Jump to content

Recommended Posts

Hello! 

 

I recently stumbled across a nasty bit of malware called Search Protect by Conduit. I have no memory of downloading it, but it seems to persist. Whenever I uninstall it from windows programs and features and delete all the files I can, it ends up re-installing itself in the next few hours. 

 

In safe mode, I have run Malwarebytes, TDSSKiller, adwCleaner, malwarebytes, Junkware Removal Tool, HitmanPro, and even CCleaner to clean registry and dump temp files. Usually, with those programs, I can clean any virus or malware I stumble across. 

 

As you can see by my posting here, a few hours after my total clean of my computer in safe mode, conduit is back and self installed. Right as Search Protect installs itself, AVG pops up and tells me about a threat in Windows/Temp that it removed, but the Search and Protect icon is visible in my tray, meaning it was just installed.

 

My computer is a desktop Win7 Premium.

 

Here are the dds logs:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/30/2011 3:43:29 PM

System Uptime: 3/5/2014 8:35:32 PM (1 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Phenom II X4 945 Processor | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 919 GiB total, 534.955 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.478 GiB free.

E: is CDROM (CDFS)

F: is CDROM (UDF)

G: is FIXED (NTFS) - 931 GiB total, 497.807 GiB free.

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP449: 2/17/2014 2:57:23 PM - Windows Backup

RP450: 2/17/2014 7:00:13 PM - Windows Update

RP451: 2/22/2014 8:00:17 PM - Windows Backup

RP452: 3/1/2014 8:00:29 PM - Windows Backup

.

==== Installed Programs ======================

.

Tools for .Net 3.5

Update for Microsoft Office 2007 (KB2508958)

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Professional CS6

Adobe Help Manager

Adobe Reader XI (11.0.06)

Adobe Shockwave Player 12.0

AMD Accelerated Video Transcoding

AMD Catalyst Control Center

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARO 2012

Audacity 1.2.6

AVG 2014

Bejeweled 2 Deluxe

Bing Rewards Client Installer

Blackhawk Striker 2

Blade

Bonjour

Build-a-lot 2

Build Tools - amd64

Build Tools - x86

Build Tools Language Resources - amd64

Build Tools Language Resources - x86

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon MP Navigator EX 5.1

Canon MX890 series MP Drivers

Canon MX890 series User Registration

Canon My Printer

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chuzzle Deluxe

CinemaNow Media Manager

CyberLink DVD Suite Deluxe

D3DX10

DAEMON Tools Lite

DAEMON Tools Ultra

Dark Parables - Curse of Briar Rose

DFOLauncher

Diner Dash 2 Restaurant Rescue

DiskAid 5.46

Dora's Carnival Adventure

Dropbox

DVD Menu Pack for HP MediaSmart Video

Easy Icon Maker

Elementals - The Magic Key

Entity Framework Tools for Visual Studio 2013

Escape Rosecliff Island

ESET Online Scanner v3

Fantapper Player

FATE

Final Drive Nitro

Finale NotePad 2008

Finale NotePad 2012

foldit

Fraps

FreeBASIC 0.23.0

Game Dev Tycoon DEMO version 1.0.1

GameMaker-Studio 1.2

GameMaker 8.1

Garry's Mod

Git version 1.7.11-preview20120710

GitHub

GitHub - 1

GlassFish Server Open Source Edition 3.1.2.2

Google Chrome

Google Drive

Google Earth

Google Talk Plugin

Google Update Helper

Heroes of Hellas 2 - Olympia

HexChat (x64)

HitmanPro 3.7

Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)

Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)

HP Advisor

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart CinemaNow 2.0

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

Hulu Desktop

HydraVision

HyperCam 2

iCloud

iExplorer 3.2.2.3

ImgBurn

iPhoneBrowser

iRotate

iTunes

Jane Angel - Templar Mystery

Jar2Exe Wizard

Java 7 Update 25 (64-bit)

Java 7 Update 51

Java Auto Updater

Java SE Development Kit 7 Update 21 (64-bit)

Java SE Development Kit 7 Update 25 (64-bit)

