Also i have to say, that i have purchased the Avast!internet security for 2 years, and everytime i’m installing it, on the next reboot pc doesn’t load windows, then it automatically goes to windows will try to scan for errors and try to fix them, well Windows is not able to repair, so all i can do is turn off PC or go to restore windows to previous date, well i restore and then i go when the Antivirus is not installed…and this forever an ever in a loop…
thanks again.
P.D:i’m attaching the last file i have…
Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2
Note: It is important that it is saved directly to your desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Hi Jeffce,
thanks for your help, ok now i run combofix but i cannot see the report, also it never restarts the pc, seems like it has finished scanning, window disappear and that’s it…i’m not even touching the mouse or anything.
i was reading on the essexboy post, and when i have to run OTL he says select ALL USERS…what does it mean, i’m never asked for that or cannot even see that to check it.
[*] Go to start>control panel>folder options>view
[*] Choose to “show hidden files and folders,”
[*] Uncheck the “hide protected operating system files” and the “hide extensions for know file types” boxes.
[*] Close the window with ok
Please delete your copy of ComboFix from your Desktop using right-click >> delete.
Now visit the link here >> http://www.mediafire.com/?3wuubumznr3cs8h and download the file to your Desktop. Once downloaded to your Desktop, run the program. There will be a log produced I will need in your next reply.
the same issue as before, it scans, looks like it has finished, but i’m not even able to close the window, it disappears and that’s all, also on C: there is no report at all…
Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
SRV:[b]64bit:[/b] - [2009/07/14 02:39:46 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\SysNative\bb-run.dll -- (snoopfreesvc)
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - SOFTWARE\Classes\CLSID\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619
IE - HKCU\..\URLSearchHook: {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - SOFTWARE\Classes\CLSID\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar_ES Toolbar) - {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - C:\Program Files (x86)\uTorrentBar_ES\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_ES Toolbar) - {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - C:\Program Files (x86)\uTorrentBar_ES\prxtbuTor.dll File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O33 - MountPoints2\{16478422-317d-11e1-9f37-00241d15fa81}\Shell - "" = AutoRun
O33 - MountPoints2\{16478422-317d-11e1-9f37-00241d15fa81}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
NetSvcs:[b]64bit:[/b] snoopfreesvc - C:\Windows\SysNative\bb-run.dll (Iomega)
[2012/03/12 13:33:01 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/03/02 12:54:55 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_trash.cmd
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
:Files
ipconfig /flushdns /c
dir C:\Users\Cure\AppData\Local\cf5171c8 /s /c
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )