Avast is the only program I was trying to run, I uninstalled AVG long ago and PC pro I uninstalled right after it ran. I even ran an uninstall tool to get rid of AVG, perhaps the system restores I have tried have left shadows of the programs on my PC. This latest program has sent me into safe mode again. Hope it worked, thanks for your help !
Hi,
Ok let’s try and get those antivirus programs knocked out of there…
Please do the following:
Hold down the Windows key and press R to open a run box
type the following text into the run box
appwiz.cpl
This will open your Programs And Features. A list of installed programs will populate
Remove the following programs if they are there:
AVG, PC Cleaner Pro, CA Yahoo! Anti-Spy (remove only)
If AVG is not there (or after you remove it) download and run the tool found here >> http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe
Run a new scan with ComboFix and attach the new log that is created.
One question, do I run the new scan by dragging those instructions to it again?
No not this time…just run a normal scan. 
The AVG cleaner didn’t do the job as CF was still detecting it but I ran it anyways…
Hi,
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
File::
c:\windows\system32\drivers\kdwijva.sys
Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
Driver::
eltytq
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Hi, here it is…
[list]Hi,
Malwarebytes
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
ESET Online Scanner
I’d like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don’t go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
[]Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
[]Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
[*]Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[]Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.
[*]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
[*]Click the Start button.
[]Accept any security warnings from your browser.
[]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
[*]Make sure that the option “Remove found threats” is Unchecked
[*]Push the Start button.
[]ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
[]When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
[*]Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
[*]Push the Back button.
[*]Push Finish
http://www.eset.com/onlinescan/
In your next reply please attach the logs made by Malwarebytes and ESET.
9 objects found !
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
File::
C:\Documents and Settings\Buckeye Rob\Application Data\Mozilla\Firefox\Profiles\cxcq3xmg.default\extensions\{c74d2683-d76b-40a2-a534-98330284414e}\chrome.manifest
C:\Documents and Settings\Buckeye Rob\My Documents\Driver Genius Professional Edition V9.0.0.180 (Retail) (Fully Updatable) [h33t] [blaze69]\Driver_Genius_9_Professional_US_Full.EXE
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R3ZNQPQY\imp[4]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RHGNSJPZ\imp[2]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RHGNSJPZ\imp[3]
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
In your next reply attach the new ComboFix log and let me know how your system is running.
Well it is running pretty good except for I am still in safe mode :o was I maybe not supposed to have unchecked remove all threats in that previous scan ?
Hi,
So you are not able to boot to Normal Mode at all? What happens when you try to do so?
When I turn it on, it tries to boot normally then it reboots, then I get a choice of start normally, last good configuration, safe mode, safe with networking, safe with command. Trying the first two does not work…
We may need to do a repair…
Go to Start >> Run >> type CMD and this will open the Command Prompt.
Once open I want you to copy/paste the following into the Command Prompt
chkdsk /r
Once complete try to boot to Normal Mode and let me know what happens.
Well, first it said it could not perform the function but i could schedule it to be done upon reboot; which I did the safe mode menu came up and I chose ‘last good configuration’ and it booted up into regular mode. But I am still getting the pop up messages about ololoshaface…Okay I’m the dummy and you’re the experts but on the ESETScan which found 9 threats should I really have not checked the box to remove threats ?
Hi,
Just because ESET detects something does not necessarily mean it is specifically bad. It is better to ere on the side of caution in my opinion, but we can remove the other entries. When you receive that popup could you take a screenshot of it and attach it here too?
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
File::
C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
A windows pop up came up during the scan saying grep.exe (I think that was the name should’ve jotted it down) needed to close I clicked do not send and let it run.
SS are too big to attach on here, here is what the two most common ones say : Infection Details
URL: “http://ololoshaface.com/x/”
Process: “C:\WINDOWS\System32\svchost.exe”
Infection: “URL:Mal”
Infection Details
URL: “http://c2pokerface.com/x/”
Process: “C:\WINDOWS\System32\svchost.exe”
Infection: “URL:Mal”
There are a few others that pop up they are very similar but for the most part it is just these two that come up, my PC seems to booting up normally most of the time now, it has been going back and forth between normal and safe mode for around a month now.
Hi,
Please delete your copy of OTL and then download a fresh copy to your system. Once downloaded run a new scan and attach the new log to your reply.
OTL ran with no crash this time.