Jawbone Updater

JetBrains dotPeek 1.0

Jewel Quest 3

Jewel Quest Solitaire 2

JSmooth 0.9.9-7

Junk Mail filter update

Kaspersky Security Scan

Kerbal Space Program Demo

LabelPrint

LADSPA_plugins-win-0.4.15

LAME v3.98.3 for Audacity

LAME v3.99.3 (for Windows)

League of Legends

LightScribe System Software

Lua for Visual Studio

Lua for Windows 5.1.4-46

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Magic: The Gathering – Tactics

Malwarebytes Anti-Malware version 1.75.0.1300

MapleStory

McAfee Security Scan Plus

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5 Multi-Targeting Pack

Microsoft .NET Framework 4.5 SDK

Microsoft .NET Framework 4.5.1

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)

Microsoft .NET Framework 4.5.1 SDK

Microsoft Application Error Reporting

Microsoft C++ REST SDK for Visual Studio 2013

Microsoft Help Viewer 1.1

Microsoft Help Viewer 2.0

Microsoft Help Viewer 2.1

Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 (64-bit)

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server 2012 Command Line Utilities

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Data-Tier App Framework (x64)

Microsoft SQL Server 2012 Express LocalDB

Microsoft SQL Server 2012 Management Objects

Microsoft SQL Server 2012 Management Objects (x64)

Microsoft SQL Server 2012 Native Client

Microsoft SQL Server 2012 T-SQL Language Service

Microsoft SQL Server 2012 Transact-SQL ScriptDom

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Compact 4.0 SP1 x64 ENU

Microsoft SQL Server Data Tools - enu (12.0.30919.1)

Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft System CLR Types for SQL Server 2012

Microsoft System CLR Types for SQL Server 2012 (x64)

Microsoft Team Foundation Server 2013 Object Model (x64)

Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ x64 Libraries

Microsoft Visual C++ x86 Libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2013 32bit Compilers - ENU Resources

Microsoft Visual C++ 2013 Core Libraries

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005

Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005

Microsoft Visual C++ 2013 x86-x64 Compilers

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Shell (Integrated) - ENU

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio 2012 Devenv

Microsoft Visual Studio 2012 Devenv Resources

Microsoft Visual Studio 2012 Preparation

Microsoft Visual Studio 2012 Shell (Integrated)

Microsoft Visual Studio 2012 Shell (Isolated)

Microsoft Visual Studio 2012 Shell (Isolated) Resources

Microsoft Visual Studio 2012 Shell (Minimum)

Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

Microsoft Visual Studio 2012 Shell (Minimum) Resources

Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2013 Preparation

Microsoft Visual Studio 2013 Shell (Minimum)

Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies

Microsoft Visual Studio 2013 Shell (Minimum) Resources

Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU

Microsoft Visual Studio Express 2013 for Windows Desktop

Microsoft Visual Studio Express 2013 for Windows Desktop - ENU

Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core

Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources

Microsoft Web Platform Installer 3.0

Microsoft WSE 3.0 Runtime

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Miro Video Converter

MobileMe Control Panel

Mono for Windows 2.10.9

Moonbase Commander

MorphVOX Junior

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.4

MuseScore 1.3

My Game Long Name

Mystery Novel

NetBeans IDE 7.2.1

Nexon Game Manager

NVIDIA PhysX

Oblivion

Oblivion mod manager 1.1.12

Pando Media Booster

PDF Settings CS6

Penguins!

PhotoNow!

PictureMover

Pidgin

Plants vs. Zombies

PlayReady PC Runtime amd64

Poker Superstars III

Polar Bowler

Polar Golfer

Portal 2

Portal: First Slice

Power2Go

PowerDirector

Prerequisites for SSDT

Project64 1.6

Python 2.7 cx_Freeze-4.3.1

Python 2.7 py2exe-0.6.9

Python 2.7 pywin32-217

Python 2.7.3

Python 3.3.0

Python Tools for Visual Studio 2012

Q.U.B.E. Demo

QuickTime

Ralink RT2860 Wireless LAN Card

Realm of the Mad God

Realtek High Definition Audio Driver

Recovery Manager

Recuva

Roxio CinemaNow 2.0

Safari

Samantha Swift and the Hidden Roses of Athena

Search Protect

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition

Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)

