I had to run OTL, 3 times: the first one, it gave me a error message but then finish the "run fix" but because of the error I decided to run ir again. The second time it got stock, so after more than an hour of waiting, I decided to stop it and I couldn´t so I had to reset the computer. A log file came up when the computer restarted anywais. The third time worked perfectly.
Runing Malwarebytes scan, it found four PUP.Optional.OpenCandy, so I also past after the OTL log files, the log file Malwarebytes...
OTL(first log):
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User1
->Temp folder emptied: 146217981 bytes
->Temporary Internet Files folder emptied: 199906888 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 74330228 bytes
->Flash cache emptied: 841 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525152533 bytes
RecycleBin emptied: 65836 bytes
Total Files Cleaned = 902,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: User1
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: User1
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 11152013_063704
Files\Folders moved on Reboot...
C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
---------------------------------------
---------------------------------------
OTL(second):
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
---------------------------------------------
---------------------------------------------
OTL(3rd):
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User1
->Temp folder emptied: 942 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 9256588 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3515 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 9,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: User1
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: User1
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 11152013_133843
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
---------------------------------------------------
---------------------------------------------------
Malwarebytes:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.15.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
User1 :: USER1-PC [administrator]
Protection: Disabled
15/11/2013 15:46:13
MBAM-log-2013-11-15 (15-51-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197454
Time elapsed: 4 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\User1\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\User1\AppData\Roaming\OpenCandy\1682736DCBC7431E930859009168FF2C (PUP.Optional.OpenCandy) -> No action taken.
Files Detected: 2
C:\Users\User1\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\User1\AppData\Roaming\OpenCandy\1682736DCBC7431E930859009168FF2C\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> No action taken.
(end)