Solved Downloads do not complete

[GermánPC]

Good night guys:

5 or 6 days ago web browsers started to be slow. Flash required an update so I ran the .exe to update it. So, as it didn't work, because all the web browsers were running even slowly, I decided to uninstall and reinstall Flash. I uninstalled it, but now when I try to download the newest version from adobe's site, the download don't completes. Worst of all is that Windows Defender showed that it needed to be updated but happened jus the same than with Flash, and I have to add that all download that implies an update of the OS system, don't complete either, without showing any error on the screen.

I supposed it was a virus so I ran Avira full scan but any threat was detected. Then I installed Avast (whitout uninstalling Avira, and because a friend of mine must sent me the file compressed) and programmed the the scan that runs before boot and nothing was detected. Due to the conflict between both antivirus softwares, the computers turned out very slowly so I uninstalled Avast.

Finally, Avira detected, after rebooting a lot of times, a trojan which was deleted and now I can't remember its name, but which also deleted google chrome, which actually was the one with the trojan on it. I opened Mozilla again to check if everything was ok but no... it remains the same. The pictures looks weird, with rare colors and videos only works on youtube and with low quality (over 320p it crashes). I ususally watch videos on Vimeo and what happens there is that it runs very few time of the video and then a green screen appears and I can't keep watching. I think that is because I had to install Flash 11 (which I fortunately had), but as I wrote earlier, I can't update it. I just uninstalled flash 11 again, but the downloads have the same problem. I looked up on google and found RogueKiller. I tried to install jaa -which I didn't have- and again... the download was not successfull.

NOTE: Tuneup Utilities says that my Teredo Tunneling Pseudo Interface its outdated, but when I tried to update, again, the update is no avalaible for some kind of error that my computer doesn't even show. The same happened with windows update.

I can keep downloading PDF files, music (but not videos) and the webpages sometimes take too much to load and sometimes they don't even load.

I use Mozilla and Chrome. Win 7 Enterprise 32 bits.

Here is the report of RK:

gueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : German [Admin rights]
Mode : Scan -- Date : 07/21/2014 23:25:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 9 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : Unknown @ 0x904c8fbe
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[299] : Unknown @ 0x904c8fc8
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x904c8fc3
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[347] : Unknown @ 0x904c8fcd
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x904c8fd2
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x904c8f5f
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x904c8fe6
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x904c8feb
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080M0 ATA Device +++++
--- User ---
[MBR] a1f749c1da7fff34e114ced3fd10199a
[BSP] c6688d8a5ad512aed3906d53206d00ef : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 38983 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 80044032 | Size: 39082 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung M3 Portable USB Device +++++
--- User ---
[MBR] e9db5a75c0c8c2e8fbdc3d91ddcc6ce3
[BSP] d297c4cf4682017552c739fe90d40d7e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953859 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Solicitud no compatible. )

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[GermánPC]

I am going to let you know how does it goes after I finish those steps you posted. Thank you

 

[Broni]

 

[GermánPC]

Just finished MBAM scan. Here is the log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/07/2014
Scan Time: 08:43:39 p.m.
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: German

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 212113
Time Elapsed: 21 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [95b41ee1c0bad1657fcaabc950b2af51],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [53f6748b483242f49fabdd970002f907],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [391087789edc1f17c2b097fe21e1738d],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [a3a6bf406b0f55e127705eba61a2dc24],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-386476388-1774414843-2429878282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Delete-on-Reboot, [262334cb80faee4892e6652f9c66d729],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-386476388-1774414843-2429878282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Delete-on-Reboot, [92b79b64f08af83e735ba604af5405fb],

Registry Values: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe", Quarantined, [a3a6bf406b0f55e127705eba61a2dc24]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-386476388-1774414843-2429878282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1V2X1Q1R1M1F, Delete-on-Reboot, [92b79b64f08af83e735ba604af5405fb]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Iminent.A, C:\Program Files\IminentToolbar, Quarantined, [fb4e7e8182f8072fe1a16026fd0529d7],
PUP.Optional.Iminent.A, C:\Users\German\AppData\Roaming\IminentToolbar, Quarantined, [1f2a5ba4bcbe54e285d9117748baff01],

Files: 5
Riskware.Tool.CK, C:\Users\German\Downloads\Activador_Windows_7_Loader_eXtreme_Edition_3.010_oCioLaPalma.com.zip, Quarantined, [9faa07f83e3c9b9b493b58a361a2c53b],
PUP.Optional.Softonic.A, C:\Users\German\Downloads\SoftonicDownloader_para_virtual-clonedrive.exe, Quarantined, [92b7bc437efc69cd1ae9ec767c859f61],
Riskware.Tool.CK, C:\Users\German\Downloads\Windows 7 Loader eXtreme Edition 3.010.exe, Quarantined, [301998673842c76f5a2a4ab111f29d63],
PUP.Optional.OpenCandy, C:\Users\German\Downloads\DTLite4491-0356.exe, Quarantined, [054458a7a9d184b2a541b79a4aba23dd],
PUP.Optional.Iminent.A, C:\Users\German\AppData\Roaming\IminentToolbar\sqlite3.dll, Quarantined, [1f2a5ba4bcbe54e285d9117748baff01],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[GermánPC]

Here are the DDS' logs
DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16555
Run by German at 21:59:05 on 2014-07-24
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.57.3082.18.2013.1248 [GMT -5:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Avira Secure Backup] "c:\program files\avira secure backup\Avira Secure Backup.exe" /delayed
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [lxczbmgr.exe] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 200.75.51.132 200.75.51.133
TCP: Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} : DHCPNameServer = 200.75.51.132 200.75.51.133
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: DatamngrCoordinator.exe - tasklist.exe
IFEO: hamachi-2-ui.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: lxczaiox.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: pheditor.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: skype.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\german\appdata\roaming\mozilla\firefox\profiles\eawdtxr0.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1213153.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: e:\archivos de programa\videolan\vlc\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.nspdlsd.aflt - spd_ir_14_25_ff
FF - user.js: extensions.nspdlsd.instlRef - 142905_a
FF - user.js: extensions.nspdlsd.cr - 1909089721
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutDtDtAtDyCyB0DyByC0F0FyBtD0A0C0CtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtA0B0F0FtDyCyDtG0EtA0DtDtGtCtAzzyCtGtCtA0F0EtGyE0AyEtC0D0Ezz0BzzyE0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0AyByBtC0B0BtG0AtAzz0BtGyDtBtA0AtGyC0A0EzztGtAyD0D0E0A0FtCtC0CzzyDyE2Q
.
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - dc110acc000000000000003067d76ff7
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16242
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.322:35:45
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
.
.
.
.
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys [2014-6-21 52920]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-2-24 37352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-6-20 243128]
R2 AntiVirSchedulerService;Avira Programador;c:\program files\avira\antivir desktop\sched.exe [2014-2-24 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2014-2-24 430160]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebg7.exe [2014-2-24 1030224]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-2-24 97648]
R2 Avira Secure Backup Crawler;Avira Secure Backup Crawler;c:\program files\avira secure backup\Avira Secure BackupCrawler.exe [2013-12-20 2282064]
R2 avnetflt;avnetflt;c:\windows\system32\drivers\avnetflt.sys [2014-2-24 35848]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-24 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-24 860472]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-6-16 1781048]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2014-2-23 100504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-24 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-24 51928]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Servicio de almacenamiento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 APNMCP;Servicio de actualización Ask;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-2-13 166352]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
.
=============== Created Last 30 ================
.
2014-07-25 01:38:57 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-25 01:37:30 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-25 01:37:30 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-25 01:37:30 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-25 01:37:30 -------- d-----w- c:\programdata\Malwarebytes
2014-07-25 01:37:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-25 01:36:32 -------- d-----w- c:\users\german\appdata\local\Programs
2014-07-24 21:41:44 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{efd6e9ee-9832-4332-bf00-ce341362d85e}\offreg.dll
2014-07-22 13:38:09 -------- d-----w- c:\users\german\appdata\local\Adobe
2014-07-22 05:36:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 05:36:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-22 04:05:50 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-22 04:05:46 -------- d-----w- c:\programdata\RogueKiller
2014-07-20 03:48:10 -------- d-----w- c:\programdata\AVAST Software
2014-07-20 03:14:04 -------- d-----w- c:\windows\system32\Adobe
2014-07-18 03:55:13 28160 ----a-w- c:\windows\SFMAN32.DLL
2014-07-18 03:54:26 -------- d-----w- C:\games
2014-07-18 03:53:54 298496 ----a-w- c:\windows\uninst.exe
2014-07-18 01:36:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-07-18 01:36:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-07-18 01:36:00 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-07-18 01:36:00 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-07-18 01:35:58 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-07-18 01:35:57 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-07-18 01:35:57 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-07-18 01:35:14 -------- d-s---w- c:\windows\system32\CompatTel
2014-07-17 06:56:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-07-17 06:56:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2014-07-17 06:48:25 -------- d-----w- c:\program files\MSXML 4.0
2014-07-17 06:35:52 2690560 ----a-w- c:\windows\system32\mstscax.dll
2014-07-17 06:35:51 1034240 ----a-w- c:\windows\system32\mstsc.exe
2014-07-17 06:35:35 402944 ----a-w- c:\windows\system32\aepdu.dll
2014-07-17 06:35:35 303104 ----a-w- c:\windows\system32\aeinv.dll
2014-07-17 06:34:30 219136 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-17 06:34:28 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2014-07-17 06:34:28 86016 ----a-w- c:\windows\system32\odbccu32.dll
2014-07-17 06:34:28 81920 ----a-w- c:\windows\system32\odbccr32.dll
2014-07-17 06:34:28 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2014-07-17 06:34:28 163840 ----a-w- c:\windows\system32\odbctrac.dll
2014-07-17 06:34:28 122880 ----a-w- c:\windows\system32\odbccp32.dll
2014-07-17 06:34:21 690688 ----a-w- c:\windows\system32\msvcrt.dll
2014-07-17 06:34:17 163328 ----a-w- c:\windows\system32\profsvc.dll
2014-07-17 06:34:12 78336 ----a-w- c:\windows\system32\synceng.dll
2014-07-17 06:34:04 768512 ----a-w- c:\windows\system32\localspl.dll
2014-07-17 06:33:55 101760 ----a-w- c:\windows\system32\consent.exe
2014-07-17 06:19:53 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-07-17 06:17:31 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-07-16 04:36:45 -------- d-----w- c:\programdata\SimCity Societies
2014-06-26 06:33:53 -------- d-----w- c:\users\german\aTubeCatcher
.
==================== Find3M ====================
.
2014-07-14 18:40:45 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 18:40:44 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-23 06:43:20 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-06-23 06:43:19 801792 ----a-w- c:\windows\system32\FntCache.dll
2014-06-23 06:43:19 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2014-06-23 06:43:19 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-06-23 06:43:18 3181568 ----a-w- c:\windows\system32\mf.dll
2014-06-23 06:43:18 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-06-21 03:27:06 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-06-17 21:37:42 52920 ----a-w- c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys
2014-06-16 11:13:56 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2014-06-16 11:13:48 36152 ----a-w- c:\windows\system32\uxtuneup.dll
2014-06-16 11:13:48 25400 ----a-w- c:\windows\system32\authuitu.dll
.
============= FINISH: 21:59:30,28 ===============
And Attach...


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 23/02/2014 08:41:38 p.m.
System Uptime: 24/07/2014 09:23:15 p.m. (0 hours ago)
.
Motherboard: BIOSTAR Group | | G41D3C
Processor: Intel(R) Celeron(R) D CPU 3.06GHz | CPU 1 | 3066/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 38 GiB total, 15,289 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 38 GiB total, 27,101 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 851,831 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de tunelización Teredo de Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: DatamngrCoordinator.exe - tasklist.exe
IFEO: hamachi-2-ui.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO: lxczaiox.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO: pheditor.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO: skype.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO: uninst.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 5.3
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 12.1
Age of Empires III
Age of Empires III - The Asian Dynasties
µTorrent
aTube Catcher
Avira Free Antivirus
Avira SearchFree Toolbar
Avira Secure Backup
Claw
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
Compresor WinRAR
Dropbox
FaxTools
Full Tilt Poker
GameRanger
Google Chrome
Google Earth
Google Update Helper
Guitar Pro 6
K-Lite Codec Pack 3.6.5 Full
Lexmark 1200 Series
Malwarebytes Anti-Malware versión 2.0.2.1012
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 27.0.1 (x86 es-CL)
Mozilla Firefox 30.0 (x86 es-CL)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
PDF Settings CS5
PokerStars
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
SimCity™ Societies
Skype™ 6.3
swMSM
TuneUp Utilities 2014
TuneUp Utilities 2014 (es-ES)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VirtualCloneDrive
Visual C++ 9.0 CRT (x86) WinSXS MSM
VLC media player 2.1.3
.
==== Event Viewer Messages From Past Week ========
.
24/07/2014 11:34:42 a.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio AntiVirSchedulerService.
24/07/2014 09:18:19 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.
24/07/2014 04:28:32 p.m., Error: Microsoft-Windows-WMPNSS-Service [14332] - El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
22/07/2014 10:07:14 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.
21/07/2014 04:09:56 p.m., Error: VDS Basic Provider [1] - Error inesperado. Código de error: 490@01010004
20/07/2014 02:16:17 a.m., Error: VDS Basic Provider [1] - Error inesperado. Código de error: 490@01010004
18/07/2014 09:21:44 p.m., Error: Service Control Manager [7023] -
17/07/2014 12:03:56 a.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio ShellHWDetection.
17/07/2014 02:08:55 a.m., Error: Service Control Manager [7043] - El servicio Windows Update no se cerró correctamente después de recibir un control de aviso de apagado.
17/07/2014 02:04:07 a.m., Error: volsnap [36] - Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.
17/07/2014 01:49:29 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20] - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80080005: Actualización de seguridad para Windows 7 (KB2691442).
.
==== End Of File ===========================
Thanks

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[GermánPC]

Hi there,

Here are the three reports generated by the two programs you asked me to run on my computer

RogueKiller

RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : German [Admin rights]
Mode : Remove -- Date : 07/25/2014 13:08:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 9 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : Unknown @ 0x8cac8076
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[299] : Unknown @ 0x8cac8080
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x8cac807b
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[347] : Unknown @ 0x8cac8085
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x8cac808a
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x8cac8017
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x8cac809e
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x8cac80a3
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y080M0 ATA Device +++++
--- User ---
[MBR] a1f749c1da7fff34e114ced3fd10199a
[BSP] c6688d8a5ad512aed3906d53206d00ef : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 38983 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 80044032 | Size: 39082 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung M3 Portable USB Device +++++
--- User ---
[MBR] e9db5a75c0c8c2e8fbdc3d91ddcc6ce3
[BSP] d297c4cf4682017552c739fe90d40d7e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953859 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Solicitud no compatible. )


============================================
RKreport_SCN_07212014_232517.log - RKreport_SCN_07252014_130049.log

MBAR (FIRST TIME RAN)

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.25.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
German :: GERMÁN-PC [administrator]

25/07/2014 01:23:33 p.m.
mbar-log-2014-07-25 (13-23-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 263521
Time elapsed: 14 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [34fdc24c6b2e9905616d306a51709be5]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

SYSTEM-LOG.TXT
alwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.066000 GHz
Memory total: 2111168512, free: 446205952

Downloaded database version: v2014.07.25.06
Downloaded database version: v2014.07.17.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 25982597

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 79837184

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 80044032 Numsec = 80039936

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 81964302336 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-160066528-160086528)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 612621C0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 64 Numsec = 1953503936
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000194400256 bytes
Sector size: 512 bytes

Done!
File C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys will be destroyed
Infected: C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys --> [PUP.Optional.Sanbreel.A]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.066000 GHz
Memory total: 2111168512, free: 1426669568

Downloaded database version: v2014.07.25.07
=======================================
Initializing...
------------ Kernel report ------------
07/25/2014 15:00:38
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff85e04498
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xffffffff85deb8f0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff855fd5c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xffffffff85537318
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff855fd5c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff855fd1f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff855fd5c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8514e890, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85537318, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 25982597

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 79837184

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 80044032 Numsec = 80039936

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 81964302336 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-160066528-160086528)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff85e04498, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff857f2020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85e04498, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85deb8f0, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 612621C0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 64 Numsec = 1953503936
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000194400256 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-64-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.066000 GHz
Memory total: 2111168512, free: 1030705152

=======================================

MBAR LOG, SECOND TIME RAN

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.25.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
German :: GERMÁN-PC [administrator]

25/07/2014 03:01:14 p.m.
mbar-log-2014-07-25 (15-01-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 263489
Time elapsed: 12 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
I haven't updated Flash or Java. I suppose I'll have to wait until the computer is totally clean, right? thanks

 

[Broni]

Yes.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[GermánPC]

