please help suspect infection!

juan · February 18, 2014

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 07/04/2013 15:13:41

System Uptime: 17/02/2014 20:46:12 (3 hours ago)

.

Motherboard: Hewlett-Packard | | 309B

Processor: AMD Turion 64 Mobile Technology ML-32 | U23 | 1800/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 37 GiB total, 8,896 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador de minipuerto WiFi virtual de Microsoft

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&38348CA3&0&01

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter #7

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&38348CA3&0&01

Service: vwifimp

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Image File Execution Options =============

.

IFEO: excel.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: groove.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: infopath.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: msaccess.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: msoxmled.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: mspub.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: mstore.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: offdiag.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: ois.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: onenote.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: outlook.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: pmbbrowser.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: pmblauncher.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: pmbmapview.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: powerpnt.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

IFEO: winword.exe - "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

.

==== Installed Programs ======================

.

Adobe Reader 9.1

Argente - Registry Cleaner 3.1.0.1

avast! Free Antivirus

CCleaner

Conexant AC-Link Audio

Defraggler

Equalify v2.2.1 (Stable)

FormatFactory 3.2.0.1

Glary Utilities 4.1

GOM Player

Google Chrome

Google Update Helper

HP Quick Launch Buttons

HP Support Solutions Framework

Malwarebytes Anti-Malware versión 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

MSXML 4.0 SP3 Parser

Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN

PhotoScape

Revo Uninstaller 1.95

Spotify

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TuneUp Utilities 2014 (es-MX)

Unity Web Player

Virtual DJ - Atomix Productions

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476

Run by user at 23:11:26 on 2014-02-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.766.231 [GMT -6:00]

.

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\LogonUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uProxyServer = localhost:21320

uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [GUDelayStartup] c:\program files\glary utilities 4\StartupManager.exe -delayrun

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui

mRun: [20131121] c:\program files\alwil software\avast5\setup\emupdate\f216cba8-ca45-4fcc-b7c1-ae23a5854ba9.exe /check

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{48349739-7F5C-45FA-ADC0-298CFBE53BDF} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7F93421A-EEF9-4885-AC8B-5551C91E810B} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{7F93421A-EEF9-4885-AC8B-5551C91E810B}\9525542455 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{E9E4C4ED-69C0-4C47-A5EC-0726858F02A0} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{F37389C1-D19A-43E7-A674-6E6E9776675E} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

IFEO: excel.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"

IFEO: groove.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"

IFEO: infopath.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"

IFEO: msaccess.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"

IFEO: msoxmled.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"

.

Note: multiple IFEO entries found. Please refer to Attach.txt

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-11 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-11 180248]

R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2014-1-23 14528]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-2-2 18624]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-11 775952]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-4-11 410784]

R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-12-9 39624]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-11 67824]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2014-2-1 50344]

R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-2-17 31560]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-10-15 37064]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWATI;VSTHWATI;c:\windows\system32\drivers\VSTATI3.SYS [2009-7-13 236032]

S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-5 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-1-31 2151200]

S3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-18 64168]

S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [2013-10-23 38472]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-3 108032]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-12-6 52224]

S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2013-4-7 227896]

.

=============== Created Last 30 ================

.

2014-02-18 04:52:39 107224 ----a-w- c:\windows\system32\drivers\48230029.sys

2014-02-18 02:51:14 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-02-18 02:49:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-18 02:49:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-02-13 14:15:53 255488 ----a-w- c:\windows\system32\pev.exe

2014-02-11 15:58:49 -------- d-----w- c:\program files\CCleaner

2014-02-07 18:46:15 -------- d-----w- c:\program files\Panda Security

2014-02-06 18:06:22 221184 ------w- c:\program files\common files\installshield\iscript\IScript.dll

2014-02-06 18:06:21 221184 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2014-02-06 18:06:20 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2014-02-06 18:06:19 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2014-02-05 16:00:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-02-05 03:26:25 -------- d-----w- C:\b2146195e30394a1b88f9c

2014-02-04 21:51:58 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f9859fd0-517b-440f-be78-d8e67bfb8348}\mpengine.dll

2014-02-04 19:23:37 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll

2014-02-04 17:21:30 -------- d-----w- c:\windows\CheckSur

2014-02-04 02:14:07 -------- d-----w- c:\program files\CONEXANT

2014-02-03 22:49:05 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-02-03 22:49:05 235216 ----a-w- c:\program files\internet explorer\sqmapi.dll

2014-02-03 22:49:04 270848 ----a-w- c:\program files\internet explorer\ieproxy.dll

2014-02-03 22:49:04 251392 ----a-w- c:\program files\internet explorer\IEShims.dll

2014-02-03 22:49:03 7211008 ----a-w- c:\program files\internet explorer\F12Resources.dll

2014-02-03 22:49:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2014-02-03 22:49:01 1389056 ----a-w- c:\program files\internet explorer\MemoryAnalyzer.dll

2014-02-03 22:49:00 61952 ----a-w- c:\windows\system32\iesetup.dll

2014-02-03 22:40:47 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2014-02-03 22:40:40 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2014-02-03 22:25:54 1077760 ----a-w- c:\windows\system32\DWrite.dll

2014-02-03 22:25:52 808448 ----a-w- c:\windows\system32\FntCache.dll

2014-02-03 15:54:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2014-02-03 15:54:19 15224 ----a-w- c:\windows\system32\sdnclean.exe

2014-02-03 03:08:07 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll

2014-02-03 03:07:55 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2014-02-01 02:31:55 92464 ----a-w- c:\windows\system32\bcmwlcoi.dll

2014-02-01 02:31:53 3616768 ----a-w- c:\windows\system32\bcmihvui.dll

2014-02-01 02:31:52 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll

2014-02-01 02:31:52 -------- d-----w- C:\DrvInstall

2014-02-01 01:48:57 -------- d-----w- c:\programdata\ProductData

2014-02-01 01:48:21 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

2014-02-01 01:47:56 -------- d-----w- c:\programdata\IObit

2014-02-01 01:45:03 -------- d-----w- c:\program files\IObit

2014-02-01 01:44:22 -------- d-----w- c:\users\user\appdata\roaming\IObit

2014-01-30 21:10:07 -------- d-----w- c:\users\user\appdata\local\Apple Computer

2014-01-30 20:59:54 -------- d-----w- c:\users\user\appdata\local\Apple

2014-01-23 16:31:14 14528 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2014-01-23 15:24:57 22304 ----a-w- c:\windows\system32\RegBootDefrag.exe

2014-01-21 03:12:55 -------- d-----w- c:\users\user\appdata\local\Facebook

2014-01-20 17:07:02 -------- d-----w- c:\program files\Spotify

.

==================== Find3M ====================

.

2014-02-01 06:04:23 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-02-01 06:04:22 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-02-01 06:04:22 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-02-01 06:04:21 43152 ----a-w- c:\windows\avastSS.scr

2014-01-27 22:10:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-27 22:10:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-16 15:59:46 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-18 22:12:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-17 18:04:17 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-17 18:04:17 194048 ----a-w- c:\windows\system32\elshyph.dll

2013-12-17 18:04:13 645120 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-17 18:04:13 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-17 18:04:12 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-17 18:04:06 61952 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-17 17:59:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-12-17 17:59:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-12-17 17:59:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-12-17 17:59:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-12-17 17:59:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-12-17 17:59:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-12-17 17:59:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-12-17 17:59:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-12-17 17:59:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-12-17 17:53:50 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-12-07 00:21:32 152576 ----a-w- c:\windows\system32\msclmd.dll

2013-12-04 02:15:00 101664 ----a-w- c:\windows\system32\BootDefrag.exe

2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 23:13:13,75 ===============

Psychotic · February 18, 2014

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

juan · February 18, 2014

my language is Spanish I use google translator to use these services thanks for the help. GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-02-18 09:34:37

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHT2040AH_PL rev.006C 37,26GB

Running: c3g8xmdo.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys

---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8C031ACC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8C0325AA]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8C03E692]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8C03E6DE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8C03E878]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8C03E600]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x8C0E8426]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8C03E648]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8C032AE0]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8C032CFC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8C03E832]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8C033398]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8C031B32]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8C036BE4]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8C03171E]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8C0E8506]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8C031B98]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8C036FDA]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8C033EDE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8C03E6BC]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8C03E700]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8C03E89C]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8C03E626]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8C0364DE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8C03E7B0]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8C03E670]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8C0368C6]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8C03E856]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8C0E82AA]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8C033CF4]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8C033A02]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8C031BFE]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8C031C64]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8C0E8602]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8C0317B8]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8C03198A]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8C031918]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8C033562]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8C0336C4]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8C031A12]

SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8C0E8378]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8C0331F2]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8C031CCA]

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8C032606]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8304DA09 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830871F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 8308E220 4 Bytes [CC, 1A, 03, 8C]

.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8308E2A8 4 Bytes [AA, 25, 03, 8C]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8308E2FC 8 Bytes [92, E6, 03, 8C, DE, E6, 03, ...]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 8308E308 4 Bytes CALL ADBA6F10

.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 8308E324 4 Bytes [00, E6, 03, 8C]

.text ...

---- User code sections - GMER 2.1 ----

.text C:\Windows\Explorer.EXE[332] kernel32.dll!GetBinaryTypeW + 70 773869F4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[340] kernel32.dll!GetBinaryTypeW + 70 773869F4 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[348] kernel32.dll!GetBinaryTypeW + 70 773869F4 1 Byte [62]

.text C:\Windows\system32\wininit.exe[388] kernel32.dll!GetBinaryTypeW + 70 773869F4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[400] kernel32.dll!GetBinaryTypeW + 70 773869F4 1 Byte [62]

.text ...

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F93421A-EEF9-4885-AC8B-5551C91E810B}@LeaseObtainedTime 1392735763

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F93421A-EEF9-4885-AC8B-5551C91E810B}@T1 1392735823

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F93421A-EEF9-4885-AC8B-5551C91E810B}@T2 1392811363

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F93421A-EEF9-4885-AC8B-5551C91E810B}@LeaseTerminatesTime 1392822163

---- Files - GMER 2.1 ----

File C:\avast! sandbox 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Program Files 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Program Files\Alwil Software 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Program Files\Alwil Software\Avast5 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Program Files\Alwil Software\Avast5\sfzone 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Program Files\Google 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Program Files\Google\CrashReports 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Bloom Prefix Set 1159246 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Certificate Revocation Lists 264731 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 6 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\History Index 2013-10 53248 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Archived History 57344 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Archived History-journal 512 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 20103 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 55264 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 62486 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 35572 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 41848 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000006 42660 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 34725 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 58423 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 51744 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 101889 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000b 36757 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c 29152 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d 177677 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000e 100422 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000f 42584 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\f_000010 47276 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cache\index 262512 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cookies 9216 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Cookies-journal 7736 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Current Session 771 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Current Tabs 8 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Favicons-journal 14904 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\History 94208 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs 7168 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Origin Bound Certs-journal 3608 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Preferences 65319 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\README 186 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage\000005.sst 159 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage\000006.log 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage\CURRENT 16 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOCK 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG 259 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage\LOG.old 47 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Session Storage\MANIFEST-000004 167 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Web Data 77824 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Web Data-journal 4624 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 2343 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\History-journal 16384 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\3CBD.tmp 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\JumpListIcons\3CBE.tmp 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\94F1.tmp 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld\94F2.tmp 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Last Session 1080 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Last Tabs 8 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.avast.com_0.localstorage 7168 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Local Storage\http_www.avast.com_0.localstorage-journal 3608 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 16384 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 3608 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\First Run 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Local State 14187 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Bloom 6642556 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies 6144 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Cookies-journal 4640 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Csd Whitelist 135288 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Download 1555680 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Download Whitelist 19548 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\sfzone_profile\Safe Browsing Extension Blacklist 6848 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WHYAI88 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WHYAI88\desktop.ini 67 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBY8OMD 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBY8OMD\desktop.ini 67 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IID5224H 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IID5224H\desktop.ini 67 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOC4EWNE 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOC4EWNE\desktop.ini 67 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp\CRX_75DAF8CB7768 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set 264731 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json 34 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp\CRX_DF399A9B283A 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp\CRX_DF399A9B283A\ChromeRecovery.exe 571272 bytes executable

