1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

Multiple running processes of ie and Chrome using up serious memory and causing program lockups

Discussion in 'Virus, Spyware and Malware Removal Help' started by LadyGreenWitch, Sep 11, 2015.

  1. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    Hi Mal,
    Thanks for sticking with me on this. I really appreciate it. Things seem to be working pretty darn well. So far so good. The service out here is poor a lot of the time, but taking that into consideration the lockups are much better. I think we may finally be at the end of this madness. Looking forward to your reply.

    TTFN,
    LGW

    Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by Teresa's Laptop (2015-10-01 13:56:25) Run:9
    Running from C:\Users\Teresa's Laptop\Desktop
    Loaded Profiles: Teresa's Laptop (Available Profiles: Teresa's Laptop)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Windows\System32\GWX\GWX.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-09-10] ()
    Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
    Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
    Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
    Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> OldDefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
    Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
    FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S3 ogmservice; "C:\Program Files (x86)\Online Games Manager\ogmservice.exe" --service-run [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    C:\Windows\system32\GWX
    C:\Windows\SysWOW64\GWX
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job
    C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
    C:\Windows\system32\Drivers\etc\hosts_bak_236
    C:\Windows\System32\Tasks\SidebarExecute
    C:\Windows\system32\Drivers\etc\hosts_bak_245
    C:\Windows\system32\Drivers\TrueSight.sys
    C:\ProgramData\Comodo
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    C:\ProgramData\AVAST Software
    C:\ProgramData\Real
    015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    Task: {A9EA09CC-0210-4813-9E2E-C3929101A8B6} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {CEBD64CB-0BA9-4BF9-909A-7C46A4503760} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
    IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
    IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
    IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
    IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
    IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
    IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
    IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
    IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
    IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
    IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
    IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
    IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
    IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
    IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
    IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
    IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
    IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
    IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
    IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com
    CMD: netsh winsock reset catalog
    hosts:
    Emptytemp:
    reboot:
    end


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Windows\System32\GWX\GWX.exe => moved successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => moved successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-3797571617-2345687493-384676197-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\OldDefaultScope => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully
    HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
    C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => moved successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
    C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.
    "HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin" => key removed successfully
    C:\Program Files (x86)\PDFlite\npPdfViewer.dll => not found.
    "HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
    C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => moved successfully
    "HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
    C:\Users\Teresa's Laptop\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll => not found.
    WinDefend => service removed successfully
    ogmservice => service removed successfully
    catchme => service removed successfully
    C:\Windows\system32\GWX => moved successfully
    C:\Windows\SysWOW64\GWX => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => moved successfully
    C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
    C:\Windows\system32\Drivers\etc\hosts_bak_236 => moved successfully
    C:\Windows\System32\Tasks\SidebarExecute => moved successfully
    C:\Windows\system32\Drivers\etc\hosts_bak_245 => moved successfully
    C:\Windows\system32\Drivers\TrueSight.sys => moved successfully
    C:\ProgramData\Comodo => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO => moved successfully
    C:\ProgramData\AVAST Software => moved successfully
    C:\ProgramData\Real => moved successfully
    015-09-23 18:36 - 2015-09-23 18:36 - 0000017 _____ () C:\Users\Teresa's Laptop\AppData\Local\resmon.resmoncfg => Error: No automatic fix found for this entry.
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EA09CC-0210-4813-9E2E-C3929101A8B6}" => key removed successfully
    C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEBD64CB-0BA9-4BF9-909A-7C46A4503760}" => key removed successfully
    C:\Windows\System32\Tasks\SidebarExecute => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => not found.
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job => not found.
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => key removed successfully
    "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => key removed successfully

    ========= netsh winsock reset catalog =========

    Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 348.9 MB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 14:01:16 ====



