TechSpot

Downloads do not complete

Solved
By GermánPC
Jul 22, 2014
  1. Good night guys:

    5 or 6 days ago web browsers started to be slow. Flash required an update so I ran the .exe to update it. So, as it didn't work, because all the web browsers were running even slowly, I decided to uninstall and reinstall Flash. I uninstalled it, but now when I try to download the newest version from adobe's site, the download don't completes. Worst of all is that Windows Defender showed that it needed to be updated but happened jus the same than with Flash, and I have to add that all download that implies an update of the OS system, don't complete either, without showing any error on the screen.

    I supposed it was a virus so I ran Avira full scan but any threat was detected. Then I installed Avast (whitout uninstalling Avira, and because a friend of mine must sent me the file compressed) and programmed the the scan that runs before boot and nothing was detected. Due to the conflict between both antivirus softwares, the computers turned out very slowly so I uninstalled Avast.

    Finally, Avira detected, after rebooting a lot of times, a trojan which was deleted and now I can't remember its name, but which also deleted google chrome, which actually was the one with the trojan on it. I opened Mozilla again to check if everything was ok but no... it remains the same. The pictures looks weird, with rare colors and videos only works on youtube and with low quality (over 320p it crashes). I ususally watch videos on Vimeo and what happens there is that it runs very few time of the video and then a green screen appears and I can't keep watching. I think that is because I had to install Flash 11 (which I fortunately had), but as I wrote earlier, I can't update it. I just uninstalled flash 11 again, but the downloads have the same problem. I looked up on google and found RogueKiller. I tried to install jaa -which I didn't have- and again... the download was not successfull.

    NOTE: Tuneup Utilities says that my Teredo Tunneling Pseudo Interface its outdated, but when I tried to update, again, the update is no avalaible for some kind of error that my computer doesn't even show. The same happened with windows update.

    I can keep downloading PDF files, music (but not videos) and the webpages sometimes take too much to load and sometimes they don't even load.

    I use Mozilla and Chrome. Win 7 Enterprise 32 bits.

    Here is the report of RK:

    gueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : German [Admin rights]
    Mode : Scan -- Date : 07/21/2014 23:25:17

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> FOUND
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 9 (Driver: LOADED) ¤¤¤
    [SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : Unknown @ 0x904c8fbe
    [SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[299] : Unknown @ 0x904c8fc8
    [SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x904c8fc3
    [SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[347] : Unknown @ 0x904c8fcd
    [SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x904c8fd2
    [SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x904c8f5f
    [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x904c8fe6
    [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x904c8feb
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Maxtor 6Y080M0 ATA Device +++++
    --- User ---
    [MBR] a1f749c1da7fff34e114ced3fd10199a
    [BSP] c6688d8a5ad512aed3906d53206d00ef : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 38983 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 80044032 | Size: 39082 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Samsung M3 Portable USB Device +++++
    --- User ---
    [MBR] e9db5a75c0c8c2e8fbdc3d91ddcc6ce3
    [BSP] d297c4cf4682017552c739fe90d40d7e : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953859 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] Solicitud no compatible. )
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    I am going to let you know how does it goes after I finish those steps you posted. Thank you
     
  5. Broni

    Broni Malware Annihilator Posts: 47,037   +255

  6. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Just finished MBAM scan. Here is the log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 24/07/2014
    Scan Time: 08:43:39 p.m.
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.03.04.09
    Rootkit Database: v2014.07.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x86
    File System: NTFS
    User: German

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 212113
    Time Elapsed: 21 min, 47 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 6
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [95b41ee1c0bad1657fcaabc950b2af51],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [53f6748b483242f49fabdd970002f907],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [391087789edc1f17c2b097fe21e1738d],
    Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [a3a6bf406b0f55e127705eba61a2dc24],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-386476388-1774414843-2429878282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Delete-on-Reboot, [262334cb80faee4892e6652f9c66d729],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-386476388-1774414843-2429878282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Delete-on-Reboot, [92b79b64f08af83e735ba604af5405fb],

    Registry Values: 2
    Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe", Quarantined, [a3a6bf406b0f55e127705eba61a2dc24]
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-386476388-1774414843-2429878282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1V2X1Q1R1M1F, Delete-on-Reboot, [92b79b64f08af83e735ba604af5405fb]

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.Iminent.A, C:\Program Files\IminentToolbar, Quarantined, [fb4e7e8182f8072fe1a16026fd0529d7],
    PUP.Optional.Iminent.A, C:\Users\German\AppData\Roaming\IminentToolbar, Quarantined, [1f2a5ba4bcbe54e285d9117748baff01],