Goodnight there.
Here is the Log that Combofix generated:
ComboFix 14-07-25.01 - German 25/07/2014 19:35:20.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.57.3082.18.2013.1205 [GMT -5:00]
Running from: c:\users\German\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\InfoSat.txt
c:\users\German\AppData\Local\TempDIR
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-06-26 to 2014-07-26 )))))))))))))))))))))))))))))))
.
.
2014-07-26 00:46 . 2014-07-26 00:46 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD6E9EE-9832-4332-BF00-CE341362D85E}\offreg.dll
2014-07-26 00:46 . 2014-07-26 00:46 -------- d-----w- c:\users\German\AppData\Local\temp
2014-07-26 00:46 . 2014-07-26 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-25 18:22 . 2014-07-25 20:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-25 01:38 . 2014-07-25 20:00 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-25 01:37 . 2014-07-25 20:49 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-25 01:37 . 2014-07-25 01:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-25 01:37 . 2014-07-25 01:37 -------- d-----w- c:\programdata\Malwarebytes
2014-07-25 01:37 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-25 01:37 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-25 01:36 . 2014-07-25 01:36 -------- d-----w- c:\users\German\AppData\Local\Programs
2014-07-22 05:36 . 2014-07-22 05:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 05:36 . 2014-07-22 05:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-22 04:05 . 2014-07-25 22:25 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-22 04:05 . 2014-07-22 04:05 -------- d-----w- c:\programdata\RogueKiller
2014-07-20 03:48 . 2014-07-20 21:29 -------- d-----w- c:\programdata\AVAST Software
2014-07-20 03:14 . 2014-07-20 03:14 -------- d-----w- c:\windows\system32\Adobe
2014-07-18 03:55 . 1997-07-06 13:14 28160 ----a-w- c:\windows\SFMAN32.DLL
2014-07-18 03:54 . 2014-07-18 03:54 -------- d-----w- C:\games
2014-07-18 03:53 . 1996-10-15 23:01 298496 ----a-w- c:\windows\uninst.exe
2014-07-18 01:36 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-07-18 01:36 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-07-18 01:36 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-07-18 01:36 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-07-18 01:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-07-18 01:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-07-18 01:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-07-18 01:35 . 2014-07-18 01:35 -------- d-s---w- c:\windows\system32\CompatTel
2014-07-17 06:56 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-07-17 06:56 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2014-07-17 06:48 . 2014-07-17 06:48 -------- d-----w- c:\program files\MSXML 4.0
2014-07-17 06:35 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2014-07-17 06:35 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2014-07-17 06:35 . 2014-07-01 01:38 402944 ----a-w- c:\windows\system32\aepdu.dll
2014-07-17 06:35 . 2014-07-01 01:35 303104 ----a-w- c:\windows\system32\aeinv.dll
2014-07-17 06:34 . 2012-11-20 05:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-17 06:34 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2014-07-17 06:34 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2014-07-17 06:34 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2014-07-17 06:34 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2014-07-17 06:34 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2014-07-17 06:34 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2014-07-17 06:34 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2014-07-17 06:34 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2014-07-17 06:34 . 2012-09-25 21:55 78336 ----a-w- c:\windows\system32\synceng.dll
2014-07-17 06:34 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2014-07-17 06:33 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2014-07-17 06:19 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-07-17 06:17 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-07-16 04:36 . 2014-07-16 04:38 -------- d-----w- c:\programdata\SimCity Societies
2014-06-26 06:33 . 2014-06-26 06:33 -------- d-----w- c:\users\German\aTubeCatcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-14 18:40 . 2014-02-25 02:39 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 18:40 . 2014-02-25 02:39 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-23 06:44 . 2014-06-23 06:44 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-06-23 06:44 . 2014-06-23 06:44 161792 ----a-w- c:\windows\system32\msls31.dll
2014-06-23 06:44 . 2014-06-23 06:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-23 06:44 . 2014-06-23 06:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-06-23 06:44 . 2014-06-23 06:44 86528 ----a-w- c:\windows\system32\iesysprep.dll
2014-06-23 06:44 . 2014-06-23 06:44 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-06-23 06:44 . 2014-06-23 06:44 74752 ----a-w- c:\windows\system32\iesetup.dll
2014-06-23 06:44 . 2014-06-23 06:44 63488 ----a-w- c:\windows\system32\tdc.ocx
2014-06-23 06:44 . 2014-06-23 06:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-06-23 06:44 . 2014-06-23 06:44 367104 ----a-w- c:\windows\system32\html.iec
2014-06-23 06:44 . 2014-06-23 06:44 23552 ----a-w- c:\windows\system32\licmgr10.dll
2014-06-23 06:44 . 2014-06-23 06:44 152064 ----a-w- c:\windows\system32\wextract.exe
2014-06-23 06:44 . 2014-06-23 06:44 150528 ----a-w- c:\windows\system32\iexpress.exe
2014-06-23 06:44 . 2014-06-23 06:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-23 06:44 . 2014-06-23 06:44 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-23 06:44 . 2014-06-23 06:44 35840 ----a-w- c:\windows\system32\imgutil.dll
2014-06-23 06:44 . 2014-06-23 06:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-23 06:44 . 2014-06-23 06:44 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-23 06:44 . 2014-06-23 06:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-23 06:44 . 2014-06-23 06:44 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-23 06:44 . 2014-06-23 06:44 101888 ----a-w- c:\windows\system32\admparse.dll
2014-06-23 06:43 . 2014-06-23 06:43 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-06-23 06:43 . 2014-06-23 06:43 801792 ----a-w- c:\windows\system32\FntCache.dll
2014-06-23 06:43 . 2014-06-23 06:43 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2014-06-23 06:43 . 2014-06-23 06:43 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-06-23 06:43 . 2014-06-23 06:43 3181568 ----a-w- c:\windows\system32\mf.dll
2014-06-23 06:43 . 2014-06-23 06:43 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-06-21 03:27 . 2014-06-21 03:27 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-06-16 11:13 . 2014-02-25 05:25 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2014-06-16 11:13 . 2014-06-24 02:49 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-06-16 11:13 . 2014-04-28 16:19 36152 ----a-w- c:\windows\system32\uxtuneup.dll
2014-06-03 22:47 . 2014-02-25 02:39 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\German\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\German\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\German\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avira Secure Backup"="c:\program files\Avira Secure Backup\Avira Secure Backup.exe" [2013-12-20 1727056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-14 750160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys [x]
R2 Avira Secure Backup Crawler;Avira Secure Backup Crawler;c:\program files\Avira Secure Backup\Avira Secure BackupCrawler.exe [2013-12-20 2282064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 APNMCP;Servicio de actualización Ask;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-02-13 166352]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-21 243128]
S2 AntiVirSchedulerService;Avira Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-07-14 430160]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-07-14 1030224]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-07-14 35848]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2014-06-16 1781048]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2012-09-24 100504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-21 03:18 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22 05:36]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-24 03:02]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-24 03:02]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 200.75.51.132 200.75.51.133
FF - ProfilePath - c:\users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\
FF - user.js: extensions.nspdlsd.aflt - spd_ir_14_25_ff
FF - user.js: extensions.nspdlsd.instlRef - 142905_a
FF - user.js: extensions.nspdlsd.cr - 1909089721
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutDtDtAtDyCyB0DyByC0F0FyBtD0A0C0CtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtA0B0F0FtDyCyDtG0EtA0DtDtGtCtAzzyCtGtCtA0F0EtGyE0AyEtC0D0Ezz0BzzyE0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0AyByBtC0B0BtG0AtAzz0BtGyDtBtA0AtGyC0A0EzztGtAyD0D0E0A0FtCtC0CzzyDyE2Q
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - dc110acc000000000000003067d76ff7
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16242
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.322:35
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
WebBrowser-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-25 19:49:16
ComboFix-quarantined-files.txt 2014-07-26 00:49
.
Pre-Run: 15.587.217.408 bytes libres
Post-Run: 15.961.923.584 bytes libres
.
- - End Of File - - 61D99F01C85640A56A3B7D47E0A4F284
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[GermánPC]

