Jump to content

Recommended Posts

Hey, yesterday I found a weird program in my pc called SEARCH PROTECT BY CONDUIT. I immediately uninstalled it through Windows control panel and did a boot scan with Avast. The scan showed up several infections of SEARCH PROTECT and other malware, and apparently erased them all.

 

Just did a Malwarebytes scan and nothing showed up, but I've read that SEARCH PROTECT is a tough one to remove, so I'm not really sure if the Avast scan was enough... I would really appreciate if you could help me find out if it's clean or not!

 

My dds:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16496
Run by FAMILIA at 16:59:59 on 2013-08-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.57.1033.18.3070.1789 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATII4E.EXE
C:\Users\FAMILIA\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatii4e.exe /ept "epltarget\P0000000000000000" /M "L355 Series"
uRun: [F.lux] "c:\users\familia\local settings\apps\f.lux\flux.exe" /noshow
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A0EB221A-6A8B-4941-8F01-A55AAF31A702} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-8 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-8 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-8 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-8 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-8 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-8 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-8 46808]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-8-8 122000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-2-9 325672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-8 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-8-8 24064]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-8-8 27136]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-08-09 14:56:25 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{acb34470-f654-46cd-ab47-dec12e5ba7de}\offreg.dll
2013-08-09 13:44:39 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-08-09 13:44:27 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{acb34470-f654-46cd-ab47-dec12e5ba7de}\mpengine.dll
2013-08-09 04:03:09 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-08-09 04:02:34 -------- d-----w- c:\windows\PCHEALTH
2013-08-09 04:02:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-08-09 04:00:13 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-08-09 03:59:11 -------- d-----w- c:\users\familia\appdata\local\Microsoft Help
2013-08-09 02:38:29 -------- d-----w- c:\program files\Elaborate Bytes
2013-08-09 02:36:55 -------- dc-h--w- c:\programdata\{664F6997-91E7-4DDA-8D54-BAAB7BA24BB9}
2013-08-09 02:36:46 -------- d-----w- c:\program files\Candleworks
2013-08-09 02:36:21 -------- d-----w- c:\users\familia\appdata\local\PackageAware
2013-08-09 02:26:20 -------- d-----r- c:\program files\Skype
2013-08-09 02:14:39 122000 ----a-w- c:\windows\system32\escsvc.exe
2013-08-09 02:14:38 342016 ----a-w- c:\windows\system32\esw2ud.dll
2013-08-09 02:14:25 -------- d-----w- c:\program files\epson
2013-08-09 02:07:34 -------- d-----w- c:\users\familia\appdata\roaming\SumatraPDF
2013-08-09 02:07:21 -------- d-----w- c:\program files\SumatraPDF
2013-08-09 01:48:59 -------- d-----w- c:\program files\common files\EPSON
2013-08-09 01:47:09 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2013-08-09 01:47:06 95232 ----a-w- c:\windows\system32\E_TLBI4E.DLL
2013-08-09 01:47:02 81408 ----a-w- c:\windows\system32\E_TD4BI4E.DLL
2013-08-09 01:46:22 -------- d-----w- c:\programdata\EPSON
2013-08-09 01:23:55 -------- d-----w- c:\users\familia\appdata\roaming\Malwarebytes
2013-08-09 01:23:32 -------- d-----w- c:\programdata\Malwarebytes
2013-08-09 01:23:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-09 01:23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-09 01:21:56 -------- d-----w- c:\users\familia\appdata\local\Programs
2013-08-09 00:47:05 -------- d-----w- c:\windows\system32\MRT
2013-08-09 00:39:02 -------- d-----w- c:\users\familia\appdata\roaming\uTorrent
2013-08-09 00:15:40 640288 ----a-w- c:\windows\system32\nvvsvc.exe
2013-08-09 00:15:40 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-08-09 00:15:40 4192544 ----a-w- c:\windows\system32\nvcpl.dll
2013-08-09 00:15:40 3045664 ----a-w- c:\windows\system32\nvsvc.dll
2013-08-09 00:15:40 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-08-09 00:15:40 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-08-09 00:14:56 53024 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-09 00:14:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-08-09 00:11:34 -------- d-----w- c:\program files\NVIDIA Corporation
2013-08-08 22:58:14 -------- d-----w- c:\windows\CheckSur
2013-08-08 22:55:05 -------- d-----w- C:\NVIDIA
2013-08-08 22:53:38 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-08 22:53:35 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-08 22:53:34 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-08 22:53:32 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-08 22:53:26 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-08 22:51:02 41664 ----a-w- c:\windows\avastSS.scr
2013-08-08 22:50:35 -------- d-----w- c:\program files\AVAST Software
2013-08-08 22:48:40 -------- d-----w- c:\programdata\AVAST Software
2013-08-08 21:52:17 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-08-08 21:41:05 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2013-08-08 19:37:58 -------- d-----w- c:\users\familia\appdata\roaming\Dell
2013-08-08 19:37:04 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-08-08 19:37:03 -------- d-----w- c:\programdata\PCDr
2013-08-08 19:37:03 -------- d-----w- c:\program files\Dell Support Center
2013-08-08 19:36:25 -------- d-----w- c:\program files\My Dell
