HELP! Can't install Malwarebytes

JoseB · June 14, 2014

Please help i want to install malware but i can't, i think is a rootkit virus but i cant do anything. Help!

Here is a log from Hijackthis.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:56:39 p.m., on 13/06/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: webget - {dc264a72-fa75-4948-b881-ea8eff8e5dd2} - C:\Program Files (x86)\webget\webgetbho.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Update webget - Unknown owner - C:\Program Files (x86)\webget\updatewebget.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Util webget - Unknown owner - C:\Program Files (x86)\webget\bin\utilwebget.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 24719 bytes

hijackthis.log

kevinf80 · June 14, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

Let me see those logs in your next reply...

Kevin...

JoseB · June 14, 2014

Hi kevin, thank you very much for the help.

When i try RogueKiller it says RogueKiller is not a valid win32 application, should i try in safe mode or download TDSSKiller.

Here is the FRST.txt Log and i have attached the Addition.txt log

Thanks agagin for the help.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02

Ran by User (administrator) on USER-PC on 14-06-2014 12:01:29

Running from C:\Users\User\Downloads

Platform: Windows 7 Ultimate (X64) OS Language: Spanish Modern Sort

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

() C:\Program Files (x86)\webget\updatewebget.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Program Files (x86)\webget\bin\utilwebget.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

() C:\Program Files (x86)\webget\bin\webget.PurBrowse64.exe

() C:\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\User\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-141022101-3564374924-2541518121-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-16] (Google Inc.)

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latam.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC21F040E985CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-py

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: webget - {dc264a72-fa75-4948-b881-ea8eff8e5dd2} - C:\Program Files (x86)\webget\webgetbho.dll (webget)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 200.26.180.2 190.2.207.147

FireFox:

========

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o5bkiw1c.default

FF NewTab: hxxp://www.google.com/firefox

FF SearchEngineOrder.1: Google

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.google.com/firefox

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o5bkiw1c.default\user.js

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\drae.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-es.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-es.xml

FF Extension: WebSite Recommendation - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o5bkiw1c.default\Extensions\WebSiteRecommendation@weliketheweb.com [2014-05-27]

FF Extension: webget - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o5bkiw1c.default\Extensions\{55685567-4840-4a91-962b-49a412e9485a}.xpi [2014-05-24]

FF Extension: webget - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o5bkiw1c.default\Extensions\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.xpi [2014-05-17]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-31]

Chrome:

=======

CHR DefaultSearchKeyword: google.com.py

CHR Extension: (Google Cast) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-11-28]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-27]

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-27] (AVAST Software)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-05] ()

R2 Update webget; C:\Program Files (x86)\webget\updatewebget.exe [317720 2014-06-13] ()

R2 Util webget; C:\Program Files (x86)\webget\bin\utilwebget.exe [317720 2014-06-13] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-27] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-27] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-27] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-27] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-27] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-27] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-27] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-27] ()

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [56320 2011-04-08] (Fresco Logic)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-06] (Anchorfree Inc.)

R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-26] (StdLib)

R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-14 12:01 - 2014-06-14 12:01 - 00015820 _____ () C:\Users\User\Downloads\FRST.txt

2014-06-14 12:00 - 2014-06-14 12:01 - 00000000 ____D () C:\FRST

2014-06-14 12:00 - 2014-06-14 12:00 - 02081792 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe

2014-06-13 23:56 - 2014-06-13 23:56 - 00024721 _____ () C:\Users\User\Desktop\hijackthis.log

2014-06-13 23:54 - 2014-06-13 23:54 - 00002971 _____ () C:\Users\User\Desktop\HiJackThis.lnk

2014-06-13 23:54 - 2014-06-13 23:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-06-13 23:54 - 2014-06-13 23:54 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-06-13 23:53 - 2014-06-13 23:53 - 01402880 _____ () C:\Users\User\Desktop\HiJackThis.msi

2014-06-13 23:52 - 2014-06-13 23:52 - 00357728 _____ (Softonic) C:\Users\User\Downloads\SoftonicDownloader_para_trend-micro-hijackthis.exe

2014-06-13 06:55 - 2014-06-13 06:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ahead

2014-06-11 20:18 - 2014-06-11 20:18 - 01071692 _____ () C:\Users\User\Downloads\FRST.exe

2014-06-11 20:18 - 2014-06-11 20:18 - 01071692 _____ () C:\Users\User\Desktop\FRST.exe

2014-06-11 20:17 - 2014-06-11 20:17 - 02080332 _____ () C:\Users\User\Downloads\FRST64.exe

2014-06-11 19:58 - 2014-06-11 20:09 - 29157488 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.13.exe