    VirIT eXplorer Lite Log

    [SCANNING MEMORY]
    OK
    --------------------------------------------------------
    01/10/2015 - 14:09:19

    [SCANNING REGISTRY]
    OK

    [C:]
    MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
    BOOT SECTOR: OK
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\FileAssociationManager\FAM.exe.vir Infect of PUP.Win32.AmnisTech.A
    * * * CLEAN * * *
    C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiGuard.exe.vir Infect of PUP.Win32.Reimage.A
    * * * CLEAN * * *
    C:\Old Disk\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-Teresa.reg Infect of Trojan.Win32.Startpage.CFX
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Application Data\Real\RealPlayer\Update\RealPlayer11.exe Infect of Trojan.Win32.DownLoad1.NWI
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\Tools\Installs\avg_free_stb_all_2011_1153_cnet.exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Desktop\wrar350.exe Infect of Trojan.Win32.Agent2.WQF
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\Documents and Settings\Teresa.TERESA\Local Settings\Temporary Internet Files\Content.IE5\BRUDHJ2S\avg_free_stb_all_2011_1153_cnet[1].exe -> avgrunasx.exe Infect of Trojan.Win32.Inject1.DAPL
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Common Files\SpeechEngines\Microsoft\SR61\1033\ITNGRAM.DLL Infect of Trojan.Win32.Crypt_s.FWA
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Dream Chronicles - The Book of Air\xgmddkd.exe Infect of Trojan.Win32.Generic.MZ
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\iWin.com\Nancy Drew Blackmoor\NancyDrewCurse.ifn Infect of Backdoor.Win32.Bandok.B
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Midnight Mysteries - Salem Witch Trials\hqxwpqp.exe Infect of Trojan.Win32.Generic.MZ
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll Infect of Adware.Win32.Coupons.A
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll Infect of Adware.Win32.Coupons.A
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Enforce.dll Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\mmlicmgr.dll Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MMCodec.dll Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\MP3.cdc Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.out Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Jukebox\Plugins\wma.inp Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\mmlicmgr.dll Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\MP3Pro.cdc Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\Musicmatch Music Services\Musicmatch Update\WMP\MP3Pro.cdc Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\Enforce.dll Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MMCodec.dll Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\MP3.cdc Infect of Packer.Vundo.Gen
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll Infect of Spyware.ViewPoint.A
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\WebEx\WebEx\832\atscjoin.exe Infect of Trojan.Win32.Generic.CMDR
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Common\Yshortcut.exe Infect of Trojan.Win32.Click2.BVBU
    * * * CLEAN * * *
    C:\Old Disk\Old PC Docs etc\RESCUE\Program Files\Yahoo!\Messenger\YServer.exe Infect of Trojan.Win32.Generic.BYKS
    * * * CLEAN * * *
    C:\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\Templates\CrazyTalk 4 Template\Effect\Stork.js Infect of I-WORM.JS.A
    * * * CLEAN * * *
    C:\Program Files (x86)\ERUNT\NTREGOPT.EXE Infect of Trojan.Win32.Banker6.CDPF
    * * * CLEAN * * *
    C:\Program Files (x86)\Google\Picasa3\PicasaUpdater.exe Infect of Trojan.Win32.Click.CQE
    * * * CLEAN * * *
    C:\USERS\TERESA'S LAPTOP\DESKTOP\MYPHONEEXPLORER PORTABLE\DLL\MPECLIENT.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
    * * * CLEAN * * *
    C:\Users\Teresa's Laptop\Downloads\Installer_mysteriesnevervrunestoneoflight.exe Infect of Trojan.Win32.Stealer.TMS
    * * * CLEAN * * *
    C:\USERS\TERESA'S LAPTOP\SD CARD DOWNLOAD\DOWNLOAD\360MOBILESAFE_1.0.0.1084.APK -> classes.dex Infect of Android.Trj.SMSAgent-S.Gen
    * * * CLEAN * * *
    C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll Infect of PUP.Win32.Linkury.A
    * * * CLEAN * * *
    [D:]
    MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
    BOOT SECTOR: OK
    Infected Registry keys: 0.
    Files infected: 39.
    Files suspected: 0.
    Files scanned: 728843.
    Files totals: 728843.
    Registry keys clean: 0.
    Files cleaned: 38.
     
    Last edited by a moderator: Oct 2, 2015
  2. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Lets run a couple new programs, then change settings for another for that you currently have. When you have completed these steps, we will clean up all the tools we used and I will make some suggestions to you on how to save some bandwidth and keep from being infected again..

    Step 1: Have CCleaner Remove All Temp Files at each Reboot of your machine!


    Lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

    [​IMG]

    Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

    To do this:
    • Hit options.
    • Settings.
    • Place a tick to run Ccleaner when the computer starts.


    [​IMG]

    Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

    [​IMG]

    STEP 2: Disable USB Autoruns with USB Fix.


    Download USB Fix from the link below.
    http://www.telecharger.sosvirus.net/download/usbfix/
    You click the button that reads. Telecharger.
    Download.png
    Wait on the countdown to complete, save the file to your desktop.
    Right Click run as ADMIN. Then Click on the Clean Button.
    Decline offer from their help site, a report will be generated on your desktop please post that in your next reply.
    NOTE!! This program will close unessential items, save any work prior to running.


    STEP Three FINAL Virus Scan with eScanAV


    Download the eScanAV Anti-Virus Toolkit (MWAV)
    http://www.escanav.com/en/antivirus...ter.asp?pcode=MWAV&src=english_dwn&type=alter

    Save the file to your desktop.
    Right click run as administrator.
    A new icon will appear on your desktop.
    Right click run as administrator on new icon.
    Click on the update tab.
    Once you have updated the program, make sure the settings are the same as the picture below.
    [​IMG]
    Once you have made sure the settings match the picture, hit the Scan & Clean button.
    Upon scan completion, click View Log.
    [​IMG]
    Copy and paste entire log into your next reply.
    Note: Reboot after you remove infections.
     
  3. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    OkeeDokee Mal,
    Here you go mate, what else needs doin?
    TTFN,
    LGW



    ################## | System information |

    MB: Dell Inc. (0XN71K)
    CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
    GC: NVIDIA GeForce GT 555M
    RAM -> [Total : 8086 Mo | Free : 5579 Mo]
    Bios: Dell Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Google Chrome : 45.0.2454.101

    ################## | Security Information |

    AV: 360 Total Security [Enabled |Updated]
    AS: 360 Total Security [Enabled |Updated]
    AS: Malwarebytes Anti-Malware : 2.1.8.1057
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C:\ (%SystemDrive%) -> Fixed disk # 452 Gb (197 Gb free - 44%) [OSDisk] # NTFS
    D:\ -> Fixed disk # 14 Gb (7 Gb free - 53%) [Recovery] # NTFS
    F:\ -> Fixed disk # 466 Gb (465 Gb free - 100%) [DATAPART1] # NTFS

    ################## | Generic Research |


    (!) Temporary files deleted. (32.174877166748 MB)

    ################## | Startup |

    F2 - HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
    F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\System32\userinit.exe,
    04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    04 - HKLM\..\Run : [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
    04 - HKLM\..\Run : [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
    04 - HKU\S-1-5-21-3797571617-2345687493-384676197-1002\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    04GS - NETGEAR A6100 Genie.lnk : C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe

    ################## | UsbFix - Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?
    Live detection : http://how-to-remove.us/