Ok mate, here are all the logs in order

# AdwCleaner v3.216 - Reporte Creado 25/07/2014 en 20:26:03
# Actualizado 17/07/2014 por Xplode
# Sistema Operativo : Windows 7 Enterprise (32 bits)
# Nombre de usuario : German - GERMÁN-PC
# Ejecutado desde : C:\Users\German\Desktop\adwcleaner_3.216.exe
# Opción : Limpiar

***** [ Servicios ] *****


***** [ Archivos / Carpetas ] *****

Carpeta Borrar : C:\Program Files\trolatunt
Carpeta Borrar : C:\Program Files\VNT
Carpeta Borrar : C:\Users\German\AppData\Local\VNT
Archivo Borrar : C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\user.js
Archivo Borrar : C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Accesos directos ] *****


***** [ Registro ] *****

Clave Borrar : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Clave Borrar : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
[#] Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtual-clonedrive_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtual-clonedrive_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Clave Borrar : HKCU\Software\Softonic
Clave Borrar : HKCU\Software\UpdateStar
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v27.0.1 (es-CL)

[ Archivo : C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\prefs.js ]

Linea borrada : user_pref("extensions.iminent.admin", false);
Linea borrada : user_pref("extensions.iminent.aflt", "orgnl");
Linea borrada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linea borrada : user_pref("extensions.iminent.autoRvrt", "false");
Linea borrada : user_pref("extensions.iminent.dfltLng", "");
Linea borrada : user_pref("extensions.iminent.excTlbr", false);
Linea borrada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linea borrada : user_pref("extensions.iminent.id", "dc110acc000000000000003067d76ff7");
Linea borrada : user_pref("extensions.iminent.instlDay", "16242");
Linea borrada : user_pref("extensions.iminent.instlRef", "");
Linea borrada : user_pref("extensions.iminent.newTab", false);
Linea borrada : user_pref("extensions.iminent.prdct", "iminent");
Linea borrada : user_pref("extensions.iminent.prtnrId", "iminent");
Linea borrada : user_pref("extensions.iminent.rvrt", "false");
Linea borrada : user_pref("extensions.iminent.smplGrp", "none");
Linea borrada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linea borrada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linea borrada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linea borrada : user_pref("extensions.iminent.vrsnTs", "1.8.28.322:35:45");
Linea borrada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linea borrada : user_pref("iminent.LayoutId", "1");
Linea borrada : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
Linea borrada : user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"CO\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"140336171[...]
Linea borrada : user_pref("iminent.enabledAds", "obsolete");
Linea borrada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//I.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Linea borrada : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Linea borrada : user_pref("iminent.version", "8.25.2.1");
Linea borrada : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.25.2.1\",\"InstallEventCTime\":1403321770561,\"InstallEvent\":\"True\"}");

-\\ Google Chrome v

[ Archivo : C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Borrar [Extension] : bakijjialdiiboeaknfpmflphhmljfkd

*************************

AdwCleaner[R0].txt - [11264 octets] - [25/07/2014 20:22:28]
AdwCleaner[S0].txt - [10745 octets] - [25/07/2014 20:26:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10806 octets] ##########

 

[GermánPC]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x86
Ran by German on 25/07/2014 at 20:30:48,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2014 at 20:35:30,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[GermánPC]

OTL logfile created on: 25/07/2014 08:38:13 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\German\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000240a | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy
1,97 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 65,23% Memory free
3,93 Gb Paging File | 3,03 Gb Available in Paging File | 76,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,07 Gb Total Space | 14,67 Gb Free Space | 38,52% Space Free | Partition Type: NTFS
Drive E: | 38,17 Gb Total Space | 27,10 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 851,83 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
Computer Name: GERMÁN-PC | User Name: German | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/07/25 20:21:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\German\Desktop\OTL.exe
PRC - [2014/07/14 13:41:15 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/07/14 13:40:51 | 001,030,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
PRC - [2014/07/14 13:40:50 | 000,426,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/07/14 13:40:44 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/07/14 13:40:44 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/06/16 06:13:52 | 001,952,568 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
PRC - [2014/06/16 06:13:50 | 001,781,048 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/20 05:12:32 | 002,282,064 | ---- | M] () -- C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
PRC - [2013/12/20 05:12:32 | 001,727,056 | ---- | M] () -- C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/20 05:59:42 | 001,642,496 | ---- | M] () -- C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
MOD - [2013/12/20 05:56:14 | 001,774,592 | ---- | M] () -- C:\Program Files\Avira Secure Backup\OnlineBackupFacade.dll
MOD - [2013/12/20 05:12:32 | 001,727,056 | ---- | M] () -- C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
MOD - [2013/10/02 11:40:02 | 000,957,952 | ---- | M] () -- C:\Program Files\Avira Secure Backup\NativeControls7.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007/09/21 10:00:00 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014/07/22 00:36:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/14 13:41:15 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/07/14 13:40:51 | 001,030,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014/07/14 13:40:44 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/06/16 06:13:50 | 001,781,048 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014/06/16 06:13:48 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/13 00:22:47 | 000,166,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/02/12 19:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/20 05:12:32 | 002,282,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe -- (Avira Secure Backup Crawler)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\German\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys -- ({0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw)
DRV - [2014/07/14 13:40:45 | 000,035,848 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avnetflt.sys -- (avnetflt)
DRV - [2014/07/14 13:40:44 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014/06/20 22:27:06 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2014/06/03 17:47:24 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/12/16 14:34:30 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2013/12/13 15:03:01 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/12/13 15:02:58 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/09/24 17:25:18 | 000,100,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-co
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 00 6F 39 A1 89 CF 01 [binary data]
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/results.php?f=4...GtAyD0D0E0A0FtCtC0CzzyDyE2Q&cr=1909089721&ir=
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{9966CE10-E16A-43B0-B77D-70AFA6D48816}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B02450914-cdd9-410f-b1da-db004e18c671%7D:0.97.25c
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: E:\Archivos de Programa\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2014/02/24 22:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Extensions
[2014/07/22 23:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions
[2014/07/21 21:04:10 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\abs@avira.com
[2014/07/16 20:05:13 | 000,667,234 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
[2014/05/27 20:42:02 | 000,773,486 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2014/05/31 13:02:27 | 000,099,548 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
[2014/07/22 23:20:12 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/16 20:01:30 | 000,293,614 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com.co/
CHR - plugin: Primer usuario (Enabled) = E:\Archivos de Programa\VideoLAN\VLC\npvlc.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Búsqueda de Google = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\42.5_0\
CHR - Extension: Gmail = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/07/25 19:46:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-386476388-1774414843-2429878282-1000..\Run: [Avira Secure Backup] C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.75.51.132 200.75.51.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8}: DhcpNameServer = 200.75.51.132 200.75.51.133
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/07/25 20:30:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/25 20:27:52 | 000,000,000 | ---D | C] -- C:\Users\German\AppData\Local\Adobe
[2014/07/25 20:23:18 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/07/25 20:22:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/25 20:20:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\German\Desktop\OTL.exe
[2014/07/25 20:20:42 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\German\Desktop\JRT.exe
[2014/07/25 19:49:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/25 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\German\AppData\Local\temp
[2014/07/25 19:32:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/25 19:32:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/25 19:32:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/25 19:32:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/25 19:31:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/25 19:28:47 | 005,563,277 | R--- | C] (Swearware) -- C:\Users\German\Desktop\ComboFix.exe
[2014/07/25 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/25 13:21:16 | 000,000,000 | ---D | C] -- C:\Users\German\Desktop\mbar
[2014/07/24 20:38:57 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/24 20:37:30 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/07/24 20:37:30 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/07/24 20:37:30 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/07/24 20:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/07/24 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/24 20:36:32 | 000,000,000 | ---D | C] -- C:\Users\German\AppData\Local\Programs
[2014/07/24 20:36:18 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.exe
[2014/07/22 00:36:18 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/22 00:36:18 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/21 23:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/19 22:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/07/19 22:14:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2014/07/17 22:55:13 | 000,028,160 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SFMAN32.DLL
[2014/07/17 22:54:26 | 000,000,000 | ---D | C] -- C:\games
[2014/07/17 22:53:54 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2014/07/17 20:36:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2014/07/17 20:35:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2014/07/17 20:35:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2014/07/17 20:35:14 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2014/07/17 01:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/07/17 01:35:35 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/07/17 01:35:35 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/07/17 01:34:30 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/07/17 01:34:28 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2014/07/17 01:34:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2014/07/17 01:34:28 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2014/07/17 01:34:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2014/07/17 01:34:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2014/07/17 01:34:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2014/07/17 01:33:55 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/07/17 01:20:53 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/07/17 01:20:53 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/07/17 01:20:52 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/07/17 01:20:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/07/17 01:20:52 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/07/17 01:20:52 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/07/17 01:20:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/07/17 01:20:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/07/17 01:20:39 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/07/17 01:20:39 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/07/17 01:20:38 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/07/17 01:20:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/07/17 01:20:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/07/17 01:19:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2014/07/17 01:17:31 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/07/15 23:38:51 | 000,000,000 | ---D | C] -- C:\Users\German\Documents\SimCity Societies
[2014/07/15 23:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SimCity Societies
[2014/07/15 23:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2014/07/15 23:26:26 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2014/07/15 23:26:26 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2014/07/15 23:26:25 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2014/07/15 23:26:25 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2014/07/15 23:26:25 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2014/07/15 23:26:24 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2014/07/15 23:26:23 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2014/07/15 23:26:22 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2014/07/15 23:26:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2014/07/15 23:26:21 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2014/07/15 23:26:21 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2014/07/15 23:26:20 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2014/07/15 23:26:20 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2014/07/15 23:26:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2014/07/15 23:26:19 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2014/07/15 23:26:19 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2014/07/15 23:26:18 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2014/07/15 23:26:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2014/07/15 23:26:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2014/07/15 23:26:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2014/07/15 23:26:07 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2014/07/15 23:26:07 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2014/07/15 23:26:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2014/07/15 23:26:04 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2014/06/26 01:33:53 | 000,000,000 | ---D | C] -- C:\Users\German\aTubeCatcher
========== Files - Modified Within 30 Days ==========
[2014/07/25 20:35:30 | 000,020,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 20:35:30 | 000,020,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 20:27:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/25 20:21:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\German\Desktop\OTL.exe
[2014/07/25 20:20:42 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\German\Desktop\JRT.exe
[2014/07/25 20:20:27 | 001,354,223 | ---- | M] () -- C:\Users\German\Desktop\adwcleaner_3.216.exe
[2014/07/25 19:50:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/25 19:46:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/07/25 19:31:17 | 005,563,277 | R--- | M] (Swearware) -- C:\Users\German\Desktop\ComboFix.exe
[2014/07/25 19:28:24 | 005,222,014 | ---- | M] () -- C:\Users\German\Desktop\ComboFix.rar
[2014/07/25 17:25:43 | 000,029,160 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/07/25 15:49:13 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/07/25 15:00:37 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/24 21:52:44 | 000,688,126 | ---- | M] () -- C:\Users\German\Desktop\dds.rar
[2014/07/24 20:37:41 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/24 20:28:05 | 017,292,849 | ---- | M] () -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.rar
[2014/07/24 20:20:15 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.exe
[2014/07/22 00:36:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/22 00:36:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/21 22:39:57 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/21 22:38:46 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/19 17:12:40 | 003,770,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/19 17:11:37 | 000,006,896 | ---- | M] () -- C:\bootsqm.dat
[2014/07/17 02:04:02 | 000,718,032 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2014/07/17 02:04:02 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/17 02:04:02 | 000,142,228 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2014/07/17 02:04:02 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/14 13:40:45 | 000,035,848 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2014/07/14 13:40:44 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014/06/30 20:38:29 | 000,402,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/06/30 20:35:17 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
========== Files Created - No Company Name ==========
[2014/07/25 20:20:26 | 001,354,223 | ---- | C] () -- C:\Users\German\Desktop\adwcleaner_3.216.exe
[2014/07/25 19:32:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/25 19:32:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/25 19:32:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/25 19:32:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/25 19:32:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/25 19:28:24 | 005,222,014 | ---- | C] () -- C:\Users\German\Desktop\ComboFix.rar
[2014/07/24 21:52:43 | 000,688,126 | ---- | C] () -- C:\Users\German\Desktop\dds.rar
[2014/07/24 20:37:41 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/24 20:27:33 | 017,292,849 | ---- | C] () -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.rar
[2014/07/22 00:36:20 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/21 23:05:50 | 000,029,160 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/07/19 17:12:11 | 003,770,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/19 17:11:37 | 000,006,896 | ---- | C] () -- C:\bootsqm.dat
[2014/07/17 20:35:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/06/22 21:42:46 | 000,007,604 | ---- | C] () -- C:\Users\German\AppData\Local\Resmon.ResmonCfg
[2014/06/16 21:35:03 | 000,000,047 | ---- | C] () -- C:\Users\German\AppData\Roaming\WB.CFG
[2014/04/05 15:13:07 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2014/04/05 15:13:07 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2014/04/05 15:13:07 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2014/04/05 15:13:07 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2014/04/05 15:13:07 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2014/04/05 15:13:07 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2014/04/05 15:13:07 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2014/04/05 15:13:07 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2014/04/05 15:13:07 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2014/04/05 15:13:07 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2014/04/05 15:13:07 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2014/04/05 15:13:07 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2014/04/05 15:13:06 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2014/04/05 15:13:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2014/04/05 15:13:06 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2014/04/05 15:13:06 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2014/04/05 15:13:06 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2014/04/05 14:34:50 | 000,000,076 | ---- | C] () -- C:\Windows\dellstat.ini
[2014/04/05 14:34:47 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini
[2014/02/23 22:23:06 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2014/02/23 22:23:03 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2014/02/23 22:23:03 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2014/02/23 22:23:02 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2014/02/23 22:23:01 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

[GermánPC]

TL Extras logfile created on: 25/07/2014 08:38:13 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\German\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000240a | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy
1,97 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 65,23% Memory free
3,93 Gb Paging File | 3,03 Gb Available in Paging File | 76,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,07 Gb Total Space | 14,67 Gb Free Space | 38,52% Space Free | Partition Type: NTFS
Drive E: | 38,17 Gb Total Space | 27,10 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 851,83 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
Computer Name: GERMÁN-PC | User Name: German | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Archivos de Programa\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Archivos de Programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- E:\Archivos de Programa\Adobe Photoshop CS5\Adobe Photoshop CS5 Extended + Crack\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Archivos de Programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016BCD82-537D-4A53-8BB6-B19D72DE9013}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04077781-644F-4691-A9B2-B771747C3C97}" = rport=139 | protocol=6 | dir=out | app=system |
"{048AEBDD-9A38-4F57-AD3D-16DE1295B1B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B501C3B-A73B-43BA-AE91-0C565D5E9F11}" = lport=138 | protocol=17 | dir=in | app=system |
"{216FDE9C-16C7-4C07-B03C-719EAB7BC1D8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2833C71E-59E0-459F-8C22-76C38DC97308}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B12CBFB-12A8-4029-9931-1B7C4DD5EABC}" = rport=445 | protocol=6 | dir=out | app=system |
"{4F203B99-2FE1-4DCE-9FAA-714A39556860}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A0A3F1C-1393-4A27-A84D-FD246463B0DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79DF6711-FEAF-44FF-B9B2-37B8803CB019}" = lport=445 | protocol=6 | dir=in | app=system |
"{802D4B91-A716-4299-BD4D-BEC46190E8F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D087F84-FAD6-4002-888D-714646732334}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{92DD8736-9C98-4807-8BA8-1191D0A76C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A274EFE9-8AB0-4D33-8A7E-9869182347F7}" = rport=137 | protocol=17 | dir=out | app=system |
"{A2E6B998-8446-44B1-B47C-434B382015D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A710DAC0-2CE2-4C0E-AFF5-0AF4C1EA34C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA5C68CD-5E21-4503-B55F-E180A2FF72B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC2C0B60-0DFC-4041-9737-F64282681E8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C226888C-F29F-47A7-9B5E-BBF3EF0E43E0}" = lport=139 | protocol=6 | dir=in | app=system |
"{DA17D6C9-DBC1-404D-8337-B99B19ABEDA8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{DDFC22F4-6257-48BD-9A58-2AF730ACCFED}" = rport=138 | protocol=17 | dir=out | app=system |
"{E71F0970-1FB4-4E5A-89A3-833EDB5517B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037C2554-5AE8-4193-B774-11D69965214A}" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\dropbox\bin\dropbox.exe |
"{18E6D4F1-4E83-4B87-A275-77353FEB33F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21055B78-6FF4-443F-9F00-EF27D7D14C93}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{2EF23987-376F-4205-9A65-EF1B4FC5B9AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F2E47FA-F37C-4522-8A96-F93CE8642753}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{306F265B-B0DB-498B-B70A-D44A6542D280}" = protocol=58 | dir=in | app=system |
"{32FAE8FD-D6B8-42D2-ACA7-85D6549A7685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36E34160-C1B2-4D69-AA6D-74E9AB2BA410}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{427CEDC2-EE72-4587-A6F6-A45271DF56AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{481A23EF-0AF0-4C09-9958-8554F223140A}" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\utorrent\utorrent.exe |
"{49C52784-C544-412C-AC87-6D9C50C84400}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{584562A6-D9D7-45BE-8388-5F3D834C829E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{588D61F4-D9D1-4208-B54C-88551DEF9BC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60BFA02B-4E1B-423A-BED6-94A966AC1370}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A49B090-B6CF-4CD2-8DFE-72D784D4FC7B}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{6B4991A5-50F6-4E4D-B918-33EFD7A007D5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{7E3EF099-15E9-42B2-93E0-B55FC466FAD1}" = protocol=17 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
"{9A3100A8-ABDA-4DAD-ABD8-6D62D2F0A2BE}" = protocol=17 | dir=in | app=f:\aoeiii\age3y.exe |
"{9E79CED6-EAA7-4953-A540-C32DCCC0EABE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A1D9E5CC-6260-4D3C-BB8B-5E65F201A592}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A4500FA3-C97F-4304-BF15-ECE70603BBB8}" = protocol=6 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
"{A49ECA4E-46EF-4491-8353-7F30DD95F2C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5A626EA-27A6-4F65-BBAA-A1800A4B11A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A7FC8C1A-4FB3-4BCE-A92C-1DBCD6FDFED8}" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\utorrent\utorrent.exe |
"{AB1D2011-A5AF-46BB-9037-AA948ED12CE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AC78EE70-3531-4B4B-A944-A9EC683EA76C}" = protocol=6 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
"{B48FB334-292B-4E9D-B44A-D3CB9CB83DF8}" = protocol=6 | dir=in | app=c:\users\german\downloads\utorrent.exe |
"{B8244CF7-6416-4651-B755-C2FDB2BB5927}" = protocol=17 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
"{C0315F58-E525-4ABC-8443-DD7146641AE3}" = protocol=6 | dir=in | app=f:\aoeiii\age3y.exe |
"{C63C21A7-07E9-4DA7-8C85-AA6AD289DE33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D253AB5A-5057-4ECB-87A5-34AD5A2A9822}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E0284F5A-8CFD-4A89-AB73-75B3BB3C619A}" = protocol=6 | dir=out | app=system |
"{E406461B-2267-49D5-AA20-87577582DE2C}" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\dropbox\bin\dropbox.exe |
"{E72E4EA7-DB1B-49E3-AC69-630630944B13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E833EEC1-EF15-4A47-AB27-8993CAD65E4E}" = protocol=17 | dir=in | app=c:\users\german\downloads\utorrent.exe |
"{EA4553D2-3F69-450A-92DC-4B8F03D85AC6}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{FC3D84A1-2EE1-4D36-A7A4-0B9C908FA2E9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{FDD47998-E426-47D6-A22D-5BBED0AED9F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF24472E-20A6-49DA-9C4D-235907D886CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{02A2DBD9-CF7E-444D-8429-AD241B96C698}C:\games\claw\claw.exe" = protocol=6 | dir=in | app=c:\games\claw\claw.exe |
"TCP Query User{901B3C9A-76C3-4782-ACB8-A91266FDEA64}F:\aoeii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
"TCP Query User{9F79F3C4-A056-4DF7-9F1D-623ECB6A9983}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{D2B89A6D-1365-4C6A-9D16-9EFC8BDDBA2E}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{E9173C86-4D76-4D80-95DA-CE74EB594676}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{00619D2B-F311-4A1A-A9DC-D1AB516C0D13}F:\aoeii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
"UDP Query User{72D379F8-C36B-4A14-8EBA-497640A83E1B}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{8D58E391-3FB0-4960-AB97-D4B14535B69B}C:\games\claw\claw.exe" = protocol=17 | dir=in | app=c:\games\claw\claw.exe |
"UDP Query User{DE952754-63BB-4FF0-A370-AEEA6F417C53}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{FC2507ED-2911-45D7-83B3-0E577E397A30}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41564952-412D-5637-4300-A758B70C0A03}" = Avira SearchFree Toolbar
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F86810F-BE5B-4FB1-BA5A-EFD8F65F5EE4}" = Adobe Photoshop Lightroom 5.3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{993908C2-50E1-4CCB-9846-D663D340896C}" = Age of Empires III
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B9F7B0C4-3AE0-41AF-B60F-ADACEAE856E3}" = TuneUp Utilities 2014 (es-ES)
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"Avira Secure Backup" = Avira Secure Backup
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Claw" = Claw
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Google Chrome" = Google Chrome
"InstallShield_{993908C2-50E1-4CCB-9846-D663D340896C}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versión 2.0.2.1012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 27.0.1 (x86 es-CL)" = Mozilla Firefox 27.0.1 (x86 es-CL)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PokerStars" = PokerStars
"TuneUp Utilities" = TuneUp Utilities 2014
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = Compresor WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"Mozilla Firefox 30.0 (x86 es-CL)" = Mozilla Firefox 30.0 (x86 es-CL)
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 25/07/2014 09:45:06 p.m. | Computer Name = Germán-PC | Source = DCOM | ID = 10010
Description =
< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\German\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys -- ({0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw)
IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/results.php?f=4...GtAyD0D0E0A0FtCtC0CzzyDyE2Q&cr=1909089721&ir=
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Click on "Run ESET Online Scanner" button.
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[GermánPC]