2014-06-11 19:54 - 2014-06-11 19:54 - 00465298 _____ () C:\Users\User\Downloads\RootRepeal (2).rar

2014-06-11 19:49 - 2014-06-11 19:49 - 00465298 _____ () C:\Users\User\Downloads\RootRepeal (1).rar

2014-06-11 19:47 - 2014-06-11 19:47 - 00465298 _____ () C:\Users\User\Downloads\RootRepeal.rar

2014-06-11 19:40 - 2014-06-11 19:41 - 01243655 _____ () C:\Users\User\Downloads\ProcessExplorer.zip

2014-06-11 19:08 - 2014-06-11 19:12 - 00011629 _____ () C:\Users\User\Downloads\ads

2014-06-11 14:16 - 2014-06-11 14:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast

2014-06-11 14:15 - 2014-06-11 14:15 - 00918672 _____ (Google Inc.) C:\Users\User\Downloads\chromecastinstaller.exe

2014-06-07 00:11 - 2014-06-07 00:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-07 00:09 - 2014-06-07 00:10 - 04872677 _____ () C:\Users\User\Downloads\mbam-chameleon-3.1.4.0.zip

2014-06-07 00:09 - 2014-06-07 00:10 - 00000000 ____D () C:\Users\User\Desktop\Nueva carpeta

2014-06-07 00:07 - 2014-06-07 00:08 - 00003500 _____ () C:\Users\User\Desktop\Rkill.txt

2014-06-07 00:07 - 2014-06-07 00:07 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.com

2014-06-06 23:58 - 2014-06-06 23:58 - 01014801 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe

2014-06-06 23:53 - 2014-06-06 23:57 - 03928320 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2-0-2-1012.exe

2014-06-06 20:40 - 2014-06-06 20:40 - 00357744 _____ (Softonic) C:\Users\User\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe

2014-06-06 20:39 - 2014-06-06 20:39 - 17278160 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (3).exe

2014-06-06 20:38 - 2014-06-06 20:39 - 17284000 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-06-06 20:35 - 2014-06-06 20:36 - 17288380 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-06-06 20:34 - 2014-06-06 20:35 - 17282540 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\firefoxx.bat

2014-06-01 18:04 - 2014-06-01 18:04 - 01559754 _____ () C:\Users\User\Downloads\WDTheme1 (1).zip

2014-06-01 18:04 - 2014-06-01 18:04 - 01553914 _____ () C:\Users\User\Downloads\WDTheme1.zip

2014-05-28 00:17 - 2014-06-13 23:42 - 00004984 _____ () C:\Windows\setupact.log

2014-05-28 00:17 - 2014-05-28 00:17 - 00066488 _____ () C:\Windows\PFRO.log

2014-05-28 00:17 - 2014-05-28 00:17 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-27 18:50 - 2014-05-27 18:51 - 00095356 _____ () C:\Users\User\Documents\cc_20140527_185026.reg

2014-05-27 18:48 - 2014-05-27 18:52 - 00000099 _____ () C:\Users\User\Desktop\Boost Game.bat

2014-05-27 18:39 - 2014-06-01 18:07 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-05-27 18:39 - 2014-05-27 18:39 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-05-27 18:39 - 2014-05-27 18:39 - 00000000 ____D () C:\Program Files\CCleaner

2014-05-27 18:38 - 2014-05-27 18:38 - 04748896 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup414.exe

2014-05-27 18:36 - 2014-05-27 18:37 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-05-27 18:36 - 2014-05-27 18:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-05-27 18:36 - 2014-05-27 18:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-05-27 08:28 - 2014-05-27 08:55 - 00000000 ____D () C:\Users\User\AppData\Local\Ubisoft Game Launcher

2014-05-27 08:28 - 2014-05-27 08:28 - 00001201 _____ () C:\Users\User\Desktop\Uplay.lnk

2014-05-27 07:58 - 2014-05-27 08:00 - 09832104 _____ () C:\Users\User\Downloads\HSS-3.40-install-hss-561-conduit.exe

2014-05-27 06:53 - 2014-05-19 19:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-05-27 06:52 - 2014-05-14 19:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin

2014-05-27 06:47 - 2014-05-19 22:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-05-27 06:47 - 2014-05-19 22:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-05-27 06:47 - 2014-05-19 22:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-05-27 05:39 - 2014-03-31 12:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-05-27 05:39 - 2014-03-31 12:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-05-27 03:09 - 2014-05-26 20:57 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys

2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\User\Desktop\Juegos Ganados