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp\CRX_DF399A9B283A\GoogleUpdateSetup.exe 774424 bytes executable

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Local\Temp\CRX_DF399A9B283A\manifest.json 221 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d8b393b9387fc13c.customDestinations-ms 6340 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Windows 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Windows\Prefetch 0 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Windows\Prefetch\CTFMON.EXE-9450846B.pf 16926 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Windows\Prefetch\GOOGLEUPDATE.EXE-FE771DDA.pf 43988 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-86BA6E22.pf 18862 bytes

File C:\avast! sandbox\S-1-5-21-2266009034-3112802113-2357346608-1000\sfzone\snx_fs.dat 21516 bytes

File C:\avast! sandbox\snx_rhive 262144 bytes

File C:\avast! sandbox\snx_rhive.LOG1 33792 bytes

File C:\avast! sandbox\snx_rhive.LOG2 0 bytes

File C:\avast! sandbox\snx_rhive{758c9901-3d95-11e3-aa07-000fb0bd3373}.TM.blf 65536 bytes

File C:\avast! sandbox\snx_rhive{758c9901-3d95-11e3-aa07-000fb0bd3373}.TMContainer00000000000000000001.regtrans-ms 524288 bytes

File C:\avast! sandbox\snx_rhive{758c9901-3d95-11e3-aa07-000fb0bd3373}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 2.1 ----

Psychotic · February 18, 2014

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

juan · February 18, 2014

ComboFix 14-02-16.01 - user 18/02/2014 10:56:06.1.1 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.766.271 [GMT -6:00]

Running from: c:\users\user\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\oem19.inf

c:\windows\wininit.ini

.

((((((((((((((((((((((((( Files Created from 2014-01-18 to 2014-02-18 )))))))))))))))))))))))))))))))

.

2014-02-18 17:26 . 2014-02-18 17:27 -------- d-----w- c:\users\user\AppData\Local\temp

2014-02-18 17:26 . 2014-02-18 17:26 -------- d-----w- c:\users\Invitado\AppData\Local\temp

2014-02-18 17:26 . 2014-02-18 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-18 04:52 . 2014-02-18 05:01 107224 ----a-w- c:\windows\system32\drivers\48230029.sys

2014-02-18 02:51 . 2014-02-18 02:51 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-02-18 02:49 . 2014-02-18 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-02-18 02:49 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-13 14:15 . 2011-01-16 22:55 255488 ----a-w- c:\windows\system32\pev.exe

2014-02-11 15:58 . 2014-02-11 15:59 -------- d-----w- c:\program files\CCleaner

2014-02-07 18:46 . 2014-02-07 18:46 -------- d-----w- c:\program files\Panda Security

2014-02-05 16:00 . 2014-02-18 04:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-02-05 03:26 . 2014-02-05 03:30 -------- d-----w- C:\b2146195e30394a1b88f9c

2014-02-04 21:51 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9859FD0-517B-440F-BE78-D8E67BFB8348}\mpengine.dll

2014-02-04 19:23 . 2014-02-04 19:23 -------- d-----w- c:\program files\Common Files\InstallShield