    Files: 5
    Riskware.Tool.CK, C:\Users\German\Downloads\Activador_Windows_7_Loader_eXtreme_Edition_3.010_oCioLaPalma.com.zip, Quarantined, [9faa07f83e3c9b9b493b58a361a2c53b],
    PUP.Optional.Softonic.A, C:\Users\German\Downloads\SoftonicDownloader_para_virtual-clonedrive.exe, Quarantined, [92b7bc437efc69cd1ae9ec767c859f61],
    Riskware.Tool.CK, C:\Users\German\Downloads\Windows 7 Loader eXtreme Edition 3.010.exe, Quarantined, [301998673842c76f5a2a4ab111f29d63],
    PUP.Optional.OpenCandy, C:\Users\German\Downloads\DTLite4491-0356.exe, Quarantined, [054458a7a9d184b2a541b79a4aba23dd],
    PUP.Optional.Iminent.A, C:\Users\German\AppData\Roaming\IminentToolbar\sqlite3.dll, Quarantined, [1f2a5ba4bcbe54e285d9117748baff01],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Here are the DDS' logs
    DDS
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16555
    Run by German at 21:59:05 on 2014-07-24
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.57.3082.18.2013.1248 [GMT -5:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
    C:\Windows\system32\lxczcoms.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k swprv
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    uRun: [Avira Secure Backup] "c:\program files\avira secure backup\Avira Secure Backup.exe" /delayed
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [lxczbmgr.exe] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 200.75.51.132 200.75.51.133
    TCP: Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} : DHCPNameServer = 200.75.51.132 200.75.51.133
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: DatamngrCoordinator.exe - tasklist.exe
    IFEO: hamachi-2-ui.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
    IFEO: lxczaiox.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
    IFEO: pheditor.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
    IFEO: skype.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\german\appdata\roaming\mozilla\firefox\profiles\eawdtxr0.default\
    FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1213153.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
    FF - plugin: e:\archivos de programa\videolan\vlc\npvlc.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.nspdlsd.aflt - spd_ir_14_25_ff
    FF - user.js: extensions.nspdlsd.instlRef - 142905_a
    FF - user.js: extensions.nspdlsd.cr - 1909089721
    FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutDtDtAtDyCyB0DyByC0F0FyBtD0A0C0CtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtA0B0F0FtDyCyDtG0EtA0DtDtGtCtAzzyCtGtCtA0F0EtGyE0AyEtC0D0Ezz0BzzyE0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0AyByBtC0B0BtG0AtAzz0BtGyDtBtA0AtGyC0A0EzztGtAyD0D0E0A0FtCtC0CzzyDyE2Q
    .
    FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
    FF - user.js: extensions.iminent.id - dc110acc000000000000003067d76ff7
    FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
    FF - user.js: extensions.iminent.instlDay - 16242
    FF - user.js: extensions.iminent.vrsn - 1.8.28.3
    FF - user.js: extensions.iminent.vrsni - 1.8.28.3
    FF - user.js: extensions.iminent.vrsnTs - 1.8.28.322:35:45
    FF - user.js: extensions.iminent.prtnrId - iminent
    FF - user.js: extensions.iminent.prdct - iminent
    FF - user.js: extensions.iminent.aflt - orgnl
    FF - user.js: extensions.iminent.smplGrp - none
    FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
    FF - user.js: extensions.iminent.instlRef -
    FF - user.js: extensions.iminent.dfltLng -
    FF - user.js: extensions.iminent.excTlbr - false
    FF - user.js: extensions.iminent.ffxUnstlRst - false
    FF - user.js: extensions.iminent.admin - false
    FF - user.js: extensions.iminent.autoRvrt - false
    FF - user.js: extensions.iminent.rvrt - false
    FF - user.js: extensions.iminent.newTab - false
    .
    .
    .
    .
    .
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys [2014-6-21 52920]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-2-24 37352]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-6-20 243128]
    R2 AntiVirSchedulerService;Avira Programador;c:\program files\avira\antivir desktop\sched.exe [2014-2-24 430160]
    R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2014-2-24 430160]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebg7.exe [2014-2-24 1030224]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-2-24 97648]
    R2 Avira Secure Backup Crawler;Avira Secure Backup Crawler;c:\program files\avira secure backup\Avira Secure BackupCrawler.exe [2013-12-20 2282064]
    R2 avnetflt;avnetflt;c:\windows\system32\drivers\avnetflt.sys [2014-2-24 35848]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-24 1809720]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-24 860472]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-6-16 1781048]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2014-2-23 100504]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-24 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-24 110296]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-24 51928]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 StorSvc;Servicio de almacenamiento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S4 APNMCP;Servicio de actualización Ask;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-2-13 166352]
    S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
    .
    =============== Created Last 30 ================
    .
    2014-07-25 01:38:57 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-07-25 01:37:30 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-25 01:37:30 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-07-25 01:37:30 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-07-25 01:37:30 -------- d-----w- c:\programdata\Malwarebytes
    2014-07-25 01:37:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-07-25 01:36:32 -------- d-----w- c:\users\german\appdata\local\Programs
    2014-07-24 21:41:44 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{efd6e9ee-9832-4332-bf00-ce341362d85e}\offreg.dll
    2014-07-22 13:38:09 -------- d-----w- c:\users\german\appdata\local\Adobe
    2014-07-22 05:36:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-07-22 05:36:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-07-22 04:05:50 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-07-22 04:05:46 -------- d-----w- c:\programdata\RogueKiller
    2014-07-20 03:48:10 -------- d-----w- c:\programdata\AVAST Software
    2014-07-20 03:14:04 -------- d-----w- c:\windows\system32\Adobe
    2014-07-18 03:55:13 28160 ----a-w- c:\windows\SFMAN32.DLL
    2014-07-18 03:54:26 -------- d-----w- C:\games
    2014-07-18 03:53:54 298496 ----a-w- c:\windows\uninst.exe
    2014-07-18 01:36:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2014-07-18 01:36:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2014-07-18 01:36:00 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2014-07-18 01:36:00 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2014-07-18 01:35:58 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2014-07-18 01:35:57 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2014-07-18 01:35:57 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2014-07-18 01:35:14 -------- d-s---w- c:\windows\system32\CompatTel
    2014-07-17 06:56:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-07-17 06:56:27 233472 ----a-w- c:\windows\system32\oleacc.dll
    2014-07-17 06:48:25 -------- d-----w- c:\program files\MSXML 4.0
    2014-07-17 06:35:52 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2014-07-17 06:35:51 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2014-07-17 06:35:35 402944 ----a-w- c:\windows\system32\aepdu.dll
    2014-07-17 06:35:35 303104 ----a-w- c:\windows\system32\aeinv.dll
    2014-07-17 06:34:30 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2014-07-17 06:34:28 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
    2014-07-17 06:34:28 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2014-07-17 06:34:28 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2014-07-17 06:34:28 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2014-07-17 06:34:28 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2014-07-17 06:34:28 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2014-07-17 06:34:21 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2014-07-17 06:34:17 163328 ----a-w- c:\windows\system32\profsvc.dll
    2014-07-17 06:34:12 78336 ----a-w- c:\windows\system32\synceng.dll
    2014-07-17 06:34:04 768512 ----a-w- c:\windows\system32\localspl.dll
    2014-07-17 06:33:55 101760 ----a-w- c:\windows\system32\consent.exe
    2014-07-17 06:19:53 123904 ----a-w- c:\windows\system32\poqexec.exe
    2014-07-17 06:17:31 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2014-07-16 04:36:45 -------- d-----w- c:\programdata\SimCity Societies
    2014-06-26 06:33:53 -------- d-----w- c:\users\german\aTubeCatcher
    .
    ==================== Find3M ====================
    .
    2014-07-14 18:40:45 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-07-14 18:40:44 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-06-23 06:43:20 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2014-06-23 06:43:19 801792 ----a-w- c:\windows\system32\FntCache.dll
    2014-06-23 06:43:19 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2014-06-23 06:43:19 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2014-06-23 06:43:18 3181568 ----a-w- c:\windows\system32\mf.dll
    2014-06-23 06:43:18 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2014-06-21 03:27:06 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2014-06-17 21:37:42 52920 ----a-w- c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys
    2014-06-16 11:13:56 36664 ----a-w- c:\windows\system32\TURegOpt.exe
    2014-06-16 11:13:48 36152 ----a-w- c:\windows\system32\uxtuneup.dll
    2014-06-16 11:13:48 25400 ----a-w- c:\windows\system32\authuitu.dll
    .
    ============= FINISH: 21:59:30,28 ===============
    And Attach...


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23/02/2014 08:41:38 p.m.
    System Uptime: 24/07/2014 09:23:15 p.m. (0 hours ago)
    .
    Motherboard: BIOSTAR Group | | G41D3C
    Processor: Intel(R) Celeron(R) D CPU 3.06GHz | CPU 1 | 3066/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 38 GiB total, 15,289 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 38 GiB total, 27,101 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 851,831 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Adaptador de tunelización Teredo de Microsoft
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Image File Execution Options =============
    .
    IFEO: DatamngrCoordinator.exe - tasklist.exe
    IFEO: hamachi-2-ui.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
    IFEO: lxczaiox.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
    IFEO: pheditor.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
    IFEO: skype.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
    IFEO: uninst.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Photoshop Lightroom 5.3
    Adobe Reader XI (11.0.07)
    Adobe Shockwave Player 12.1
    Age of Empires III
    Age of Empires III - The Asian Dynasties
    µTorrent
    aTube Catcher
    Avira Free Antivirus
    Avira SearchFree Toolbar
    Avira Secure Backup
    Claw
    Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
    Compresor WinRAR
    Dropbox
    FaxTools
    Full Tilt Poker
    GameRanger
    Google Chrome
    Google Earth
    Google Update Helper
    Guitar Pro 6
    K-Lite Codec Pack 3.6.5 Full
    Lexmark 1200 Series
    Malwarebytes Anti-Malware versión 2.0.2.1012
    Microsoft .NET Framework 4 Client Profile
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 27.0.1 (x86 es-CL)
    Mozilla Firefox 30.0 (x86 es-CL)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    PDF Settings CS5
    PokerStars
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    SimCity™ Societies
    Skype™ 6.3
    swMSM
    TuneUp Utilities 2014
    TuneUp Utilities 2014 (es-ES)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VirtualCloneDrive
    Visual C++ 9.0 CRT (x86) WinSXS MSM
    VLC media player 2.1.3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    24/07/2014 11:34:42 a.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio AntiVirSchedulerService.
    24/07/2014 09:18:19 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.
    24/07/2014 04:28:32 p.m., Error: Microsoft-Windows-WMPNSS-Service [14332] - El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
    22/07/2014 10:07:14 p.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Netman.
    21/07/2014 04:09:56 p.m., Error: VDS Basic Provider [1] - Error inesperado. Código de error: 490@01010004
    20/07/2014 02:16:17 a.m., Error: VDS Basic Provider [1] - Error inesperado. Código de error: 490@01010004
    18/07/2014 09:21:44 p.m., Error: Service Control Manager [7023] -
    17/07/2014 12:03:56 a.m., Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio ShellHWDetection.
    17/07/2014 02:08:55 a.m., Error: Service Control Manager [7043] - El servicio Windows Update no se cerró correctamente después de recibir un control de aviso de apagado.
    17/07/2014 02:04:07 a.m., Error: volsnap [36] - Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.
    17/07/2014 01:49:29 a.m., Error: Microsoft-Windows-WindowsUpdateClient [20] - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80080005: Actualización de seguridad para Windows 7 (KB2691442).
    .
    ==== End Of File ===========================
    Thanks :)
     