Here are the logs. I tried to run ESET online scanner on IE and mozilla but it was not possible. It just didn't run. On mozilla the webpage asked me to download a file so the scanner could be ran, but as the lat time I try to download, the download was 'successfull' until I tried to open de .exe, and showed me an error which concludes that the file I tried to open is not a win32 valid application. On IE seems that is because flash or java's outdated versions.

ll processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\German\AppData\Local\Temp\catchme.sys not found.
Service {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw stopped successfully!
Service {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw deleted successfully!
File system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys not found.
Registry key HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: German
->Temp folder emptied: 2188243 bytes
->Temporary Internet Files folder emptied: 5373452 bytes
->FireFox cache emptied: 18074751 bytes
->Google Chrome cache emptied: 14886856 bytes
->Flash cache emptied: 901 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525132 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 39,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: German
User: Public
Total Java Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: German
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07252014_212020

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000008DBF4E39D7FE623D1A not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[GermánPC]

Results of screen317's Security Check version 0.99.86
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014
TuneUp Utilities 2014 (es-ES)
TuneUp Utilities 2014
Adobe Flash Player 11.7.700.224 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 27.0.1 Firefox out of Date!
Google Chrome 34.0.1847.131
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

 

[GermánPC]

Arbar Service Scanner Version: 21-07-2014
Ran by German (administrator) on 25-07-2014 at 21:42:59
Running from "C:\Users\German\Desktop"
Microsoft Windows 7 Enterprise (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Broni]

Your Windows installation is outdated...no Service Pack 1.
Why?

 

[GermánPC]

I don't know...

 

[GermánPC]

Maybe is because is not a legal version...

 

[Broni]

We may have a problem then.
Your issue may be caused by not updated Windows.

The only thing I can suggest is to reset browsers...

Reset Internet Explorer.
Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
You can use ANY browser to download "FixIt" file.
Make sure you follow ALL steps listed there.

Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

If the above doesn't help...

Uninstall Firefox completely using this manual: http://kb.mozillazine.org/Uninstalling_Firefox
NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy.

Your Firefox is outdated as well.

 

[GermánPC]

There was a conflict between two versions of Mozilla. 27 and 30. I just uninstalled v27, and tried to reset IE but the FixIt tool doesn't works. Also, how can I delete all the programs used for the cleaning process?

By the way, downloads still slow and with with errors.