    ################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

    [25/10/2013 - 14:02:18 | A | 2 Ko] - C:\logFileUI.txt
    [13/09/2015 - 03:52:33 | A | 32 Ko] - C:\ComboFix.txt
    [02/10/2015 - 19:40:03 | ASH | 6210176 Ko] - C:\hiberfil.sys
    [02/10/2015 - 19:40:14 | ASH | 8280236 Ko] - C:\pagefile.sys
    [01/10/2015 - 13:50:47 | D] - C:\Config.Msi
    [12/09/2015 - 16:04:23 | A | 0 Ko] - C:\zoek-results2015-09-12-230423.log
    [12/02/2014 - 22:06:23 | A | 0 Ko] - C:\AVScanner.ini
    [01/12/2006 - 23:37:14 | A | 884 Ko] - C:\msdia80.dll
    [15/01/2014 - 17:42:40 | A | 594 Ko] - C:\SecurityScanner.dll
    [20/11/2014 - 19:43:51 | A | 20 Ko] - C:\bootsqm.dat
    [05/11/2013 - 20:05:42 | A | 0 Ko] - C:\local.conf
    [17/05/2011 - 04:12:52 | A | 151 Ko] - C:\splash.bmp
    [13/09/2015 - 03:43:44 | SHD] - C:\$RECYCLE.BIN
    [17/06/2011 - 04:27:01 | RAS | 8 Ko] - C:\BOOTSECT.BAK
    [13/07/2009 - 20:20:08 | D] - C:\PerfLogs
    [13/07/2009 - 22:08:56 | SHD] - C:\Documents and Settings
    [20/11/2010 - 20:23:51 | RASH | 375 Ko] - C:\bootmgr
    [17/06/2011 - 04:22:56 | D] - C:\Hotfix
    [17/06/2011 - 05:28:14 | D] - C:\Recovery
    [11/01/2014 - 02:41:19 | D] - C:\first_launch
    [16/01/2014 - 17:06:52 | D] - C:\inetpub
    [16/01/2014 - 17:21:44 | D] - C:\bront
    [16/01/2014 - 17:25:45 | D] - C:\Brother
    [25/04/2014 - 10:22:37 | AD] - C:\Old Disk
    [22/05/2014 - 20:26:39 | D] - C:\dell
    [27/06/2014 - 15:14:11 | D] - C:\temp
    [23/02/2015 - 13:05:25 | RHD] - C:\MSOCache
    [11/03/2015 - 04:34:39 | D] - C:\Boot
    [07/04/2015 - 19:57:24 | D] - C:\AVAST Software
    [16/07/2015 - 12:03:55 | D] - C:\GameHouse Games
    [11/09/2015 - 17:42:56 | D] - C:\AdwCleaner
    [12/09/2015 - 17:37:54 | D] - C:\zoek_backup
    [12/09/2015 - 17:46:22 | D] - C:\zoek
    [13/09/2015 - 03:52:36 | D] - C:\Qoobox
    [16/09/2015 - 05:49:46 | RD] - C:\Users
    [25/09/2015 - 01:32:35 | D] - C:\RegBackup
    [01/10/2015 - 11:37:21 | RD] - C:\Program Files (x86)
    [01/10/2015 - 12:27:46 | D] - C:\Program Files
    [01/10/2015 - 13:57:52 | D] - C:\ProgramData
    [01/10/2015 - 14:01:16 | D] - C:\FRST
    [02/10/2015 - 19:40:01 | D] - C:\VEXPLite
    [02/10/2015 - 19:40:05 | D] - C:\360SANDBOX
    [02/10/2015 - 19:44:07 | D] - C:\Windows
    [02/10/2015 - 19:53:11 | D] - C:\$360Section
    [02/10/2015 - 19:56:11 | D] - C:\UsbFix

    ################## | D:\ - Fixed drive (NTFS) |

    [17/06/2011 - 08:31:47 | A | 0 Ko] - D:\Factory.log
    [17/06/2011 - 05:28:14 | A | 0 Ko] - D:\ResSys.ini
    [24/09/2015 - 17:15:59 | N | 3 Ko] - D:\bootsqm.dat
    [08/07/2015 - 03:19:58 | D] - D:\$RECYCLE.BIN
    [17/06/2011 - 05:28:14 | D] - D:\Dell
    [01/08/2013 - 03:46:20 | D] - D:\recovery

    ################## | F:\ - Fixed drive (NTFS) |

    [24/09/2015 - 17:11:15 | A | 3 Ko] - F:\bootsqm.dat
    [27/06/2011 - 17:00:46 | RA | 1 Ko] - F:\MediaID.bin
    [08/07/2015 - 03:19:58 | D] - F:\$RECYCLE.BIN
    [20/11/2014 - 14:35:53 | D] - F:\WindowsImageBackup
    [26/09/2015 - 14:27:52 | RD] - F:\TERESAS

    ################## | Vaccin |

    C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    Analysed in 29.38 seconds
     

    Attached Files:

    Last edited by a moderator: Oct 3, 2015
  4. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    ...................:devil:

    Remove Remnants of Spybot that are cluttering your HDD and making scans on your machine longer.


    Get the Everything Search Engine
    Type Spybot into search window.
    Then Click Edit.
    Select All
    Right Click Highlighted items
    >>>>>>>> Copy full name to clipboard.
    Open Notepad >>>>>>> Paste to notepad.
    Name the file Fixlist
    Save to your desktop.
    Download and save FRST 64bit or FRST 32 bit to your Desktop.
    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
    Right click FRST or FRST64 Run as Admin.
    Click the fix button.
    Reboot if needed.....


    Some Suggested Software To Keep You Safe On The Internet.

    Click Me To Update Software. Update Software.
    Qualys BrowserCheck
    To update plugins.
    Web Of Trust
    To Avoid Shady Websites.
    Unchecky
    To Avoid Bundled Software.
    AdBlock Plus
    To Browse The Web Ad Free
    FanBoys Ultimate list.
    Add The Ultimate List.
    ToolWhiz Smart Defrag
    Defrag Your Machine With Speed.
    For Chrome
    Adguard
    For FireFox
    Adguard



    Now Lets Clean up the tools we used and remove old restore points.



    Download DelFix by "Xplode" to your Desktop.
    Right Click the tool and Run as Admin ( Xp Users Double Click)
    Put a check mark next the items below:


    Remove disinfection tools
    Create registry backup
    Purge System Restore




    Now click on "Run" button.
    allow the program to complete its work.
    all the tools we used will be removed.
    Tool will create and open a log report (DelFix.txt)
    Note: The report can be located at the following location C:\DelFix.txt


    Only allow programs that you wish to run on your machine, this tool will put you in full control of processes that execute on your machine.


    Install VoodooShield

    Disable Useless Windows Updates on your machine, you are not a part of a business. It is not going to hurt your machine to not update it. I have not updated my machines for years. Most of the time my computer will give up before I have an issue with the Operating System. Plus it steals bandwidth and slows your computer down anyhow.


    Hit the start menu
    Type Services.msc Hit enter

    Find Windows update service
    Stop it the go to properties.
    Change the start up type to disabled.


    Do the same for the DNS Client and Iphelper Services.

    Then Disable IPV6 How to disable IPv6

    While you disable IPV6 then download the Disable IPv6 on all tunnel interfaces MSfix it to remove tunnel adapters.

    Change your DNS to OpenDNS or Google DNS
    http://www.rentanadviser.com/en/products/smart-dns-changer/smart-dns-changer.aspx


    Uninstall the programs below, if you wish.


    VIRIT LITE
    Zemana Antimalware.

    Disable Ccleaner Monitoring from your maachine, it is useless.

    Run OTL as Admin and press Run Scan. Post the log.


    Reboot your machine. Tell me if you have any other single issue.
     
    Last edited: Oct 3, 2015
    LadyGreenWitch and Cameldung like this.
  5. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    OK! That's a lot of stuff. Things sure have gotten a lot more involved, I used to be able to fix my PC's by going into DOS. LOL. I will follow all of your instructions and post back. I have been having a LOT of lock ups lately, but I think that I have narrowed this batch down to some issues with Outlook. You Mal are a total and complete Sweetheart, and I appreciate every second that you have spent working with me on getting all of this mess cleared up. You my dear sir, ROCK! Will look forward to a clean bill of health soon.

    TTFN,
    LGW
     
    Malnutrition likes this.
  6. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    That must have been when you were just a wee Lass because I know you are not much more than sweet sixteen. :)
     
    LadyGreenWitch and Crush like this.
  7. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    When you get time to complete just Copy and Paste the OTL logs. Please tell me whether the machine is locking up or just when using the internet.

    I would like to see the temperature on this machine as well, we will get to that and if Windows Updates installed a screwy driver then we will see if that can be pin pointed as well......

    For now carry out the task at hand and lets see if that cures the issue, I like to figure these things out so as long as you are willing I have a lot of ideas on getting your machine running like new without hiccups. :D
     
    LadyGreenWitch likes this.
  8. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    How are things? An update on the issue would be great. :D
     
    LadyGreenWitch likes this.
  9. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    Mal,
    I have been so busy, I haven't had time to finish your instructions. What I have noticed, is a lot of locking up that I cannot account for. Do you think that upgrading to 10, which I have steadfastly avoided, could potentially resolve this issue?
     
  10. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Simply put NO! You will not like it, you still have windows 7 disk? Better off doing a clean install of windows 7 installing service pack one and disabling updates/
     
    LadyGreenWitch and Cameldung like this.
  11. Crush

    Crush I am admin, ruler of my domain Administrator iHF Master Craftsman

    Joined:
    May 1, 2014
    Messages:
    2,098
    Likes Received:
    697
    Trophy Points:
    123
    I have Windows 10...It's great :)
     
  12. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    M'Lady, As with all Windows versions you will get mixed views and results. My advice would be to stay with Windows 7 if it serves it's purpose and you are satisfied with how it works for you. Windows 10 is still buggy and in some cases need more attention than warranted. You will eventually have to migrate to Windows 10 but until you see the necessity I would stay with what I know. :)
     
  13. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    You still need to finish everything, also do the lock ups happen while online only???
     
    LadyGreenWitch likes this.
  14. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    Hey Guys,
    Thank you all for your opinions, and since I have lots of experience with Microsoft and their roll outs, :mad::eek::banghead::wtf::arghh: I am going to stick with 7, (Crush you are a braver man than I, Gunga Din. ;) ) @Malnutrition, the lockups started just online, now they seem to be affecting Office, and the pc in general. I originally thought it was a faulty .pst file in Outlook, but now it's effect is showing in Word and Excel as well. I'm also getting irked with GlassWire, the firewall with 360. Love 360, but GlassWire doesn't seem as intuitive as Comodo. I guess I am just getting old, and like what I am used to. LOL. Let me finish the instructions and see if anything is resolved that way. Otherwise, I may just have to bite the bullet and reformat. I know that you guys don't consider that a big deal, but little ole Witchy Poo, thinks of reformatting like getting my teeth pulled, BLECH! LOL. Okay, I will check back soon. Or we could keep trying your ideas! I like that idea best of all. LOL. I am always up for experimentation. So lets see where we are after the last set of instructions are completed.
    TTFN,
    LGW
     
    Last edited: Oct 19, 2015
  15. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    OK Mal,

    Here are the OTL logs. I sure hope we figure this out. I am starting to doubt my skills. LOL Looking forward to your reply. Hope you have a terrific week.

    TTFN,

    LGW
     

    Attached Files:

  16. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    Hi Mal,
    No rush, just curious as to whether you see anything in the OTL logs, and any other tips or tricks you might have for me. Looking forward to your reply,
    TTFN,
    LGW
     
  17. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Sorry, I have been in the middle of no where. I am at a location now that I can respond, expect a reply within 24 hours.

    I was unable to even log into this forum from my phone, and had issues with other places I help.
     
  18. LadyGreenWitch

    LadyGreenWitch I'll get you my pretty, and your little log too! iHF Regular

    Joined:
    Sep 7, 2015
    Messages:
    64
    Likes Received:
    23
    Trophy Points:
    8
    Bummer, welcome back to the 21st century. LOL
     
  19. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Open OTL.exe (Right Click OTL Run As Admin)
    Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    Code:
    :processes
    killallprocesses
    
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:[b]64bit:[/b] - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: gamehouse.com ([www] https in Trusted sites)
    O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
    
    
    
    :Services
    
    :Reg
    
    :Files
    C:\Windows\SysNative\drivers\etc\hosts
    ipconfig /flushdns /c
    
    
    :Commands
    [purity]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [emptytemp]
    [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces
     
  20. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
Loading...

Share This Page