2013-08-08 19:35:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-08-08 19:35:39 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-08-08 19:30:31 -------- d-----w- c:\users\familia\appdata\roaming\PCDr
2013-08-08 19:28:32 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-08-08 19:16:55 -------- d-----w- c:\windows\system32\XPSViewer
2013-08-08 19:16:55 -------- d-----w- c:\windows\system32\es
2013-08-08 19:16:55 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2013-08-08 19:16:55 -------- d-----w- c:\windows\system32\0C0A
2013-08-08 19:16:54 -------- d-----w- c:\windows\system32\drivers\es-ES
2013-08-08 19:16:47 -------- d-----w- c:\windows\system32\wbem\es-ES
2013-08-08 19:16:35 -------- d-----w- c:\windows\es-ES
2013-08-08 19:15:02 903168 ----a-w- c:\windows\system32\certutil.exe
2013-08-08 19:15:02 43008 ----a-w- c:\windows\system32\certenc.dll
2013-08-08 19:15:02 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-08 19:15:02 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-08-08 19:15:02 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-08 19:14:21 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-08-08 19:14:21 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-08-08 19:14:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-08 19:14:21 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-08-08 19:14:21 18944 ----a-w- c:\windows\system32\netevent.dll
2013-08-08 19:14:21 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-08-08 19:14:21 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-08-08 19:11:45 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2013-08-08 19:11:45 666624 ----a-w- c:\windows\system32\mssvp.dll
2013-08-08 19:11:45 59392 ----a-w- c:\windows\system32\msscntrs.dll
2013-08-08 19:11:45 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2013-08-08 19:11:45 337408 ----a-w- c:\windows\system32\mssph.dll
2013-08-08 19:11:45 197120 ----a-w- c:\windows\system32\mssphtb.dll
2013-08-08 19:11:45 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2013-08-08 19:11:45 1549312 ----a-w- c:\windows\system32\tquery.dll
2013-08-08 19:11:45 1401344 ----a-w- c:\windows\system32\mssrch.dll
2013-08-08 19:10:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-08-08 19:10:00 400896 ----a-w- c:\windows\system32\srcore.dll
2013-08-08 19:09:25 534528 ----a-w- c:\windows\system32\EncDec.dll
2013-08-08 19:08:50 509440 ----a-w- c:\windows\system32\qedit.dll
2013-08-08 19:08:16 2616320 ----a-w- c:\windows\explorer.exe
2013-08-08 19:07:08 2342400 ----a-w- c:\windows\system32\msi.dll
2013-08-08 19:06:31 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-08-08 19:06:30 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-08-08 19:06:30 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-08-08 19:06:29 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-08-08 19:05:55 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-08-08 19:05:17 314880 ----a-w- c:\windows\system32\webio.dll
2013-08-08 19:04:41 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-08 19:04:41 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-08-08 19:04:03 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-08-08 19:04:03 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2013-08-08 19:04:03 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-08-08 19:03:29 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-08-08 19:02:53 164352 ----a-w- c:\windows\system32\profsvc.dll
2013-08-08 19:02:18 78336 ----a-w- c:\windows\system32\synceng.dll
2013-08-08 19:01:38 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-08-08 19:01:38 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-08-08 19:01:05 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-08-08 19:01:05 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-08-08 19:01:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-08 18:59:41 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-08-08 18:59:41 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-08-08 18:59:08 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-08-08 18:59:07 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-08-08 18:59:07 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2013-08-08 18:58:54 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-08-08 18:58:21 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-08-08 18:06:54 -------- d-----w- c:\program files\AuthenTec
2013-08-08 17:25:43 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\es-es\LXKPTPRC.DLL.mui
2013-08-08 17:19:43 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-08-08 17:19:43 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-08-08 17:19:43 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-08-08 17:18:18 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-08-08 17:18:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-08-08 17:18:18 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-08-08 17:18:18 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-08-08 17:18:18 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-08-08 17:18:18 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-08-08 17:18:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-08-08 17:06:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-08-08 16:11:09 889416 ----a-w- c:\users\familia\appdata\roaming\dotNetFx40_Full_setup.exe
2013-08-08 14:56:56 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-08 14:53:21 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-08-08 14:52:59 75776 ----a-w- c:\windows\system32\psisrndr.ax
2013-08-08 14:52:59 465408 ----a-w- c:\windows\system32\psisdecd.dll
2013-08-08 14:52:57 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-08-08 14:52:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-08-08 14:52:43 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-08-08 14:52:43 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-08-08 14:52:34 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-08-08 14:52:30 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-08-08 14:47:50 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 14:47:48 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-08 14:47:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-08 14:47:46 69632 ----a-w- c:\windows\system32\smss.exe
2013-08-08 14:47:46 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-08 14:47:18 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2013-08-08 14:47:18 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-08-08 14:47:18 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-08-08 14:45:56 571904 ----a-w- c:\windows\system32\oleaut32.dll
2013-08-08 14:45:56 233472 ----a-w- c:\windows\system32\oleacc.dll
2013-08-08 14:45:54 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2013-08-08 14:45:54 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-08-08 14:45:54 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-08-08 14:45:54 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-08-08 14:45:54 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-08-08 14:45:54 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-08-08 14:45:50 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-08-08 14:45:45 769024 ----a-w- c:\windows\system32\localspl.dll
2013-08-08 14:38:00 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-08-08 14:36:03 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-08-08 14:35:45 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-08-08 14:35:33 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-08 11:00:51 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-08 11:00:39 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-08 11:00:05 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-08-08 11:00:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-08-08 11:00:04 1796096 ----a-w- c:\windows\system32\authui.dll
2013-08-08 10:59:55 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-08-08 10:59:55 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-08-08 10:59:29 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-08-08 10:59:29 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-08-08 10:59:22 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-08-08 10:53:41 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-08-08 10:53:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-08-08 10:53:40 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-08-08 10:51:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-08-08 10:50:54 5120 ----a-w- c:\windows\system32\wmi.dll
2013-08-08 10:50:54 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-08-08 10:50:53 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-08-08 10:50:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-08-08 10:50:19 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-08-08 10:50:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-08-08 03:19:49 -------- d-----w- c:\windows\Panther
2013-08-08 03:01:58 -------- d-----w- C:\Windows.old
2013-08-08 02:40:07 -------- d-sh--w- c:\windows\Installer
2013-08-08 02:35:15 -------- d-----w- C:\38f61646ccf6dbb65b
2013-08-08 02:34:36 4188160 ----a-w- c:\program files\GUTBD85.tmp
2013-08-08 02:34:25 -------- d-----w- c:\users\familia\appdata\local\Google
2013-08-08 02:33:06 -------- d-----w- C:\b25e4c8f124f14c405b421
2013-08-08 02:32:06 -------- d-----w- c:\users\familia\appdata\local\Apps
2013-08-08 02:32:04 -------- d-----w- c:\users\familia\appdata\local\Deployment
.
==================== Find3M  ====================
.
2013-06-21 12:02:43 9069344 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 10:16:02 566048 ----a-w- c:\windows\system32\nvStreaming.exe
2013-05-19 10:54:27 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll
.
============= FINISH: 17:01:19,12 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 07/08/2013 09:18:29 p.m.
System Uptime: 09/08/2013 06:32:34 a.m. (11 hours ago)
.
Motherboard: Dell Inc. |  | 0U8042
Processor: Intel® Core2 Duo CPU     T8300  @ 2.40GHz | Microprocessor | 2394/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 271,109 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Dispositivo base del sistema
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&19E0E716&0&0BF0
Manufacturer: 
Name: Dispositivo base del sistema
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&19E0E716&0&0BF0
Service: 
.
Class GUID: 
Description: Dispositivo base del sistema
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&19E0E716&0&0AF0
Manufacturer: 
Name: Dispositivo base del sistema
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02091028&REV_12\4&19E0E716&0&0AF0
Service: 
.
==== System Restore Points ===================
.
RP8: 08/08/2013 04:52:44 p.m. - Windows Update
RP9: 08/08/2013 05:50:19 p.m. - avast! Free Antivirus Setup
RP10: 08/08/2013 05:57:51 p.m. - Windows Update
RP11: 08/08/2013 07:07:02 p.m. - Windows Update
RP12: 08/08/2013 07:10:10 p.m. - Windows Update
RP13: 08/08/2013 07:45:03 p.m. - Windows Update
RP14: 08/08/2013 09:39:48 p.m. - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP15: 08/08/2013 10:58:19 p.m. - Installed Microsoft Office Professional Plus 2010
RP16: 09/08/2013 08:10:10 a.m. - Windows Update
.
==== Installed Programs ======================
.
µTorrent
avast! Free Antivirus
Dell System Detect
Dell System Detect Bootstrapper
Desinstalar impresora EPSON L355 Series
EPSON Scan
F.lux
FXCM Trading Station
Google Chrome
Google Update Helper
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
My Dell
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA Graphics Driver 320.49
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
Picasa 3
Skype™ 6.7
SumatraPDF
VirtualCloneDrive
.
==== Event Viewer Messages From Past Week ========
.
08/08/2013 12:57:06 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2835361).
08/08/2013 12:53:41 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2808679).
08/08/2013 12:50:01 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2813347).
08/08/2013 12:46:39 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2813430).
08/08/2013 12:43:56 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2750841).
08/08/2013 12:41:11 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2726535).
08/08/2013 12:40:29 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2547666).
08/08/2013 12:38:30 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2676562).
08/08/2013 12:38:01 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2491683).
08/08/2013 12:37:24 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2732500).
08/08/2013 12:36:57 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2619339).
08/08/2013 12:35:35 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2703157).
08/08/2013 12:34:58 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2845187).
08/08/2013 12:22:15 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2515325).
08/08/2013 12:20:39 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2840631).
08/08/2013 12:19:46 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2699779).
08/08/2013 12:17:53 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2835364).
08/08/2013 12:11:22 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2785220).
08/08/2013 12:11:17 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2585542).
08/08/2013 12:11:12 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2830290).
08/08/2013 12:10:58 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2667402).
08/08/2013 12:10:44 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2690533).
08/08/2013 12:10:38 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2709630).
08/08/2013 12:10:38 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2727528).
08/08/2013 12:10:10 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2786081).
08/08/2013 12:10:10 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2845690).
08/08/2013 12:09:51 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2763523).
08/08/2013 12:06:49 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2506212).
08/08/2013 12:06:44 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2847927).
08/08/2013 12:06:40 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2511455).
08/08/2013 12:04:24 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2533552).
08/08/2013 12:03:42 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80246007: Security Update for Windows 7 (KB2834886).
08/08/2013 11:08:13 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Update for Windows 7 (KB2798162).
08/08/2013 11:08:13 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Update for Windows 7 (KB2779562).
08/08/2013 11:08:13 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Security Update for Windows 7 (KB2790113).
08/08/2013 10:12:22 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2834886).
08/08/2013 07:36:29 p.m., Error: Microsoft-Windows-WMPNSS-Service [14332]  - El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
08/08/2013 06:16:02 p.m., Error: Microsoft-Windows-WMPNSS-Service [14332]  - El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
08/08/2013 06:15:15 p.m., Error: Microsoft-Windows-LanguagePackSetup [1001]  - No se pudo iniciar el asistente para la instalación del paquete de idioma. Reinicie el sistema e intente ejecutar el asistente de nuevo.
08/08/2013 06:15:10 p.m., Error: Service Control Manager [7023]  - 
08/08/2013 05:52:50 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2545698).
08/08/2013 05:52:16 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2813956).
08/08/2013 05:52:10 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2621440).
08/08/2013 05:52:00 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2541014).
08/08/2013 05:52:00 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2691442).
08/08/2013 05:52:00 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2511455).
08/08/2013 05:52:00 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422).
08/08/2013 05:49:38 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2798162).
08/08/2013 05:49:38 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2779562).
08/08/2013 05:49:38 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2790113).
08/08/2013 05:44:06 a.m., Error: volmgr [46]  - Error en la inicialización del archivo de volcado
08/08/2013 04:58:58 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2656356).
08/08/2013 04:57:01 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599).
08/08/2013 04:55:12 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2833946).
08/08/2013 02:31:41 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
08/08/2013 01:55:03 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2844286).
08/08/2013 01:22:43 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2729452).
08/08/2013 01:22:08 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2789645).
08/08/2013 01:16:43 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Windows 7 (KB2758857).
08/08/2013 01:11:06 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2804579).
08/08/2013 01:08:39 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2604115).
08/08/2013 01:05:03 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2756921).
08/08/2013 01:03:06 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20]  - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024200d: Update for Windows 7 (KB2732059).
.
==== End Of File ===========================
 