2014-05-26 21:51 - 2014-05-26 21:52 - 00013824 ___SH () C:\Users\User\Thumbs.db

2014-05-26 18:12 - 2014-05-26 18:12 - 00000222 _____ () C:\Users\User\Desktop\Watch_Dogs.url

2014-05-18 02:07 - 2014-05-16 18:34 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys

2014-05-18 00:37 - 2014-06-13 23:42 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi

2014-05-18 00:37 - 2014-05-18 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-18 00:37 - 2014-05-18 00:37 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-18 00:36 - 2014-05-20 00:22 - 00000000 ____D () C:\Program Files (x86)\webget

2014-05-18 00:36 - 2014-05-18 00:37 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2014-05-18 00:35 - 2014-05-18 00:35 - 04296704 _____ () C:\Users\User\Downloads\hamachi-2-1-0-374-es-en-br-fr-de-it-cn-jp-ru-nl-pl-fi-kr-no-tr-win.msi

2014-05-17 23:05 - 2014-05-17 23:07 - 32269248 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_LA2_Installer_06_25_13 (2).exe

==================== One Month Modified Files and Folders =======

2014-06-14 12:01 - 2014-06-14 12:01 - 00015820 _____ () C:\Users\User\Downloads\FRST.txt

2014-06-14 12:01 - 2014-06-14 12:00 - 00000000 ____D () C:\FRST

2014-06-14 12:01 - 2013-10-30 16:09 - 00000000 ____D () C:\Users\User\AppData\Local\Temp

2014-06-14 12:00 - 2014-06-14 12:00 - 02081792 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe

2014-06-14 11:58 - 2012-05-12 19:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent

2014-06-14 11:40 - 2014-02-10 19:46 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-14 11:33 - 2013-11-16 15:06 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-141022101-3564374924-2541518121-1000UA.job

2014-06-14 11:15 - 2013-10-31 13:48 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-14 03:33 - 2013-11-16 15:06 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-141022101-3564374924-2541518121-1000Core.job

2014-06-13 23:56 - 2014-06-13 23:56 - 00024721 _____ () C:\Users\User\Desktop\hijackthis.log

2014-06-13 23:54 - 2014-06-13 23:54 - 00002971 _____ () C:\Users\User\Desktop\HiJackThis.lnk

2014-06-13 23:54 - 2014-06-13 23:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-06-13 23:54 - 2014-06-13 23:54 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-06-13 23:53 - 2014-06-13 23:53 - 01402880 _____ () C:\Users\User\Desktop\HiJackThis.msi

2014-06-13 23:52 - 2014-06-13 23:52 - 00357728 _____ (Softonic) C:\Users\User\Downloads\SoftonicDownloader_para_trend-micro-hijackthis.exe

2014-06-13 23:43 - 2012-10-01 12:20 - 00000000 ___RD () C:\Users\User\Dropbox

2014-06-13 23:43 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini

2014-06-13 23:42 - 2014-05-28 00:17 - 00004984 _____ () C:\Windows\setupact.log

2014-06-13 23:42 - 2014-05-18 00:37 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi

2014-06-13 23:42 - 2014-05-02 18:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\DropboxMaster

2014-06-13 23:42 - 2013-11-12 18:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-13 23:42 - 2013-10-31 14:11 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll

2014-06-13 23:42 - 2013-10-31 13:48 - 00001028 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-13 23:42 - 2013-10-30 15:54 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe

2014-06-13 23:42 - 2012-10-01 12:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox

2014-06-13 23:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-13 23:41 - 2013-10-30 17:14 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-13 06:55 - 2014-06-13 06:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ahead

2014-06-13 04:17 - 2009-07-14 05:31 - 00745698 _____ () C:\Windows\system32\perfh00A.dat

2014-06-13 04:17 - 2009-07-14 05:31 - 00158166 _____ () C:\Windows\system32\perfc00A.dat

2014-06-13 04:17 - 2009-07-14 01:13 - 01671442 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-12 17:08 - 2013-10-30 16:58 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-11 23:17 - 2013-11-02 20:21 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-06-11 20:18 - 2014-06-11 20:18 - 01071692 _____ () C:\Users\User\Downloads\FRST.exe

2014-06-11 20:18 - 2014-06-11 20:18 - 01071692 _____ () C:\Users\User\Desktop\FRST.exe

2014-06-11 20:17 - 2014-06-11 20:17 - 02080332 _____ () C:\Users\User\Downloads\FRST64.exe

2014-06-11 20:09 - 2014-06-11 19:58 - 29157488 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.13.exe

2014-06-11 19:54 - 2014-06-11 19:54 - 00465298 _____ () C:\Users\User\Downloads\RootRepeal (2).rar

2014-06-11 19:49 - 2014-06-11 19:49 - 00465298 _____ () C:\Users\User\Downloads\RootRepeal (1).rar

2014-06-11 19:47 - 2014-06-11 19:47 - 00465298 _____ () C:\Users\User\Downloads\RootRepeal.rar

2014-06-11 19:41 - 2014-06-11 19:40 - 01243655 _____ () C:\Users\User\Downloads\ProcessExplorer.zip

2014-06-11 19:12 - 2014-06-11 19:08 - 00011629 _____ () C:\Users\User\Downloads\ads

2014-06-11 14:16 - 2014-06-11 14:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast

2014-06-11 14:16 - 2014-03-18 06:27 - 00001202 _____ () C:\Users\User\Desktop\Chromecast.lnk

2014-06-11 14:16 - 2012-04-11 13:46 - 00000000 ____D () C:\Users\User\AppData\Local\Google

2014-06-11 14:15 - 2014-06-11 14:15 - 00918672 _____ (Google Inc.) C:\Users\User\Downloads\chromecastinstaller.exe

2014-06-07 22:15 - 2013-11-02 21:25 - 00000000 ____D () C:\Users\User\Desktop\Descargas µTorrent

2014-06-07 05:29 - 2009-07-14 00:45 - 00009776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-07 05:29 - 2009-07-14 00:45 - 00009776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-07 00:15 - 2014-06-07 00:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-07 00:10 - 2014-06-07 00:09 - 04872677 _____ () C:\Users\User\Downloads\mbam-chameleon-3.1.4.0.zip

2014-06-07 00:10 - 2014-06-07 00:09 - 00000000 ____D () C:\Users\User\Desktop\Nueva carpeta

2014-06-07 00:08 - 2014-06-07 00:07 - 00003500 _____ () C:\Users\User\Desktop\Rkill.txt

2014-06-07 00:07 - 2014-06-07 00:07 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.com

2014-06-06 23:58 - 2014-06-06 23:58 - 01014801 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe

2014-06-06 23:57 - 2014-06-06 23:53 - 03928320 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2-0-2-1012.exe

2014-06-06 20:40 - 2014-06-06 20:40 - 00357744 _____ (Softonic) C:\Users\User\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe

2014-06-06 20:39 - 2014-06-06 20:39 - 17278160 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (3).exe

2014-06-06 20:39 - 2014-06-06 20:38 - 17284000 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-06-06 20:36 - 2014-06-06 20:35 - 17288380 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-06-06 20:35 - 2014-06-06 20:34 - 17282540 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\firefoxx.bat

2014-06-06 18:05 - 2013-10-30 16:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype

2014-06-01 18:07 - 2014-05-27 18:39 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-06-01 18:04 - 2014-06-01 18:04 - 01559754 _____ () C:\Users\User\Downloads\WDTheme1 (1).zip

2014-06-01 18:04 - 2014-06-01 18:04 - 01553914 _____ () C:\Users\User\Downloads\WDTheme1.zip

2014-05-30 17:35 - 2014-01-07 18:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft

2014-05-28 00:17 - 2014-05-28 00:17 - 00066488 _____ () C:\Windows\PFRO.log

2014-05-28 00:17 - 2014-05-28 00:17 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-27 23:10 - 2013-12-11 00:43 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-05-27 18:52 - 2014-05-27 18:48 - 00000099 _____ () C:\Users\User\Desktop\Boost Game.bat

2014-05-27 18:51 - 2014-05-27 18:50 - 00095356 _____ () C:\Users\User\Documents\cc_20140527_185026.reg

2014-05-27 18:41 - 2013-10-30 09:54 - 00000000 ____D () C:\Windows\Panther

2014-05-27 18:41 - 2012-12-10 01:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite

2014-05-27 18:40 - 2014-01-21 10:15 - 00000000 ____D () C:\Windows\Minidump

2014-05-27 18:40 - 2012-04-12 09:16 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps

2014-05-27 18:39 - 2014-05-27 18:39 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-05-27 18:39 - 2014-05-27 18:39 - 00000000 ____D () C:\Program Files\CCleaner

2014-05-27 18:38 - 2014-05-27 18:38 - 04748896 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup414.exe

