HTML:Iframe-inf no solution!

[Guerola]

Dear friends. We have two laptops at home and both are infected with what Avast calls HTML:Iframe-inf. Many websites cannot be accessed by us as many of them simply remain blank or they show a "404 not found nginx" message or they appear with a weird configuration. We have used several softwares but when I believe the problem has solved it appears again! Can you help us, please?

Logs:

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2

Run by Andre at 16:03:39 on 2013-04-27

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2038.796 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Smart Battery\SMBTray.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Soda PDF 5\HelperService.exe

C:\Program Files\Soda PDF 5\ConversionService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Winamp\winamp.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll

BHO: Soda PDF 5 IE Helper: {C737F472-1193-4281-BF53-A00B67AB3E19} - c:\program files\soda pdf 5\PDFIEHelper.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Soda PDF 5 IE Toolbar: {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - c:\program files\soda pdf 5\PDFIEPlugin.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [sMBTray] c:\program files\smart battery\SMBTray.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [KTPWare] c:\program files\elantech\ktp.exe

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{29B83998-6CB7-4EF0-97B2-EB6F2EBFDD10} : DHCPNameServer = 189.4.64.82 189.4.64.87

TCP: Interfaces\{F2CBD31A-5CF2-4D2A-98CD-53666790D65D} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{F2CBD31A-5CF2-4D2A-98CD-53666790D65D}\241647164716 : DHCPNameServer = 189.4.64.87 192.168.0.1

TCP: Interfaces\{F2CBD31A-5CF2-4D2A-98CD-53666790D65D}\242757E616 : DHCPNameServer = 189.4.64.87 192.168.0.1

TCP: Interfaces\{F2CBD31A-5CF2-4D2A-98CD-53666790D65D}\4656661657C647 : DHCPNameServer = 189.4.64.82 192.168.0.1

TCP: Interfaces\{F2CBD31A-5CF2-4D2A-98CD-53666790D65D}\5505E45445 : DHCPNameServer = 189.4.64.87 189.4.64.82

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\andre\appdata\roaming\mozilla\firefox\profiles\gqmy9bgs.default-1347639183697\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://br.search.yahoo.com?type=668083&fr=spigot-yhp-ff

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin2.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin3.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin4.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin5.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin6.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\users\andre\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-04-02 07:27; ascsurfingprotection@iobit.com; c:\users\andre\appdata\roaming\mozilla\firefox\profiles\gqmy9bgs.default-1347639183697\extensions\ascsurfingprotection@iobit.com

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-25 49248]

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-3-14 9856]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-15 20624]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-4 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-4 368176]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-4-2 528192]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-4 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-4 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-25 45248]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]

R2 Soda PDF 5 Helper Service;Soda PDF 5 Helper Service;c:\program files\soda pdf 5\HelperService.exe [2012-11-21 1236824]

R2 Soda PDF 5 Service;Soda PDF 5 Service;c:\program files\soda pdf 5\ConversionService.exe [2012-11-21 873816]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-10-25 361000]

R3 NETwLv32; Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows Vista 32 bits;c:\windows\system32\drivers\NETwLv32.sys [2010-10-31 6639616]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-25 164736]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 netw5v32;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 32 Bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2012-1-3 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-4 1343400]

.

=============== File Associations ===============

.

FileExt: .reg: regfile="regedit.exe" "%1"

.

=============== Created Last 30 ================

.

2013-04-26 18:33:30 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8345b2fa-efb1-48b4-9c17-be772960f98b}\offreg.dll

2013-04-26 13:38:12 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8345b2fa-efb1-48b4-9c17-be772960f98b}\mpengine.dll

2013-04-25 23:13:58 -------- d-----w- c:\program files\common files\PC Tools

2013-04-25 23:08:57 -------- d-----w- c:\programdata\PC Tools

2013-04-25 23:08:56 -------- d-----w- c:\users\andre\appdata\roaming\TestApp

2013-04-25 18:57:17 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-25 18:08:16 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-25 17:50:35 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-04-25 17:50:34 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-04-24 22:05:51 -------- d-sh--w- C:\$RECYCLE.BIN

2013-04-24 20:13:31 -------- d-----w- c:\program files\ASIO4ALL v2

2013-04-24 20:12:47 225280 ----a-w- c:\windows\system32\rewire.dll

2013-04-24 20:12:19 1554944 ----a-w- c:\windows\system32\vorbis.acm

2013-04-24 20:11:50 -------- d-----w- c:\program files\VstPlugins

2013-04-24 20:11:48 -------- d-----w- c:\program files\Image-Line

2013-04-24 20:11:47 -------- d-----w- c:\program files\Outsim

2013-04-24 20:08:56 -------- d-----w- c:\program files\FL Studio 9

2013-04-24 20:07:21 -------- d-----w- c:\windows\system32\appmgmt

2013-04-24 13:55:50 1213288 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-16 18:44:57 -------- d-----w- c:\users\andre\appdata\local\temp