2014-02-04 17:21 . 2014-02-04 17:21 -------- d-----w- c:\windows\CheckSur

2014-02-04 02:14 . 2014-02-04 02:14 -------- d-----w- c:\program files\CONEXANT

2014-02-03 22:49 . 2013-11-27 00:20 235216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2014-02-03 22:49 . 2013-11-26 09:23 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-02-03 22:49 . 2013-11-26 06:41 251392 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2014-02-03 22:49 . 2013-11-26 06:22 270848 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2014-02-03 22:49 . 2013-11-26 09:11 7211008 ----a-w- c:\program files\Internet Explorer\F12Resources.dll

2014-02-03 22:49 . 2013-11-26 09:22 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2014-02-03 22:49 . 2013-11-26 08:26 1389056 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll

2014-02-03 22:49 . 2013-11-26 08:53 61952 ----a-w- c:\windows\system32\iesetup.dll

2014-02-03 22:40 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2014-02-03 22:40 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2014-02-03 22:25 . 2013-08-27 08:21 1077760 ----a-w- c:\windows\system32\DWrite.dll

2014-02-03 22:25 . 2013-08-27 08:21 808448 ----a-w- c:\windows\system32\FntCache.dll

2014-02-03 15:54 . 2014-02-03 19:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2014-02-03 15:54 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2014-02-03 03:08 . 2014-01-08 21:54 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll

2014-02-03 03:07 . 2013-12-24 16:40 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2014-02-03 00:59 . 2014-02-03 00:59 -------- d-----w- c:\users\Invitado\AppData\Roaming\IObit

2014-02-01 02:31 . 2014-02-01 02:31 92464 ----a-w- c:\windows\system32\bcmwlcoi.dll

2014-02-01 02:31 . 2014-02-01 02:31 3616768 ----a-w- c:\windows\system32\bcmihvui.dll

2014-02-01 02:31 . 2014-02-01 02:38 -------- d-----w- C:\DrvInstall

2014-02-01 02:31 . 2014-02-01 02:31 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll

2014-02-01 01:48 . 2014-02-01 01:48 -------- d-----w- c:\programdata\ProductData

2014-02-01 01:48 . 2014-02-01 01:48 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

2014-02-01 01:47 . 2014-02-01 02:46 -------- d-----w- c:\programdata\IObit

2014-02-01 01:45 . 2014-02-03 06:18 -------- d-----w- c:\program files\IObit

2014-02-01 01:44 . 2014-02-01 02:16 -------- d-----w- c:\users\user\AppData\Roaming\IObit

2014-01-30 21:10 . 2014-01-30 21:10 -------- d-----w- c:\users\user\AppData\Local\Apple Computer

2014-01-30 21:10 . 2014-02-01 01:49 -------- d-----w- c:\users\user\AppData\Roaming\Apple Computer

2014-01-30 21:08 . 2014-02-03 01:13 -------- dc----w- c:\windows\system32\DRVSTORE

2014-01-30 21:04 . 2014-01-30 21:04 -------- d-----w- c:\programdata\Apple Computer

2014-01-30 20:59 . 2014-01-30 20:59 -------- d-----w- c:\users\user\AppData\Local\Apple

2014-01-30 20:53 . 2014-02-03 01:25 -------- d-----w- c:\programdata\Apple

2014-01-23 16:31 . 2013-11-20 02:59 14528 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2014-01-23 15:24 . 2013-12-04 02:15 22304 ----a-w- c:\windows\system32\RegBootDefrag.exe

2014-01-21 03:12 . 2014-01-22 18:18 -------- d-----w- c:\users\user\AppData\Local\Facebook

2014-01-20 17:07 . 2014-01-20 17:21 -------- d-----w- c:\program files\Spotify

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-01 06:04 . 2013-12-18 22:12 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-02-01 06:04 . 2013-04-12 02:46 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-02-01 06:04 . 2013-04-12 02:32 410784 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-02-01 06:04 . 2013-04-12 02:32 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-02-01 06:04 . 2013-04-12 02:46 43152 ----a-w- c:\windows\avastSS.scr