SharpKit

Shutter Island

Sid Meier's Civilization 4

Sid Meier's Civilization IV Colonization

Sid Meier's Civilization V - Demo

Skype™ 6.11

Spiral Knights

SpywareBlaster 5.0

SQL Server 2008 R2 SP1 Common Files

SQL Server 2008 R2 SP1 Database Engine Services

SQL Server 2008 R2 SP1 Database Engine Shared

Sql Server Customer Experience Improvement Program

Steam

swMSM

System Requirements Lab CYRI

Team Explorer for Microsoft Visual Studio 2013

Team Fortress 2

Telerik Control Panel

Telerik JustDecompile Q2 2012

The Battle for Middle-earth

The Elder Scrolls V: Skyrim

TI Connect 1.6

tools-linux

Unity Web Player

Update for (KB2504637)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Visual Studio 2012 (KB2781514)

Vectorian Giotto 3.0.0

Virtual Families

Virtual Villagers - The Secret City

Visual D - Visual Studio Integration of the D Programming Language

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Visual Studio 2010 x64 Redistributables

Visual Studio 2012 Prerequisites

Visual Studio 2012 Prerequisites - ENU Language Pack

Visual Studio 2012 x64 Redistributables

Visual Studio 2012 x86 Redistributables

VMware Player

Warframe

WD SmartWare

Web Games Player Plugin

Wheel of Fortune 2

Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)

Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

Windows Mobile® Device Handbook

Windows Software Development Kit

Windows Software Development Kit DirectX x64 Remote

Windows Software Development Kit DirectX x86 Remote

Windows Software Development Kit for Windows Store Apps

Windows Software Development Kit for Windows Store Apps DirectX x64 Remote

Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

Windows XP Targeting with C++

WinPcap 4.1.3

Wireshark 1.10.5 (64-bit)

Wizard101

World of Warcraft

wxDesigner version 2.20a

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

3/5/2014 8:38:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/5/2014 8:19:37 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:19:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

3/5/2014 8:19:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:19:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/5/2014 8:18:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/5/2014 8:18:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/5/2014 8:18:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/5/2014 8:18:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/5/2014 8:18:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/5/2014 8:18:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/5/2014 8:17:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/5/2014 8:17:36 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2

Run by Jonah at 21:44:58 on 2014-03-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5216 [GMT -5:00]

.

AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2014\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iRotate\iRotate.exe

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\HexChat\hexchat.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe

C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe

C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"

StartupFolder: C:\Users\Jonah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\iRotate.lnk - C:\Program Files (x86)\iRotate\iRotate.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

LSP: %windir%\system32\vsocklib.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{983DAAE4-5FFD-466E-B9A9-2B9CB4B070C9} : DHCPNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

SSODL: WebCheck - <orphaned>

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Users\Jonah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

FF - ExtSQL: 2014-03-01 00:52; {94cd2cc3-083f-49ba-a218-4cda4b4829fd}; C:\Users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]

R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-1-21 73296]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-22 39768]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-23 283064]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]

R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]

R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-3-3 2454816]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]

R2 UpdateServiceTool;UpdateSoftware;C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [2014-3-1 6656]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-10-9 905272]

R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]

R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-5-23 352144]

R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\drivers\dtscsibus.sys [2013-8-8 29696]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-21 38456]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-6-25 632352]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]

S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;C:\Windows\System32\drivers\libusb0.sys [2011-1-24 22016]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-2 19456]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-2 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-4 87728]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-30 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]

.

=============== File Associations ===============

.

FileExt: .ini: Applications\vcsexpress.exe="C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\vcsexpress.exe" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2014-03-06 02:37:11 -------- d-----w- C:\Users\Jonah\AppData\Local\SearchProtect

2014-03-06 02:37:01 -------- d-----w- C:\Program Files (x86)\SearchProtect

2014-03-06 00:57:34 -------- d-----w- C:\Windows\ERUNT

2014-03-06 00:41:06 -------- d-----w- C:\Program Files\HitmanPro

2014-03-06 00:31:32 -------- d-----w- C:\ProgramData\HitmanPro

2014-03-04 22:17:39 -------- d-----w- C:\Program Files (x86)\VisualD

2014-03-01 05:53:13 -------- d-----w- C:\Program Files (x86)\TempInstaller

2014-03-01 05:46:28 -------- d-----w- C:\Program Files (x86)\Bin

2014-02-25 01:43:35 -------- d-----w- C:\Users\Jonah\AppData\Local\Blizzard Entertainment

2014-02-23 02:38:03 -------- d-----w- C:\Users\Jonah\AppData\Roaming\Wireshark

2014-02-23 02:28:05 -------- d-----w- C:\Program Files (x86)\WinPcap

2014-02-23 02:27:25 -------- d-----w- C:\Program Files\Wireshark

2014-02-13 18:01:31 -------- d-----r- C:\Users\Jonah\Google Drive

2014-02-13 06:04:31 548864 ----a-w- C:\Windows\System32\vbscript.dll

2014-02-13 06:04:31 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-02-13 03:12:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-02-05 22:22:45 -------- d-----w- C:\Program Files (x86)\AMD AVT

2014-02-05 22:15:29 -------- d-----w- C:\Program Files\AMD

.

==================== Find3M ====================

.

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll

2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll

2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll

2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll

2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-12-06 21:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll

2013-12-06 21:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe

2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll

2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll

2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll

2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll

2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll

2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe

2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll

2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll

2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll

2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll

2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll

2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-07-20 02:38:16 4024320 ----a-w- C:\Program Files (x86)\GUT466C.tmp

.

============= FINISH: 21:46:18.81 ===============

Thank you in advance so much for the help! I also have ESET installed in my computer, but I didn't run it since it usually takes a long time to do a full scan and I amvery busy! My main AV is AVG, and I have win7 Premium service pack 1.

-LeChosenOne

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

First, uninstall Search Protect from your add/remove programs.

Next...........

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Next.......

Download and run a fresh copy of AdwCleaner:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Hello! 

 

Here are the attached files you requested.

 

AdwCleaner:

# AdwCleaner v3.020 - Report created 06/03/2014 at 19:16:35
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jonah - FEITLOMAN
# Running from : C:\Users\Jonah\Desktop\AntiVirus\Malware\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\SearchProtect
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\eoqv20st.default\prefs.js ]
 
 
[ File : C:\Users\Asher\AppData\Roaming\Mozilla\Firefox\Profiles\x3bvfgs6.default\prefs.js ]
 
 
[ File : C:\Users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\prefs.js ]
 
 
[ File : C:\Users\Ilana\AppData\Roaming\Mozilla\Firefox\Profiles\nu79b5fv.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Asher\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Jonah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Ilana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[s0].txt - [2401 octets] - [06/03/2014 19:16:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2461 octets] ##########
 

 

MalwareBytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.07.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Jonah :: FEITLOMAN [administrator]
 
3/6/2014 7:26:44 PM
MBAM-log-2014-03-06 (19-45-54).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344445
Time elapsed: 18 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\$RECYCLE.BIN\S-1-5-21-1021407475-3848029740-3315565179-1004\$R061J3T.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1021407475-3848029740-3315565179-1004\$R0FMOOU.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1021407475-3848029740-3315565179-1004\$R1B6B8X.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1021407475-3848029740-3315565179-1004\$RM34632.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1021407475-3848029740-3315565179-1004\$RSGAYPX.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1021407475-3848029740-3315565179-1004\$RY9QDNI.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1021407475-3848029740-3315565179-1004\$R5X4O9P\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
 
(end)
 

 

 

My PC is running great now, however, every time I uninstalled and ran anti-malware programs, Search and Protect would disappear for a few hours before reappearing. It would only reappear after a few hours on Chrome I believe. Because of this, I'm going to run my computer normally for a day or so and see if the malware program pops back in. Thank you so much for your help thus far. 

 

Oh, malwarebytes did detect Search Protect files in my recycling bin, I permanently deleted them, hope that was okay. 

Link to post
Share on other sites

Oh wow, I forgot to attach fixlog.txt, so sorry.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by Jonah at 2014-03-06 19:03:28 Run:1
Running from C:\Users\Jonah\Desktop\AntiVirus\Virus
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] 
C:\Program Files (x86)\SearchProtect
GroupPolicyUsers\S-1-5-21-1021407475-3848029740-3315565179-1005\User: Group Policy restriction detected 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {FAA687E2-E279-4851-9D2E-400D5AF3205E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {FAA687E2-E279-4851-9D2E-400D5AF3205E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {2C037ECB-D718-45B2-A35F-BF8EB9B614F2} URL = 
SearchScopes: HKCU - {EFD33688-E46A-4E85-A4A2-6221B71BFE7C} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober126992847.xml
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Extension: (No Name) - C:\Users\Jonah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hapjcfhlhbidaflnbnnhkojdpeiooogl [2014-03-01]
CHR HKCU\...\Chrome\Extension: [hapjcfhlhbidaflnbnnhkojdpeiooogl] - C:\Users\Jonah\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx [2014-02-13]
CHR HKCU\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jonah\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2014-02-13]
CHR HKLM-x32\...\Chrome\Extension: [hapjcfhlhbidaflnbnnhkojdpeiooogl] - C:\Users\Jonah\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx [2014-02-13]
CHR HKLM-x32\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jonah\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2014-02-13]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)
C:\Users\Jonah\AppData\Local\SearchProtect
C:\ProgramData\hash.dat
C:\Users\Jonah\infinity_cl_infinity724_LIVE.dat
C:\Users\Jonah\jagex_cl_runescape_LIVE.dat
C:\Users\Jonah\jagex_cl_runescape_LIVE1.dat
C:\Users\Jonah\jagex_runescape_preferences.dat
C:\Users\Jonah\jagex_runescape_preferences2.dat
C:\Users\Jonah\random.dat
 
 
*****************
 
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe => Moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe => Moved successfully.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1021407475-3848029740-3315565179-1005\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FAA687E2-E279-4851-9D2E-400D5AF3205E} => Key deleted successfully.
HKCR\CLSID\{FAA687E2-E279-4851-9D2E-400D5AF3205E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FAA687E2-E279-4851-9D2E-400D5AF3205E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FAA687E2-E279-4851-9D2E-400D5AF3205E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C037ECB-D718-45B2-A35F-BF8EB9B614F2} => Key deleted successfully.
HKCR\CLSID\{2C037ECB-D718-45B2-A35F-BF8EB9B614F2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFD33688-E46A-4E85-A4A2-6221B71BFE7C} => Key deleted successfully.
HKCR\CLSID\{EFD33688-E46A-4E85-A4A2-6221B71BFE7C} => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober126992847.xml => Moved successfully.
C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll not found.
C:\Users\Jonah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hapjcfhlhbidaflnbnnhkojdpeiooogl => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\hapjcfhlhbidaflnbnnhkojdpeiooogl => Key deleted successfully.
"C:\Users\Jonah\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi => Key deleted successfully.
"C:\Users\Jonah\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hapjcfhlhbidaflnbnnhkojdpeiooogl => Key deleted successfully.
"C:\Users\Jonah\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi => Key deleted successfully.
"C:\Users\Jonah\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
CltMngSvc => Unable to stop service
CltMngSvc => Service deleted successfully.
C:\Users\Jonah\AppData\Local\SearchProtect => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Jonah\infinity_cl_infinity724_LIVE.dat => Moved successfully.
C:\Users\Jonah\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Jonah\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Jonah\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Jonah\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Jonah\random.dat => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Link to post
Share on other sites

Good.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Here you are:

 

 

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 11.8.800.168 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Flash Player 11.8.800.168 Flash Player out of Date!
Flash Player:
Check for an update if available
Downloads are at the top of the page (uncheck the option for the McAfee Security Scan Plus)

 

----------------------------

Mozilla Firefox 22.0 Firefox out of Date! <----please check for an update if available.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.