2013-04-16 18:31:00 98816 ----a-w- c:\windows\sed.exe

2013-04-16 18:31:00 256000 ----a-w- c:\windows\PEV.exe

2013-04-16 18:31:00 208896 ----a-w- c:\windows\MBR.exe

2013-04-11 18:40:59 2347008 ----a-w- c:\windows\system32\win32k.sys

2013-04-09 02:40:44 12800 ----a-w- c:\windows\system\WING32.DLL

2013-04-02 13:44:42 -------- d-----w- c:\program files\common files\Spigot

2013-04-02 13:27:41 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

2013-04-01 23:56:47 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-04-26 13:44:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-25 18:57:01 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-25 18:57:01 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 04:41:10 3972440 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-19 04:41:07 3916632 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 04:30:52 50688 ----a-w- c:\windows\system32\appidapi.dll

2013-03-19 03:09:41 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe

2013-03-19 03:09:41 50176 ----a-w- c:\windows\system32\drivers\appid.sys

2013-03-19 03:09:35 29696 ----a-w- c:\windows\system32\appidsvc.dll

2013-03-19 03:09:35 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe

2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe

2013-03-12 04:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-06 23:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-06 23:33:23 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr

2013-03-05 18:53:40 12800 ------w- c:\windows\system32\WING32.DLL

2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-15 04:16:06 3218432 ----a-w- c:\windows\system32\mstscax.dll

2013-02-15 04:13:53 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-02-15 03:20:13 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-02-15 03:20:00 1051136 ----a-w- c:\windows\system32\mstsc.exe

2013-02-15 03:19:52 223744 ----a-w- c:\windows\system32\wksprt.exe

2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

.

============= FINISH: 16:04:34,19 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 05/08/2012 00:35:56

System Uptime: 27/04/2013 11:04:04 (5 hours ago)

.

Motherboard: COMPAL | | IFL91

Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz | U2E1 | 990/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 45 GiB total, 19,654 GiB free.

D: is FIXED (NTFS) - 67 GiB total, 11,829 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP265: 25/04/2013 00:56:59 - Windows Update

RP267: 25/04/2013 15:56:11 - Installed Java 7 Update 21

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6) - Português

Adobe Shockwave Player 11.6

Advanced SystemCare 6

Advertising Center

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

µTorrent

avast! Free Antivirus

Bonjour

BS.Player FREE

CCleaner

D3DX10

DolbyFiles

Driver Genius Pro

EMSC

FL Studio 9

Foxit Reader 5.1

GeoGebra

Google Chrome

Google Earth Plug-in

Google Update Helper

Hardcore

IL Download Manager

ImagXpress

InCD Help

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

iTunes

Java 7 Update 21

Java Auto Updater

JavaFX 2.1.1

K-Lite Mega Codec Pack 8.4.0

KTP Ware PS/2-x86 5.0.3.13

Messenger Plus! 5

Microsoft Application Error Reporting

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Motorola SM56 Speakerphone Modem

Mozilla Firefox 15.0 (x86 pt-BR)

Mozilla Firefox 15.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

Nero Vision

Nero Vision Help

NeroExpress

neroxml

PhotoFiltre

PoiZone

Project64 1.6

QuickTime Alternative 3.2.2

Realtek High Definition Audio Driver

RICOH Media Driver

Roll

Sawer

Skype Click to Call

Skype™ 6.1

Smart Battery

Soda PDF 5

Suporte para Aplicativos Apple

swMSM

Torch

Toxic Biohazard

unnm=Version Checker for Dealply

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

USB Video Device

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.11 (32-bit)

XMedia Recode version 3.1.3.6

.

==== End Of File ===========================

Look forward to hearing from you! thank you! Best!

[Maurice Naggar]

Hello Guerola and welcome to MalwareBytes forum.

Please list for me all the "tools" you have used in your attempt to "fix" your problem. I need to know, with detail.

Now, as I work with you here, please do -not- do any fixes / changes/ additions / tweaks / nor run any tools on your own.

Also, did you buy IObit\Advanced SystemCare 6 ??

It is of dubious value. What we do know is that IObit is known to have stolen intellectual property of Malwarebytes.

I would urge you to uninstall Adavanced systemcare & anything else of Iobit.

Uninstall µTorrent

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Please make note:

As this has Avast antivirus, as we work on sets of tasks, I will be asking you to turn off the antivirus.

As you do that, when turning it off, turn it off all the way, and do -not- set any time limit of any sort. Just off all the way, if possible.

You appear to have run Combofix on April 16. I need for you to copy & paste the contents of C:\combofix.txt for review.

Then do the following tasks, doing as much of them as possible.

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

While in IE, press Shift+CTRL+Delete keys and delete temporary internet cache files.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 6

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 7

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of C:\AdwCleaner[R1].txt;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!