Spybot has found "Somoto.BetterInstaller" malware in my PC. Then, after it has been fixed by SB, it is detected in the next scan again.
I would like to know how to remove definitely this threat from my PC.
The software from Somoto is already uninstalled but this malware is identified as a registry key type by SB.
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so. DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=============================== Next =======================================
Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
On your next reply please post :
OTL.txt
Extras.txt
aswMBR log
Let me know if you have any problems in performing with the steps above or any questions you may have.
Below is the archive OTL.txt. In future posts, I will send the others archives.
OTL logfile created on: 04/10/2013 16:54:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS
Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Arquivos de Programas\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe ()
PRC - C:\Arquivos de Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPService.exe (Abine Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
PRC - C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
========== Modules (No Company Name) ==========
MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll ()
MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll ()
MOD - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
MOD - C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPButton.dll ()
MOD - C:\Arquivos de Programas\IZArc\IZArcCM.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (vToolbarUpdater17.0.12) -- C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
SRV - (AVGIDSAgent) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Arquivos de Programas\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200AAJS-00B4A0 ATA Device
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Multi Flash Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Seagate FreeAgent Go USB Device
Partitions: 1
Status: OK
Status Info: 0
OTL Extras logfile created on: 04/10/2013 16:54:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS
Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = GBBD Banco do Brasil
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5df13c1b-bef1-4e1d-b581-44ea38f0e276}_is1" = SysTools Outlook PST Viewer v2.0
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90300416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}" = Document Express DjVu Plug-in
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"A Bíblia Sagrada Versão Digital 6.7 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.7 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"MEPOR" = DIC Michaelis Escolar - Espanhol
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b0e7647ff8fae74" = IBA Reader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16/12/2012 16:21:02 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 16/12/2012 17:00:16 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
Description =
Error - 16/12/2012 17:55:18 | Computer Name = anaeano-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567,
carimbo de hora: 0x4d6727a7 Nome do módulo de falhas: MSONSEXT.DLL, versão: 10.145.7329.0,
carimbo de hora: 0x4019138d Código de exceção: 0xc0000005 Deslocamento com falha:
0x0004f8b5 Identificação do processo com falha: 0xd98 Hora de início do aplicativo
com falha: 0x01cddbd65c39c207 Caminho do aplicativo com falha: C:\Windows\Explorer.exe
FCaminho
do módulo de falhas: C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL Identificação
do Relatório: 473b17eb-47cb-11e2-b69c-002618ab3c41
Error - 17/12/2012 16:07:30 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 18/12/2012 16:39:12 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 19/12/2012 16:36:59 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 20/12/2012 10:35:20 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 21/12/2012 11:11:57 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 22/12/2012 15:41:40 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 24/12/2012 13:05:34 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 02/10/2013 18:17:39 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
Error - 02/10/2013 18:17:59 | Computer Name = anaeano-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = O serviço Auxiliar de Compatibilidade de Programas não pôde executar
a inicialização da fase dois.
Error - 02/10/2013 20:37:30 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5
Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.
Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053
Error - 03/10/2013 13:45:33 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
Error - 03/10/2013 20:04:40 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5
Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.
Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053
Error - 04/10/2013 09:26:08 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next
AdwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 ``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java 7 Update 40
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe `````````````````System Health check`````````````````
Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Starter x86
Ran by anaeano on 07/10/2013 at 16:35:40,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/10/2013 at 16:37:19,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Remover -- Data : 10/07/2013 16:52:39
| ARK || FAK || MBR |