  8. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Hi there,

    Here are the three reports generated by the two programs you asked me to run on my computer

    RogueKiller

    RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : German [Admin rights]
    Mode : Remove -- Date : 07/25/2014 13:08:24

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8} | DhcpNameServer : 200.75.51.132 200.75.51.133 -> NOT SELECTED
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 9 (Driver: LOADED) ¤¤¤
    [SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : Unknown @ 0x8cac8076
    [SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[299] : Unknown @ 0x8cac8080
    [SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x8cac807b
    [SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[347] : Unknown @ 0x8cac8085
    [SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x8cac808a
    [SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x8cac8017
    [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x8cac809e
    [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x8cac80a3
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Maxtor 6Y080M0 ATA Device +++++
    --- User ---
    [MBR] a1f749c1da7fff34e114ced3fd10199a
    [BSP] c6688d8a5ad512aed3906d53206d00ef : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 38983 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 80044032 | Size: 39082 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Samsung M3 Portable USB Device +++++
    --- User ---
    [MBR] e9db5a75c0c8c2e8fbdc3d91ddcc6ce3
    [BSP] d297c4cf4682017552c739fe90d40d7e : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953859 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] Solicitud no compatible. )


    ============================================
    RKreport_SCN_07212014_232517.log - RKreport_SCN_07252014_130049.log

    MBAR (FIRST TIME RAN)

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.07.25.06

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    German :: GERMÁN-PC [administrator]

    25/07/2014 01:23:33 p.m.
    mbar-log-2014-07-25 (13-23-33).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 263521
    Time elapsed: 14 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [34fdc24c6b2e9905616d306a51709be5]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    SYSTEM-LOG.TXT
    alwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.066000 GHz
    Memory total: 2111168512, free: 446205952

    Downloaded database version: v2014.07.25.06
    Downloaded database version: v2014.07.17.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 25982597

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 79837184

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 80044032 Numsec = 80039936

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 81964302336 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-160066528-160086528)...
    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 612621C0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 64 Numsec = 1953503936
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000194400256 bytes
    Sector size: 512 bytes

    Done!
    File C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys will be destroyed
    Infected: C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys --> [PUP.Optional.Sanbreel.A]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.066000 GHz
    Memory total: 2111168512, free: 1426669568

    Downloaded database version: v2014.07.25.07
    =======================================
    Initializing...
    ------------ Kernel report ------------
    07/25/2014 15:00:38
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\imofugc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\ACPI.sys
    \SystemRoot\system32\DRIVERS\WMILIB.SYS
    \SystemRoot\system32\DRIVERS\msisadrv.sys
    \SystemRoot\system32\DRIVERS\pci.sys
    \SystemRoot\system32\DRIVERS\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\intelide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\atapi.sys
    \SystemRoot\system32\DRIVERS\ataport.SYS
    \SystemRoot\system32\DRIVERS\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\ssmdrv.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\L1C62x86.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\parvdm.sys
    \SystemRoot\system32\DRIVERS\avnetflt.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff85e04498
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000069\
    Lower Device Object: 0xffffffff85deb8f0
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff855fd5c0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
    Lower Device Object: 0xffffffff85537318
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff855fd5c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff855fd1f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff855fd5c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8514e890, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85537318, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 25982597

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 79837184

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 80044032 Numsec = 80039936

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 81964302336 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-160066528-160086528)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff85e04498, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff857f2020, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff85e04498, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff85deb8f0, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 612621C0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 64 Numsec = 1953503936
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000194400256 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-64-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.066000 GHz
    Memory total: 2111168512, free: 1030705152

    =======================================

    MBAR LOG, SECOND TIME RAN

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.07.25.07

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    German :: GERMÁN-PC [administrator]

    25/07/2014 03:01:14 p.m.
    mbar-log-2014-07-25 (15-01-14).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 263489
    Time elapsed: 12 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    I haven't updated Flash or Java. I suppose I'll have to wait until the computer is totally clean, right? thanks :)
     
