are bad. Quite the opposite, they might be critical to the performance of your computer. Please DO NOT delete and more files, folders or programs unless I ask you to do so. As I have stated previously, running tools or taking any corrective action on your own (without my knowledge) may prolong the cleaning process. It may even render your computer unbootable.

Here is some information about the Windows files you deleted:
C:\windows\sysWOW64\ieui.dll
http://www.dll-files.com/dllindex/dll-files.shtml?ieui

C:\windows\sysWOW64\iepeers.dll
http://www.bleepingcomputer.com/filedb/iepeers.dll-300.html

C:\windows\sysWOW64\iesetup.dll
http://www.bleepingcomputer.com/filedb/iesetup.dll-1094.html


Are you receiving direct (hands on) help or guidance from anyone else?
If so, have you taken any steps that I am not aware of?
Have you deleted any other files in the following directories:

C:\windows\sysWOW64
C:\windows\System32

navyguy
2014-05-21, 02:04
I understand. I will stop taking advice and only listen to you.

Do you want me to download those .dlls and put them back in their directory?

No i have not deleted anymore items other then those 3.

No i am no longer receiving help from anybody else just you, everything i have done i have told you about or i have done because you told me to.

OCD
2014-05-21, 06:06
Hi navyguy,


Do you want me to download those .dlls and put them back in their directory?

Yes, we need to replace those files. It might just be easier to use System Restore and roll back to a date prior to when you deleted those files.

After doing that, reboot, then run a new scan with FRST

In your next post please provide the following:

FRST.txt

navyguy
2014-05-21, 22:48
The .txt file was like 100 kbs and had to break it up to upload.

OCD
2014-05-22, 07:04
Hi navyguy,

For future postings please copy and past the logs directly into the reply window. When you attach the logs it requires me to download the log in order to view it. If you need to break a log up to get it to post that is fine. I appreciate your cooperation.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKU\S-1-5-21-1207316150-2202194008-3487244567-1001\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E913D168-7B79-44FE-816A-9725F1C1C2E2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=634471&p={searchTerms}
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
Toolbar: HKLM-x32 - No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
2014-05-16 23:28 - 2014-05-18 17:03 - 00000000 ____D () C:\Program Files\pcreg
S3 X6va003; \??\C:\Users\Bennett\AppData\Local\Temp\00373F4.tmp [X]


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)

Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

In your next post please provide the following:

Fixlog.txt
MBAM.txt
How is the computer running?

navyguy
2014-05-22, 23:49
Computer seems to be running just fine, a couple time I had to manually reboot and it wanted me to check the computer cause it crashed kind of hard, and i can't play my online game anymore. An when i try to download and install another online game i used to play my computer wont let the .exe program run, not really sure why.

OCD
2014-05-23, 04:18
navyguy,

Please paste the logs like I have done here in the future, it makes it easier for me to view them without downloading the file.


Computer seems to be running just fine, a couple time I had to manually reboot and it wanted me to check the computer cause it crashed kind of hard, and i can't play my online game anymore. An when i try to download and install another online game i used to play my computer wont let the .exe program run, not really sure why.
In one sentence you say the computer is running fine, then you state your still having issues. Can you please explain in detail what problems you are having.

==============================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by Bennett at 2014-05-22 16:41:37 Run:1
Running from C:\Users\Bennett\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKU\S-1-5-21-1207316150-2202194008-3487244567-1001\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E913D168-7B79-44FE-816A-9725F1C1C2E2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=634471&p={searchTerms}
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
Toolbar: HKLM-x32 - No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
2014-05-16 23:28 - 2014-05-18 17:03 - 00000000 ____D () C:\Program Files\pcreg
S3 X6va003; \??\C:\Users\Bennett\AppData\Local\Temp\00373F4.tmp [X]
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKU\S-1-5-21-1207316150-2202194008-3487244567-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E913D168-7B79-44FE-816A-9725F1C1C2E2} => Key deleted successfully.
HKCR\CLSID\{E913D168-7B79-44FE-816A-9725F1C1C2E2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0C8413C1-FAD1-446C-8584-BE50576F863E} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E} => Key not found.
pcregservice => Service deleted successfully.
C:\Program Files\pcreg => Moved successfully.
X6va003 => Service deleted successfully.

==== End of Fixlog ====



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/22/2014
Scan Time: 4:46:04 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.22.11
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bennett

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 232293
Time Elapsed: 2 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

navyguy
2014-05-23, 04:34
my PC wont let me play any of my games, connect to servers and update or even install onto the computer itself

OCD
2014-05-23, 04:56
Hi navyguy,


my PC wont let me play any of my games, connect to servers and update or even install onto the computer itself
Please give some specifics:

What games?
Cannot connect to what servers and update what?
Cannot install what? (ie software, program updates ...)


The more information you can provide the better I can troubleshoot what might be causing the problem.

navyguy
2014-05-23, 05:49
Hi navyguy,


Please give some specifics:

What games?
Cannot connect to what servers and update what?
Cannot install what? (ie software, program updates ...)


The more information you can provide the better I can troubleshoot what might be causing the problem.

Sorry about being so vague, I actually fixed it myself. So now my computer is protected and clean it looks like, I would like to thank you Mr. OCD for all of your help.

OCD
2014-05-23, 07:40
Hi navyguy,

I'm glad you were able to resolve the issues you were encountering.

We have a few items to take care of before we get to the All Clean Speech.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Uninstall Combofix

The following will implement important cleanup procedures as well as reset System Restore points:

Click on the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html) and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.

Please note that there is a space between combofix and /uninstall.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/CFwindows-7-start-menu_zps188282d2.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CFwindows-7-start-menu_zps188282d2.jpg.html)

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Clean up with OTL:

Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Removing/Uninstalling AdwCleaner:

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) You can now delete any tools and/or logs remaining on your desktop.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:


NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

navyguy
2014-05-24, 07:12
ok i think i'm all good, again thank you OCD.

OCD
2014-05-24, 08:01
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.