2014-02-01 06:04 . 2013-04-12 02:32 270240 ----a-w- c:\windows\system32\aswBoot.exe

2014-01-27 22:10 . 2014-01-05 20:01 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-27 22:10 . 2014-01-05 20:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-16 15:59 . 2013-04-07 20:31 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-18 22:12 . 2013-04-12 02:46 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-17 18:04 . 2013-12-17 18:04 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-17 18:04 . 2013-12-17 18:04 194048 ----a-w- c:\windows\system32\elshyph.dll

2013-12-17 18:04 . 2013-12-17 18:04 645120 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-17 18:04 . 2013-12-17 18:04 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-17 18:04 . 2013-12-17 18:04 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-17 18:04 . 2013-12-17 18:04 61952 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-17 17:59 . 2013-12-17 17:59 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-12-17 17:59 . 2013-12-17 17:59 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-12-17 17:53 . 2013-12-17 17:53 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-12-07 00:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2013-12-04 02:15 . 2013-12-16 19:35 101664 ----a-w- c:\windows\system32\BootDefrag.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-02-01 06:04 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GUDelayStartup"="c:\program files\Glary Utilities 4\StartupManager.exe" [2013-12-04 37152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]

"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-02-01 3767096]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-12-07 280576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]

2013-12-04 02:14 37152 ----a-w- c:\program files\Glary Utilities 4\StartupManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

2014-01-13 17:40 6118400 ----a-w- c:\users\user\AppData\Roaming\Spotify\spotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2014-01-13 17:40 1171968 ----a-w- c:\users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [x]

R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-01 64168]

R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys [2013-10-24 38472]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-02-18 31560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-12 1343400]

R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys [2013-11-20 14528]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-01 775952]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-01 410784]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-11-13 39624]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-01 67824]

S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]

S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-10-16 37064]

S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 VSTHWATI;VSTHWATI;c:\windows\system32\DRIVERS\VSTATI3.SYS [2009-07-13 236032]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - KXLDAPOB

*Deregistered* - kxldapob

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-04 20:13 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-18 c:\windows\Tasks\GlaryInitialize 4.job

- c:\program files\Glary Utilities 4\Initialize.exe [2013-12-04 02:12]

.

2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-19 19:42]

.

2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-19 19:42]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

uInternet Settings,ProxyServer = localhost:21320

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-Wdf01000.sys

SafeBoot-IMFservice

MSConfigStartUp-iTunesHelper - c:\program files\itunes\ituneshelper.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-02-18 11:31:00

ComboFix-quarantined-files.txt 2014-02-18 17:30

.

Pre-Run: 9.527.320.576 bytes libres

Post-Run: 13.032.665.088 bytes libres

.

- - End Of File - - 4F31FDA2B57FEB5A48D0B7E570B5BED6

A36C5E4F47E84449FF07ED3517B43A31

Psychotic · February 19, 2014

IObit software products are installed on your system!

The company behind this product was found to be stealing our database. Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Full System Scan with Malwarebytes Antimalware

If not existing, please download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

Run Malwarebytes Antimalware
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Post that log back here.

CFScript.txt

juan · February 19, 2014

ComboFix 14-02-19.01 - user 19/02/2014 11:03:27.2.1 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.766.303 [GMT -6:00]

Running from: c:\users\user\Desktop\ComboFix.exe

Command switches used :: c:\users\user\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2014-01-19 to 2014-02-19 )))))))))))))))))))))))))))))))

.

2014-02-19 17:33 . 2014-02-19 17:33 -------- d-----w- c:\users\user\AppData\Local\temp

2014-02-19 17:33 . 2014-02-19 17:33 -------- d-----w- c:\users\Invitado\AppData\Local\temp

2014-02-19 17:33 . 2014-02-19 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp