This topic is locked
Thank you for the Extras log. It revealed something very important:
[ System Events ]
Error - 8/8/2012 7:57:35 AM | Computer Name = Neox-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Let's get started. Please print these instructions so you will have them to follow as you complete each step. If you don't understand something or something is not clear Stop and Ask.
Read through the instructions and download any tools I have asked you to download and save them to the Desktop. Then print the directions. Log out of GeeksToGo and close the browser. Then follow the directions in the order they are asked for.
The following is general information we give members. The decision to uninstall these programs is yours.
PunkBuster Advice:
There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.
If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.
So my advice would be download the Removal Tool for PunkBuster to the desktop.
Right-click on pbsvc.exe and select Run as Administrator >> follow the prompts.
You may reinstall Punkbuster when I give the all clear if you wish.
Registry Cleaning Tools
Also I see CCleaner. Please do not use the registry cleaner in this tool. And for that matter do not use registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.
We are gonna uninstall the programs you don't need. First we need to disable the real time scanning of all of the antispyware programs.
Step-1.
Disable SpyBot S&D TeaTimer
- Right click the Spybot Icon in the System Tray (looks like a calendar with a padlock symbol ) and click Exit Spybot S&D Resident
- Run Spybot S&D
- Go to the Mode menu, and make sure Advanced Mode is selected.
- You may be presented with a warning dialog. If so, press Yes.
- Click on
- Click on
- Uncheck these boxes:
- Close Spybot S&D and Restart your computer.
Disable Malwarebytes' Real Time Protection (Registered version only)
- Open MalwareBytes.
- Click the Protection tab.
- Remove the tick from "Start with Windows"
- Reboot the computer
Disable SuperAntiSpyware:
- Open SUPERAntiSpyware
- Click on Preferences
- Click the Real-Time Protection tab
- Uncheck Real-Time protection
- Click on the Hi-Jack Protection tab
- Under Home Page Protection, uncheck "Protect Home Page from being changed. Changes can only be made here."
- Click on Close.
- Close SUPERAntiSpyware
- Reboot the computer.
Now we are gonna uninstall some programs.
Step-2.
Program uninstalls
1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):
Spybot-Search & Destroy
BablyonObjectInstaller
Java 6Update22
3. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.
AVG is not in the Program Uninstall list so what is in the log is probably just remnants that uninstalling the program didn't remove. So we will use the AVG removal tool to get rid of those.
AVG Remover
Please download the AVG removal tool here and save it to the Desktop.
- Right click on the avg_remover_stf_x86_2012_2125.exe file and click Run as Administrator to run the file.
- You will be asked during the removal procedure to restart your computer. Therefore, please make sure to finish your work and save all important data prior to launching AVG Remover.
Now we need to run an OTL fix
Step-3.
OTL FixBe advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.
1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-4133368832-3342889942-1754129440-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000fb5cb892d
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112542&tt=3212_3&babsrc=HP_ss&mntrId=526d83fe000000000000000fb5cb892d"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112542&tt=3212_3&babsrc=KW_ss&mntrId=526d83fe000000000000000fb5cb892d&q="
[2012/07/09 15:20:02 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/08 16:03:36 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-4133368832-3342889942-1754129440-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKU\S-1-5-21-4133368832-3342889942-1754129440-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{ff6c0242-288d-11e1-ba10-002185028e00}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6c0242-288d-11e1-ba10-002185028e00}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
[2012/03/04 22:41:48 | 000,000,037 | -HS- | C] () -- C:\Users\Neox\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/07/19 17:53:25 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
:FILES
inconfig /flushdns /c
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
C:\Program Files\Babylon
C:\ProgramData\Babylon
C:\$AVG
C:\ProgramData\AVG2012
C:\Program Files\AVG
C:\Program Files\Spybot - Search & Destroy
:COMMANDS
[RESETHOSTS]
[EMPTETEMP]
Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
2. Please re-open
on your desktop.3. Place the mouse pointer inside the
textbox, right click and click Paste. This will put the above script inside the textbox.4. Click the
button.5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the
button.8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the
button. Post the log it produces in your next reply.We need to have a couple of files scanned for malware
Step-4.
Jotti File Submission:
- Please go to Jotti's malware scan
- In the Joiit malware scan section, click the Browse button and copy and paste the following file path into the "File to scan:"box on the top of the page:
- Click on the submit file button.
- Do this for each Path and File listed below:
- C:\Users\Neox\Desktop\AvA.lnk
- C:\Windows\System32\services.msc
Step-5.
Things For Your Next Post:
Why do you continue to post your logs with Spoiler tags? Please just Copy and Paste them into your posts
1. Were you able to disable the real time protection in MalwareBytes, Spybot S&D and SuperAntiSpyware?
2. How did the program uninstalls go?
3. The OTL fixes log
4. The new OTL.txt log (There won't be an Extras.txt file this time)
5. The results of the files scanned by Jotti
6. How is the computer running now?
Sign In
Create Account