 
THANK YOU!!!!
Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here's the report. I'm sorry for the duplicate posts, it kept saying my there was a server problem, how can I delete them?

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : FAMILIA [Admin rights]
Mode : Scan -- Date : 08/09/2013 17:50:36
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] 492ce003b387d1bde9e12be6ba370001
[bSP] c6db8f1d6672197641eeb2538be6aec8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_08092013_175036.txt >>
Link to post
Share on other sites

Here's the report. I'm sorry for the duplicate posts, it kept saying my there was a server problem, how can I delete them?

You can't, they'll be deleted/closed by a moderator.

 

---------------------------------------

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 18:03:43

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : FAMILIA - FAMILIA-PC

# Boot Mode : Normal

# Running from : C:\Users\FAMILIA\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\FAMILIA\AppData\Local\PackageAware

 

***** [Registry] *****

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [804 octets] - [09/08/2013 18:03:43]

 

########## EOF - C:\AdwCleaner[R1].txt - [863 octets] ##########
Link to post
Share on other sites

Some adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 18:07:35

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : FAMILIA - FAMILIA-PC

# Boot Mode : Normal

# Running from : C:\Users\FAMILIA\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\FAMILIA\AppData\Local\PackageAware

 

***** [Registry] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\FAMILIA\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [931 octets] - [09/08/2013 18:03:43]

AdwCleaner[s1].txt - [867 octets] - [09/08/2013 18:07:35]

 

########## EOF - C:\AdwCleaner[s1].txt - [926 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.3.9 (08.09.2013:1)

OS: Windows 7 Ultimate x86

Ran by FAMILIA on 09/08/2013 at 18:17:17,59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

 

 

 

~~~ Files

 

Successfully deleted [File] C:\Windows\system32\tasks\PCDEventLauncherTask

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/08/2013 at 18:20:20,99

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

No Malwarebytes results, it's that all :) ?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.09.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
FAMILIA :: FAMILIA-PC [administrator]
 
09/08/2013 06:24:24 p.m.
mbam-log-2013-08-09 (18-24-24).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201355
Time elapsed: 6 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.72  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Google Chrome 28.0.1500.95  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Looks Good.....

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (may be down right now)

Cached version:

http://webcache.googleusercontent.com/search?q=cache:T4_y-D1qZAoJ:maddoktor2.com/forums/index.php%3Ftopic%3D46886.0+&cd=3&hl=en&ct=clnk&gl=us

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.