  10. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Yes.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Goodnight there.
    Here is the Log that Combofix generated:
    ComboFix 14-07-25.01 - German 25/07/2014 19:35:20.1.1 - x86
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.57.3082.18.2013.1205 [GMT -5:00]
    Running from: c:\users\German\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\InfoSat.txt
    c:\users\German\AppData\Local\TempDIR
    F:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-06-26 to 2014-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2014-07-26 00:46 . 2014-07-26 00:46 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD6E9EE-9832-4332-BF00-CE341362D85E}\offreg.dll
    2014-07-26 00:46 . 2014-07-26 00:46 -------- d-----w- c:\users\German\AppData\Local\temp
    2014-07-26 00:46 . 2014-07-26 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-07-25 18:22 . 2014-07-25 20:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-07-25 01:38 . 2014-07-25 20:00 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-07-25 01:37 . 2014-07-25 20:49 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-25 01:37 . 2014-07-25 01:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-07-25 01:37 . 2014-07-25 01:37 -------- d-----w- c:\programdata\Malwarebytes
    2014-07-25 01:37 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-07-25 01:37 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-07-25 01:36 . 2014-07-25 01:36 -------- d-----w- c:\users\German\AppData\Local\Programs
    2014-07-22 05:36 . 2014-07-22 05:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-07-22 05:36 . 2014-07-22 05:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-07-22 04:05 . 2014-07-25 22:25 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-07-22 04:05 . 2014-07-22 04:05 -------- d-----w- c:\programdata\RogueKiller
    2014-07-20 03:48 . 2014-07-20 21:29 -------- d-----w- c:\programdata\AVAST Software
    2014-07-20 03:14 . 2014-07-20 03:14 -------- d-----w- c:\windows\system32\Adobe
    2014-07-18 03:55 . 1997-07-06 13:14 28160 ----a-w- c:\windows\SFMAN32.DLL
    2014-07-18 03:54 . 2014-07-18 03:54 -------- d-----w- C:\games
    2014-07-18 03:53 . 1996-10-15 23:01 298496 ----a-w- c:\windows\uninst.exe
    2014-07-18 01:36 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2014-07-18 01:36 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2014-07-18 01:36 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2014-07-18 01:36 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2014-07-18 01:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2014-07-18 01:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2014-07-18 01:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2014-07-18 01:35 . 2014-07-18 01:35 -------- d-s---w- c:\windows\system32\CompatTel
    2014-07-17 06:56 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-07-17 06:56 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
    2014-07-17 06:48 . 2014-07-17 06:48 -------- d-----w- c:\program files\MSXML 4.0
    2014-07-17 06:35 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2014-07-17 06:35 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2014-07-17 06:35 . 2014-07-01 01:38 402944 ----a-w- c:\windows\system32\aepdu.dll
    2014-07-17 06:35 . 2014-07-01 01:35 303104 ----a-w- c:\windows\system32\aeinv.dll
    2014-07-17 06:34 . 2012-11-20 05:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2014-07-17 06:34 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2014-07-17 06:34 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2014-07-17 06:34 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2014-07-17 06:34 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2014-07-17 06:34 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2014-07-17 06:34 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
    2014-07-17 06:34 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2014-07-17 06:34 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
    2014-07-17 06:34 . 2012-09-25 21:55 78336 ----a-w- c:\windows\system32\synceng.dll
    2014-07-17 06:34 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
    2014-07-17 06:33 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
    2014-07-17 06:19 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2014-07-17 06:17 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2014-07-16 04:36 . 2014-07-16 04:38 -------- d-----w- c:\programdata\SimCity Societies
    2014-06-26 06:33 . 2014-06-26 06:33 -------- d-----w- c:\users\German\aTubeCatcher
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-07-14 18:40 . 2014-02-25 02:39 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-07-14 18:40 . 2014-02-25 02:39 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-06-23 06:44 . 2014-06-23 06:44 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2014-06-23 06:44 . 2014-06-23 06:44 161792 ----a-w- c:\windows\system32\msls31.dll
    2014-06-23 06:44 . 2014-06-23 06:44 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-06-23 06:44 . 2014-06-23 06:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2014-06-23 06:44 . 2014-06-23 06:44 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2014-06-23 06:44 . 2014-06-23 06:44 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2014-06-23 06:44 . 2014-06-23 06:44 74752 ----a-w- c:\windows\system32\iesetup.dll
    2014-06-23 06:44 . 2014-06-23 06:44 63488 ----a-w- c:\windows\system32\tdc.ocx
    2014-06-23 06:44 . 2014-06-23 06:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2014-06-23 06:44 . 2014-06-23 06:44 367104 ----a-w- c:\windows\system32\html.iec
    2014-06-23 06:44 . 2014-06-23 06:44 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2014-06-23 06:44 . 2014-06-23 06:44 152064 ----a-w- c:\windows\system32\wextract.exe
    2014-06-23 06:44 . 2014-06-23 06:44 150528 ----a-w- c:\windows\system32\iexpress.exe
    2014-06-23 06:44 . 2014-06-23 06:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-06-23 06:44 . 2014-06-23 06:44 421376 ----a-w- c:\windows\system32\vbscript.dll
    2014-06-23 06:44 . 2014-06-23 06:44 35840 ----a-w- c:\windows\system32\imgutil.dll
    2014-06-23 06:44 . 2014-06-23 06:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-06-23 06:44 . 2014-06-23 06:44 1810432 ----a-w- c:\windows\system32\jscript9.dll
    2014-06-23 06:44 . 2014-06-23 06:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-06-23 06:44 . 2014-06-23 06:44 11776 ----a-w- c:\windows\system32\mshta.exe
    2014-06-23 06:44 . 2014-06-23 06:44 101888 ----a-w- c:\windows\system32\admparse.dll
    2014-06-23 06:43 . 2014-06-23 06:43 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2014-06-23 06:43 . 2014-06-23 06:43 801792 ----a-w- c:\windows\system32\FntCache.dll
    2014-06-23 06:43 . 2014-06-23 06:43 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2014-06-23 06:43 . 2014-06-23 06:43 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2014-06-23 06:43 . 2014-06-23 06:43 3181568 ----a-w- c:\windows\system32\mf.dll
    2014-06-23 06:43 . 2014-06-23 06:43 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2014-06-21 03:27 . 2014-06-21 03:27 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2014-06-16 11:13 . 2014-02-25 05:25 36664 ----a-w- c:\windows\system32\TURegOpt.exe
    2014-06-16 11:13 . 2014-06-24 02:49 25400 ----a-w- c:\windows\system32\authuitu.dll
    2014-06-16 11:13 . 2014-04-28 16:19 36152 ----a-w- c:\windows\system32\uxtuneup.dll
    2014-06-03 22:47 . 2014-02-25 02:39 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01MemopalBackedUp]
    @="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
    [HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
    2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02MemopalToBackup]
    @="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
    [HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
    2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03MemopalPartiallyBackedUp]
    @="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
    [HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
    2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04MemopalError]
    @="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
    [HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
    2013-12-20 10:59 1642496 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\German\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\German\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\German\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Avira Secure Backup"="c:\program files\Avira Secure Backup\Avira Secure Backup.exe" [2013-12-20 1727056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-14 750160]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
    "lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw;c:\windows\system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys [x]
    R2 Avira Secure Backup Crawler;Avira Secure Backup Crawler;c:\program files\Avira Secure Backup\Avira Secure BackupCrawler.exe [2013-12-20 2282064]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R4 APNMCP;Servicio de actualización Ask;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-02-13 166352]
    R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
    R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-21 243128]
    S2 AntiVirSchedulerService;Avira Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-07-14 430160]
    S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-07-14 1030224]
    S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-07-14 35848]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2014-06-16 1781048]
    S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2012-09-24 100504]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TrueSight
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-06-21 03:18 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22 05:36]
    .
    2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-02-24 03:02]
    .
    2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-02-24 03:02]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 200.75.51.132 200.75.51.133
    FF - ProfilePath - c:\users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\
    FF - user.js: extensions.nspdlsd.aflt - spd_ir_14_25_ff
    FF - user.js: extensions.nspdlsd.instlRef - 142905_a
    FF - user.js: extensions.nspdlsd.cr - 1909089721
    FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutDtDtAtDyCyB0DyByC0F0FyBtD0A0C0CtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtA0B0F0FtDyCyDtG0EtA0DtDtGtCtAzzyCtGtCtA0F0EtGyE0AyEtC0D0Ezz0BzzyE0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyC0AyByBtC0B0BtG0AtAzz0BtGyDtBtA0AtGyC0A0EzztGtAyD0D0E0A0FtCtC0CzzyDyE2Q
    FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
    FF - user.js: extensions.iminent.id - dc110acc000000000000003067d76ff7
    FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
    FF - user.js: extensions.iminent.instlDay - 16242
    FF - user.js: extensions.iminent.vrsn - 1.8.28.3
    FF - user.js: extensions.iminent.vrsni - 1.8.28.3
    FF - user.js: extensions.iminent.vrsnTs - 1.8.28.322:35
    FF - user.js: extensions.iminent.prtnrId - iminent
    FF - user.js: extensions.iminent.prdct - iminent
    FF - user.js: extensions.iminent.aflt - orgnl
    FF - user.js: extensions.iminent.smplGrp - none
    FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
    FF - user.js: extensions.iminent.instlRef -
    FF - user.js: extensions.iminent.dfltLng -
    FF - user.js: extensions.iminent.excTlbr - false
    FF - user.js: extensions.iminent.ffxUnstlRst - false
    FF - user.js: extensions.iminent.admin - false
    FF - user.js: extensions.iminent.autoRvrt - false
    FF - user.js: extensions.iminent.rvrt - false
    FF - user.js: extensions.iminent.newTab - false
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
    WebBrowser-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-07-25 19:49:16
    ComboFix-quarantined-files.txt 2014-07-26 00:49
    .
    Pre-Run: 15.587.217.408 bytes libres
    Post-Run: 15.961.923.584 bytes libres
    .
    - - End Of File - - 61D99F01C85640A56A3B7D47E0A4F284
    A36C5E4F47E84449FF07ED3517B43A31
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Ok mate, here are all the logs in order :)

    # AdwCleaner v3.216 - Reporte Creado 25/07/2014 en 20:26:03
    # Actualizado 17/07/2014 por Xplode
    # Sistema Operativo : Windows 7 Enterprise (32 bits)
    # Nombre de usuario : German - GERMÁN-PC
    # Ejecutado desde : C:\Users\German\Desktop\adwcleaner_3.216.exe
    # Opción : Limpiar

    ***** [ Servicios ] *****


    ***** [ Archivos / Carpetas ] *****

    Carpeta Borrar : C:\Program Files\trolatunt
    Carpeta Borrar : C:\Program Files\VNT
    Carpeta Borrar : C:\Users\German\AppData\Local\VNT
    Archivo Borrar : C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\user.js
    Archivo Borrar : C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

    ***** [ Accesos directos ] *****


    ***** [ Registro ] *****

    Clave Borrar : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    Clave Borrar : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    [#] Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASAPI32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASMANCS
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtual-clonedrive_RASAPI32
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtual-clonedrive_RASMANCS
    Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    Clave Borrar : HKCU\Software\Softonic
    Clave Borrar : HKCU\Software\UpdateStar
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
    Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v9.0.8112.16555


    -\\ Mozilla Firefox v27.0.1 (es-CL)

    [ Archivo : C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\prefs.js ]

    Linea borrada : user_pref("extensions.iminent.admin", false);
    Linea borrada : user_pref("extensions.iminent.aflt", "orgnl");
    Linea borrada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
    Linea borrada : user_pref("extensions.iminent.autoRvrt", "false");
    Linea borrada : user_pref("extensions.iminent.dfltLng", "");
    Linea borrada : user_pref("extensions.iminent.excTlbr", false);
    Linea borrada : user_pref("extensions.iminent.ffxUnstlRst", false);
    Linea borrada : user_pref("extensions.iminent.id", "dc110acc000000000000003067d76ff7");
    Linea borrada : user_pref("extensions.iminent.instlDay", "16242");
    Linea borrada : user_pref("extensions.iminent.instlRef", "");
    Linea borrada : user_pref("extensions.iminent.newTab", false);
    Linea borrada : user_pref("extensions.iminent.prdct", "iminent");
    Linea borrada : user_pref("extensions.iminent.prtnrId", "iminent");
    Linea borrada : user_pref("extensions.iminent.rvrt", "false");
    Linea borrada : user_pref("extensions.iminent.smplGrp", "none");
    Linea borrada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
    Linea borrada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
    Linea borrada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
    Linea borrada : user_pref("extensions.iminent.vrsnTs", "1.8.28.322:35:45");
    Linea borrada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
    Linea borrada : user_pref("iminent.LayoutId", "1");
    Linea borrada : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
    Linea borrada : user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"CO\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"140336171[...]
    Linea borrada : user_pref("iminent.enabledAds", "obsolete");
    Linea borrada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//I.iminentjs.info/imitin/javascript.js\",\"queryS[...]
    Linea borrada : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
    Linea borrada : user_pref("iminent.version", "8.25.2.1");
    Linea borrada : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.25.2.1\",\"InstallEventCTime\":1403321770561,\"InstallEvent\":\"True\"}");

    -\\ Google Chrome v

    [ Archivo : C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Borrar [Extension] : bakijjialdiiboeaknfpmflphhmljfkd

    *************************

    AdwCleaner[R0].txt - [11264 octets] - [25/07/2014 20:22:28]
    AdwCleaner[S0].txt - [10745 octets] - [25/07/2014 20:26:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10806 octets] ##########
     
  14. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Enterprise x86
    Ran by German on 25/07/2014 at 20:30:48,41
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\apn"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 25/07/2014 at 20:35:30,55
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  15. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    OTL logfile created on: 25/07/2014 08:38:13 p.m. - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\German\Desktop
    Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000240a | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy
    1,97 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 65,23% Memory free
    3,93 Gb Paging File | 3,03 Gb Available in Paging File | 76,98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 38,07 Gb Total Space | 14,67 Gb Free Space | 38,52% Space Free | Partition Type: NTFS
    Drive E: | 38,17 Gb Total Space | 27,10 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
    Drive F: | 931,50 Gb Total Space | 851,83 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
    Computer Name: GERMÁN-PC | User Name: German | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/07/25 20:21:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\German\Desktop\OTL.exe
    PRC - [2014/07/14 13:41:15 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2014/07/14 13:40:51 | 001,030,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
    PRC - [2014/07/14 13:40:50 | 000,426,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2014/07/14 13:40:44 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2014/07/14 13:40:44 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2014/06/16 06:13:52 | 001,952,568 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
    PRC - [2014/06/16 06:13:50 | 001,781,048 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
    PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/20 05:12:32 | 002,282,064 | ---- | M] () -- C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
    PRC - [2013/12/20 05:12:32 | 001,727,056 | ---- | M] () -- C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
    ========== Modules (No Company Name) ==========
    MOD - [2013/12/20 05:59:42 | 001,642,496 | ---- | M] () -- C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
    MOD - [2013/12/20 05:56:14 | 001,774,592 | ---- | M] () -- C:\Program Files\Avira Secure Backup\OnlineBackupFacade.dll
    MOD - [2013/12/20 05:12:32 | 001,727,056 | ---- | M] () -- C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
    MOD - [2013/10/02 11:40:02 | 000,957,952 | ---- | M] () -- C:\Program Files\Avira Secure Backup\NativeControls7.dll
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2007/09/21 10:00:00 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    ========== Services (SafeList) ==========
    SRV - [2014/07/22 00:36:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/07/14 13:41:15 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2014/07/14 13:40:51 | 001,030,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
    SRV - [2014/07/14 13:40:44 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2014/06/16 06:13:50 | 001,781,048 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2014/06/16 06:13:48 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/02/13 00:22:47 | 000,166,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
    SRV - [2014/02/12 19:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/12/20 05:12:32 | 002,282,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe -- (Avira Secure Backup Crawler)
    SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
    ========== Driver Services (SafeList) ==========
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\German\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys -- ({0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw)
    DRV - [2014/07/14 13:40:45 | 000,035,848 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avnetflt.sys -- (avnetflt)
    DRV - [2014/07/14 13:40:44 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2014/06/20 22:27:06 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2014/06/03 17:47:24 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
    DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/12/16 14:34:30 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2013/12/13 15:03:01 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2013/12/13 15:02:58 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2012/09/24 17:25:18 | 000,100,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-co
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 00 6F 39 A1 89 CF 01 [binary data]
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/results.php?f=4...GtAyD0D0E0A0FtCtC0CzzyDyE2Q&cr=1909089721&ir=
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{9966CE10-E16A-43B0-B77D-70AFA6D48816}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    ========== FireFox ==========
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7B02450914-cdd9-410f-b1da-db004e18c671%7D:0.97.25c
    FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: E:\Archivos de Programa\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    [2014/02/24 22:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Extensions
    [2014/07/22 23:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions
    [2014/07/21 21:04:10 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\abs@avira.com
    [2014/07/16 20:05:13 | 000,667,234 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
    [2014/05/27 20:42:02 | 000,773,486 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
    [2014/05/31 13:02:27 | 000,099,548 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
    [2014/07/22 23:20:12 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/07/16 20:01:30 | 000,293,614 | ---- | M] () (No name found) -- C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\eawdtxr0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    ========== Chrome ==========
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://google.com.co/
    CHR - plugin: Primer usuario (Enabled) = E:\Archivos de Programa\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Docs = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
    CHR - Extension: Google Drive = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Búsqueda de Google = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\42.5_0\
    CHR - Extension: Gmail = C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    O1 HOSTS File: ([2014/07/25 19:46:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-386476388-1774414843-2429878282-1000..\Run: [Avira Secure Backup] C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.75.51.132 200.75.51.133
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B296FAC3-2AE0-414B-B09F-4FBE0A662DF8}: DhcpNameServer = 200.75.51.132 200.75.51.133
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014/07/25 20:30:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/07/25 20:27:52 | 000,000,000 | ---D | C] -- C:\Users\German\AppData\Local\Adobe
    [2014/07/25 20:23:18 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
    [2014/07/25 20:22:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/07/25 20:20:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\German\Desktop\OTL.exe
    [2014/07/25 20:20:42 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\German\Desktop\JRT.exe
    [2014/07/25 19:49:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/07/25 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\German\AppData\Local\temp
    [2014/07/25 19:32:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/07/25 19:32:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/07/25 19:32:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/07/25 19:32:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/07/25 19:31:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/07/25 19:28:47 | 005,563,277 | R--- | C] (Swearware) -- C:\Users\German\Desktop\ComboFix.exe
    [2014/07/25 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/07/25 13:21:16 | 000,000,000 | ---D | C] -- C:\Users\German\Desktop\mbar
    [2014/07/24 20:38:57 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/07/24 20:37:30 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/07/24 20:37:30 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/07/24 20:37:30 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/07/24 20:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/07/24 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/07/24 20:36:32 | 000,000,000 | ---D | C] -- C:\Users\German\AppData\Local\Programs
    [2014/07/24 20:36:18 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/22 00:36:18 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/07/22 00:36:18 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/07/21 23:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
    [2014/07/19 22:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/07/19 22:14:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
    [2014/07/17 22:55:13 | 000,028,160 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SFMAN32.DLL
    [2014/07/17 22:54:26 | 000,000,000 | ---D | C] -- C:\games
    [2014/07/17 22:53:54 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
    [2014/07/17 20:36:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
    [2014/07/17 20:35:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
    [2014/07/17 20:35:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
    [2014/07/17 20:35:14 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
    [2014/07/17 01:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2014/07/17 01:35:35 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/07/17 01:35:35 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
    [2014/07/17 01:34:30 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2014/07/17 01:34:28 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
    [2014/07/17 01:34:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
    [2014/07/17 01:34:28 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
    [2014/07/17 01:34:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
    [2014/07/17 01:34:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
    [2014/07/17 01:34:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
    [2014/07/17 01:33:55 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2014/07/17 01:20:53 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2014/07/17 01:20:53 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2014/07/17 01:20:52 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2014/07/17 01:20:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2014/07/17 01:20:52 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2014/07/17 01:20:52 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2014/07/17 01:20:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2014/07/17 01:20:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2014/07/17 01:20:39 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2014/07/17 01:20:39 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2014/07/17 01:20:38 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2014/07/17 01:20:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2014/07/17 01:20:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2014/07/17 01:19:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
    [2014/07/17 01:17:31 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
    [2014/07/15 23:38:51 | 000,000,000 | ---D | C] -- C:\Users\German\Documents\SimCity Societies
    [2014/07/15 23:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SimCity Societies
    [2014/07/15 23:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
    [2014/07/15 23:26:26 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
    [2014/07/15 23:26:26 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
    [2014/07/15 23:26:25 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
    [2014/07/15 23:26:25 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
    [2014/07/15 23:26:25 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
    [2014/07/15 23:26:24 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
    [2014/07/15 23:26:23 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
    [2014/07/15 23:26:22 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
    [2014/07/15 23:26:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
    [2014/07/15 23:26:21 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
    [2014/07/15 23:26:21 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
    [2014/07/15 23:26:20 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
    [2014/07/15 23:26:20 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
    [2014/07/15 23:26:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
    [2014/07/15 23:26:19 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
    [2014/07/15 23:26:19 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
    [2014/07/15 23:26:18 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
    [2014/07/15 23:26:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
    [2014/07/15 23:26:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
    [2014/07/15 23:26:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
    [2014/07/15 23:26:07 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
    [2014/07/15 23:26:07 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
    [2014/07/15 23:26:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
    [2014/07/15 23:26:04 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
    [2014/06/26 01:33:53 | 000,000,000 | ---D | C] -- C:\Users\German\aTubeCatcher
    ========== Files - Modified Within 30 Days ==========
    [2014/07/25 20:35:30 | 000,020,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/07/25 20:35:30 | 000,020,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/07/25 20:27:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/07/25 20:21:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\German\Desktop\OTL.exe
    [2014/07/25 20:20:42 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\German\Desktop\JRT.exe
    [2014/07/25 20:20:27 | 001,354,223 | ---- | M] () -- C:\Users\German\Desktop\adwcleaner_3.216.exe
    [2014/07/25 19:50:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/07/25 19:46:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/07/25 19:31:17 | 005,563,277 | R--- | M] (Swearware) -- C:\Users\German\Desktop\ComboFix.exe
    [2014/07/25 19:28:24 | 005,222,014 | ---- | M] () -- C:\Users\German\Desktop\ComboFix.rar
    [2014/07/25 17:25:43 | 000,029,160 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
    [2014/07/25 15:49:13 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/07/25 15:00:37 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/07/24 21:52:44 | 000,688,126 | ---- | M] () -- C:\Users\German\Desktop\dds.rar
    [2014/07/24 20:37:41 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/07/24 20:28:05 | 017,292,849 | ---- | M] () -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.rar
    [2014/07/24 20:20:15 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/22 00:36:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/07/22 00:36:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/07/21 22:39:57 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/07/21 22:38:46 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/07/19 17:12:40 | 003,770,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/07/19 17:11:37 | 000,006,896 | ---- | M] () -- C:\bootsqm.dat
    [2014/07/17 02:04:02 | 000,718,032 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2014/07/17 02:04:02 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/07/17 02:04:02 | 000,142,228 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2014/07/17 02:04:02 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/07/14 13:40:45 | 000,035,848 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
    [2014/07/14 13:40:44 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
    [2014/06/30 20:38:29 | 000,402,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/06/30 20:35:17 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
    ========== Files Created - No Company Name ==========
    [2014/07/25 20:20:26 | 001,354,223 | ---- | C] () -- C:\Users\German\Desktop\adwcleaner_3.216.exe
    [2014/07/25 19:32:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/07/25 19:32:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/07/25 19:32:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/07/25 19:32:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/07/25 19:32:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/07/25 19:28:24 | 005,222,014 | ---- | C] () -- C:\Users\German\Desktop\ComboFix.rar
    [2014/07/24 21:52:43 | 000,688,126 | ---- | C] () -- C:\Users\German\Desktop\dds.rar
    [2014/07/24 20:37:41 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/07/24 20:27:33 | 017,292,849 | ---- | C] () -- C:\Users\German\Desktop\mbam-setup-2.0.2.1012.rar
    [2014/07/22 00:36:20 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/07/21 23:05:50 | 000,029,160 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
    [2014/07/19 17:12:11 | 003,770,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/07/19 17:11:37 | 000,006,896 | ---- | C] () -- C:\bootsqm.dat
    [2014/07/17 20:35:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2014/06/22 21:42:46 | 000,007,604 | ---- | C] () -- C:\Users\German\AppData\Local\Resmon.ResmonCfg
    [2014/06/16 21:35:03 | 000,000,047 | ---- | C] () -- C:\Users\German\AppData\Roaming\WB.CFG
    [2014/04/05 15:13:07 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
    [2014/04/05 15:13:07 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
    [2014/04/05 15:13:07 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
    [2014/04/05 15:13:07 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
    [2014/04/05 15:13:07 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
    [2014/04/05 15:13:07 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
    [2014/04/05 15:13:07 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
    [2014/04/05 15:13:07 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
    [2014/04/05 15:13:07 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
    [2014/04/05 15:13:07 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
    [2014/04/05 15:13:07 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
    [2014/04/05 15:13:07 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
    [2014/04/05 15:13:06 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
    [2014/04/05 15:13:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
    [2014/04/05 15:13:06 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
    [2014/04/05 15:13:06 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
    [2014/04/05 15:13:06 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
    [2014/04/05 14:34:50 | 000,000,076 | ---- | C] () -- C:\Windows\dellstat.ini
    [2014/04/05 14:34:47 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini
    [2014/02/23 22:23:06 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2014/02/23 22:23:03 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2014/02/23 22:23:03 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2014/02/23 22:23:02 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2014/02/23 22:23:01 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    ========== ZeroAccess Check ==========
    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
     
  16. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    TL Extras logfile created on: 25/07/2014 08:38:13 p.m. - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\German\Desktop
    Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000240a | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy
    1,97 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 65,23% Memory free
    3,93 Gb Paging File | 3,03 Gb Available in Paging File | 76,98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 38,07 Gb Total Space | 14,67 Gb Free Space | 38,52% Space Free | Partition Type: NTFS
    Drive E: | 38,17 Gb Total Space | 27,10 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
    Drive F: | 931,50 Gb Total Space | 851,83 Gb Free Space | 91,45% Space Free | Partition Type: NTFS
    Computer Name: GERMÁN-PC | User Name: German | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    [HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- E:\Archivos de Programa\firefox.exe (Mozilla Corporation)
    ========== Shell Spawning ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "E:\Archivos de Programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Bridge] -- E:\Archivos de Programa\Adobe Photoshop CS5\Adobe Photoshop CS5 Extended + Crack\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "E:\Archivos de Programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    ========== Security Center Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
    ========== System Restore Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
    ========== Firewall Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    ========== Vista Active Open Ports Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{016BCD82-537D-4A53-8BB6-B19D72DE9013}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{04077781-644F-4691-A9B2-B771747C3C97}" = rport=139 | protocol=6 | dir=out | app=system |
    "{048AEBDD-9A38-4F57-AD3D-16DE1295B1B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1B501C3B-A73B-43BA-AE91-0C565D5E9F11}" = lport=138 | protocol=17 | dir=in | app=system |
    "{216FDE9C-16C7-4C07-B03C-719EAB7BC1D8}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{2833C71E-59E0-459F-8C22-76C38DC97308}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4B12CBFB-12A8-4029-9931-1B7C4DD5EABC}" = rport=445 | protocol=6 | dir=out | app=system |
    "{4F203B99-2FE1-4DCE-9FAA-714A39556860}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6A0A3F1C-1393-4A27-A84D-FD246463B0DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{79DF6711-FEAF-44FF-B9B2-37B8803CB019}" = lport=445 | protocol=6 | dir=in | app=system |
    "{802D4B91-A716-4299-BD4D-BEC46190E8F0}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8D087F84-FAD6-4002-888D-714646732334}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{92DD8736-9C98-4807-8BA8-1191D0A76C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A274EFE9-8AB0-4D33-8A7E-9869182347F7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A2E6B998-8446-44B1-B47C-434B382015D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A710DAC0-2CE2-4C0E-AFF5-0AF4C1EA34C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{AA5C68CD-5E21-4503-B55F-E180A2FF72B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AC2C0B60-0DFC-4041-9737-F64282681E8E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{C226888C-F29F-47A7-9B5E-BBF3EF0E43E0}" = lport=139 | protocol=6 | dir=in | app=system |
    "{DA17D6C9-DBC1-404D-8337-B99B19ABEDA8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{DDFC22F4-6257-48BD-9A58-2AF730ACCFED}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E71F0970-1FB4-4E5A-89A3-833EDB5517B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    ========== Vista Active Application Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{037C2554-5AE8-4193-B774-11D69965214A}" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\dropbox\bin\dropbox.exe |
    "{18E6D4F1-4E83-4B87-A275-77353FEB33F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{21055B78-6FF4-443F-9F00-EF27D7D14C93}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
    "{2EF23987-376F-4205-9A65-EF1B4FC5B9AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2F2E47FA-F37C-4522-8A96-F93CE8642753}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{306F265B-B0DB-498B-B70A-D44A6542D280}" = protocol=58 | dir=in | app=system |
    "{32FAE8FD-D6B8-42D2-ACA7-85D6549A7685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{36E34160-C1B2-4D69-AA6D-74E9AB2BA410}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{427CEDC2-EE72-4587-A6F6-A45271DF56AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{481A23EF-0AF0-4C09-9958-8554F223140A}" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\utorrent\utorrent.exe |
    "{49C52784-C544-412C-AC87-6D9C50C84400}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{584562A6-D9D7-45BE-8388-5F3D834C829E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{588D61F4-D9D1-4208-B54C-88551DEF9BC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{60BFA02B-4E1B-423A-BED6-94A966AC1370}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6A49B090-B6CF-4CD2-8DFE-72D784D4FC7B}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
    "{6B4991A5-50F6-4E4D-B918-33EFD7A007D5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{7E3EF099-15E9-42B2-93E0-B55FC466FAD1}" = protocol=17 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
    "{9A3100A8-ABDA-4DAD-ABD8-6D62D2F0A2BE}" = protocol=17 | dir=in | app=f:\aoeiii\age3y.exe |
    "{9E79CED6-EAA7-4953-A540-C32DCCC0EABE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{A1D9E5CC-6260-4D3C-BB8B-5E65F201A592}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{A4500FA3-C97F-4304-BF15-ECE70603BBB8}" = protocol=6 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
    "{A49ECA4E-46EF-4491-8353-7F30DD95F2C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A5A626EA-27A6-4F65-BBAA-A1800A4B11A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{A7FC8C1A-4FB3-4BCE-A92C-1DBCD6FDFED8}" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\utorrent\utorrent.exe |
    "{AB1D2011-A5AF-46BB-9037-AA948ED12CE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AC78EE70-3531-4B4B-A944-A9EC683EA76C}" = protocol=6 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
    "{B48FB334-292B-4E9D-B44A-D3CB9CB83DF8}" = protocol=6 | dir=in | app=c:\users\german\downloads\utorrent.exe |
    "{B8244CF7-6416-4651-B755-C2FDB2BB5927}" = protocol=17 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
    "{C0315F58-E525-4ABC-8443-DD7146641AE3}" = protocol=6 | dir=in | app=f:\aoeiii\age3y.exe |
    "{C63C21A7-07E9-4DA7-8C85-AA6AD289DE33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D253AB5A-5057-4ECB-87A5-34AD5A2A9822}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E0284F5A-8CFD-4A89-AB73-75B3BB3C619A}" = protocol=6 | dir=out | app=system |
    "{E406461B-2267-49D5-AA20-87577582DE2C}" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\dropbox\bin\dropbox.exe |
    "{E72E4EA7-DB1B-49E3-AC69-630630944B13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E833EEC1-EF15-4A47-AB27-8993CAD65E4E}" = protocol=17 | dir=in | app=c:\users\german\downloads\utorrent.exe |
    "{EA4553D2-3F69-450A-92DC-4B8F03D85AC6}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
    "{FC3D84A1-2EE1-4D36-A7A4-0B9C908FA2E9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
    "{FDD47998-E426-47D6-A22D-5BBED0AED9F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FF24472E-20A6-49DA-9C4D-235907D886CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{02A2DBD9-CF7E-444D-8429-AD241B96C698}C:\games\claw\claw.exe" = protocol=6 | dir=in | app=c:\games\claw\claw.exe |
    "TCP Query User{901B3C9A-76C3-4782-ACB8-A91266FDEA64}F:\aoeii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
    "TCP Query User{9F79F3C4-A056-4DF7-9F1D-623ECB6A9983}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
    "TCP Query User{D2B89A6D-1365-4C6A-9D16-9EFC8BDDBA2E}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
    "TCP Query User{E9173C86-4D76-4D80-95DA-CE74EB594676}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
    "UDP Query User{00619D2B-F311-4A1A-A9DC-D1AB516C0D13}F:\aoeii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\aoeii\age2_x1\age2_x1.exe |
    "UDP Query User{72D379F8-C36B-4A14-8EBA-497640A83E1B}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
    "UDP Query User{8D58E391-3FB0-4960-AB97-D4B14535B69B}C:\games\claw\claw.exe" = protocol=17 | dir=in | app=c:\games\claw\claw.exe |
    "UDP Query User{DE952754-63BB-4FF0-A370-AEEA6F417C53}C:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\german\appdata\roaming\gameranger\gameranger\gameranger.exe |
    "UDP Query User{FC2507ED-2911-45D7-83B3-0E577E397A30}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{41564952-412D-5637-4300-A758B70C0A03}" = Avira SearchFree Toolbar
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6F86810F-BE5B-4FB1-BA5A-EFD8F65F5EE4}" = Adobe Photoshop Lightroom 5.3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{993908C2-50E1-4CCB-9846-D663D340896C}" = Age of Empires III
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
    "{B9F7B0C4-3AE0-41AF-B60F-ADACEAE856E3}" = TuneUp Utilities 2014 (es-ES)
    "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
    "{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.1
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
    "aTube Catcher" = aTube Catcher
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Avira Secure Backup" = Avira Secure Backup
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Claw" = Claw
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Google Chrome" = Google Chrome
    "InstallShield_{993908C2-50E1-4CCB-9846-D663D340896C}" = Age of Empires III
    "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
    "Lexmark 1200 Series" = Lexmark 1200 Series
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versión 2.0.2.1012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 27.0.1 (x86 es-CL)" = Mozilla Firefox 27.0.1 (x86 es-CL)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PokerStars" = PokerStars
    "TuneUp Utilities" = TuneUp Utilities 2014
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 2.1.3
    "WinRAR archiver" = Compresor WinRAR
    ========== HKEY_USERS Uninstall List ==========
    [HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "GameRanger" = GameRanger
    "Mozilla Firefox 30.0 (x86 es-CL)" = Mozilla Firefox 30.0 (x86 es-CL)
    "uTorrent" = µTorrent
    ========== Last 20 Event Log Errors ==========
    [ System Events ]
    Error - 25/07/2014 09:45:06 p.m. | Computer Name = Germán-PC | Source = DCOM | ID = 10010
    Description =
    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\German\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys -- ({0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw)
    IE - HKU\S-1-5-21-386476388-1774414843-2429878282-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/results.php?f=4...GtAyD0D0E0A0FtCtC0CzzyDyE2Q&cr=1909089721&ir=
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Here are the logs. I tried to run ESET online scanner on IE and mozilla but it was not possible. It just didn't run. On mozilla the webpage asked me to download a file so the scanner could be ran, but as the lat time I try to download, the download was 'successfull' until I tried to open de .exe, and showed me an error which concludes that the file I tried to open is not a win32 valid application. On IE seems that is because flash or java's outdated versions.

    ll processes killed
    ========== OTL ==========
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\Users\German\AppData\Local\Temp\catchme.sys not found.
    Service {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw stopped successfully!
    Service {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw deleted successfully!
    File system32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys not found.
    Registry key HKEY_USERS\S-1-5-21-386476388-1774414843-2429878282-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: German
    ->Temp folder emptied: 2188243 bytes
    ->Temporary Internet Files folder emptied: 5373452 bytes
    ->FireFox cache emptied: 18074751 bytes
    ->Google Chrome cache emptied: 14886856 bytes
    ->Flash cache emptied: 901 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 525132 bytes
    RecycleBin emptied: 0 bytes
    Total Files Cleaned = 39,00 mb
    [EMPTYJAVA]
    User: All Users
    User: Default
    User: Default User
    User: German
    User: Public
    Total Java Files Cleaned = 0,00 mb
    [EMPTYFLASH]
    User: All Users
    User: Default
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: German
    ->Flash cache emptied: 0 bytes
    User: Public
    Total Flash Files Cleaned = 0,00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 07252014_212020

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\TMP0000008DBF4E39D7FE623D1A not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  19. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Results of screen317's Security Check version 0.99.86
    Windows 7 x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Avira Desktop
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    TuneUp Utilities 2014
    TuneUp Utilities 2014 (es-ES)
    TuneUp Utilities 2014
    Adobe Flash Player 11.7.700.224 Flash Player out of Date!
    Adobe Reader XI
    Mozilla Firefox 27.0.1 Firefox out of Date!
    Google Chrome 34.0.1847.131
    Google Chrome 35.0.1916.153
    ````````Process Check: objlist.exe by Laurent````````
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````
     
  20. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Arbar Service Scanner Version: 21-07-2014
    Ran by German (administrator) on 25-07-2014 at 21:42:59
    Running from "C:\Users\German\Desktop"
    Microsoft Windows 7 Enterprise (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  21. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Your Windows installation is outdated...no Service Pack 1.
    Why?
     
  22. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    I don't know...
     
  23. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    Maybe is because is not a legal version...
     
  24. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    We may have a problem then.
    Your issue may be caused by not updated Windows.

    The only thing I can suggest is to reset browsers...

    [​IMG]
    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    You can use ANY browser to download "FixIt" file.
    Make sure you follow ALL steps listed there.

    [​IMG]
    Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

    If the above doesn't help...

    Uninstall Firefox completely using this manual: http://kb.mozillazine.org/Uninstalling_Firefox
    NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
    Install fresh copy.

    Your Firefox is outdated as well.
     
  25. GermánPC

    GermánPC TS Rookie Topic Starter Posts: 27

    There was a conflict between two versions of Mozilla. 27 and 30. I just uninstalled v27, and tried to reset IE but the FixIt tool doesn't works. Also, how can I delete all the programs used for the cleaning process?

    By the way, downloads still slow and with with errors.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.