2014-05-27 18:37 - 2014-05-27 18:36 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-05-27 18:37 - 2013-10-31 10:46 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-05-27 18:37 - 2013-10-31 10:46 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-05-27 18:36 - 2014-05-27 18:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-05-27 18:36 - 2014-05-27 18:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-05-27 18:36 - 2013-10-31 10:46 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-05-27 18:36 - 2013-10-31 10:46 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-05-27 18:36 - 2013-10-31 10:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-05-27 18:36 - 2013-10-31 10:46 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-05-27 18:36 - 2013-10-31 10:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-05-27 08:55 - 2014-05-27 08:28 - 00000000 ____D () C:\Users\User\AppData\Local\Ubisoft Game Launcher

2014-05-27 08:43 - 2012-04-12 09:42 - 00000000 ____D () C:\Users\User\Documents\My Games

2014-05-27 08:28 - 2014-05-27 08:28 - 00001201 _____ () C:\Users\User\Desktop\Uplay.lnk

2014-05-27 08:00 - 2014-05-27 07:58 - 09832104 _____ () C:\Users\User\Downloads\HSS-3.40-install-hss-561-conduit.exe

2014-05-27 06:53 - 2013-11-27 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-05-27 06:53 - 2013-11-27 20:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-05-26 22:13 - 2013-11-28 18:52 - 00000000 ____D () C:\Program Files\MotioninJoy

2014-05-26 22:09 - 2013-11-28 14:23 - 00000000 ____D () C:\ProgramData\Ubisoft

2014-05-26 22:07 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-05-26 22:05 - 2013-10-31 10:33 - 00000000 ____D () C:\Users\User\Desktop\Disco D

2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\User\Desktop\Juegos Ganados

2014-05-26 21:54 - 2013-06-05 13:57 - 00000000 ___RD () C:\Users\User\Desktop\Cosas SketchUp

2014-05-26 21:54 - 2012-04-11 22:53 - 00000000 ___RD () C:\Users\User\Desktop\Universidad

2014-05-26 21:52 - 2014-05-26 21:51 - 00013824 ___SH () C:\Users\User\Thumbs.db

2014-05-26 21:52 - 2013-07-02 16:15 - 00000000 ___RD () C:\Users\User\Desktop\Descargas Google

2014-05-26 21:51 - 2013-06-05 13:58 - 00000000 ___RD () C:\Users\User\Desktop\Imagenes

2014-05-26 20:57 - 2014-05-27 03:09 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys

2014-05-26 18:12 - 2014-05-26 18:12 - 00000222 _____ () C:\Users\User\Desktop\Watch_Dogs.url

2014-05-24 10:44 - 2013-10-30 16:09 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-24 10:44 - 2012-10-01 12:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-05-20 00:22 - 2014-05-18 00:36 - 00000000 ____D () C:\Program Files (x86)\webget

2014-05-19 22:44 - 2014-05-27 06:47 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-05-19 22:44 - 2014-05-27 06:47 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-05-19 22:44 - 2014-05-27 06:47 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-05-19 22:44 - 2014-01-15 00:45 - 00026069 _____ () C:\Windows\system32\nvinfo.pb

2014-05-19 22:44 - 2013-11-27 20:18 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2014-05-19 22:44 - 2013-11-27 20:18 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2014-05-19 22:44 - 2013-10-21 19:08 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-05-19 22:44 - 2013-10-21 19:08 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-05-19 22:44 - 2013-10-21 19:08 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2014-05-19 22:44 - 2013-10-21 19:08 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2014-05-19 21:25 - 2013-10-30 16:55 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2014-05-19 21:25 - 2013-10-30 16:55 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2014-05-19 21:25 - 2013-10-30 16:55 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2014-05-19 21:25 - 2013-10-30 16:55 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2014-05-19 21:25 - 2013-10-30 16:55 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2014-05-19 21:25 - 2013-10-30 16:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2014-05-19 19:10 - 2014-05-27 06:53 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-05-18 00:37 - 2014-05-18 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-18 00:37 - 2014-05-18 00:37 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-18 00:37 - 2014-05-18 00:36 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2014-05-18 00:35 - 2014-05-18 00:35 - 04296704 _____ () C:\Users\User\Downloads\hamachi-2-1-0-374-es-en-br-fr-de-it-cn-jp-ru-nl-pl-fi-kr-no-tr-win.msi

2014-05-17 23:07 - 2014-05-17 23:05 - 32269248 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_LA2_Installer_06_25_13 (2).exe

2014-05-16 18:34 - 2014-05-18 02:07 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljnaaj.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 06:04

==================== End Of Log ============================

Addition.txt

kevinf80 · June 14, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Let me see those logs..

Kevin

fixlist.txt

JoseB · June 14, 2014

Hi Kevin, thanks again.

The program did not ask me to restart my computer. Here is the Malwarebytes log and the Fixlog.txt

Malwarebytes Anti-Malware

www.malwarebytes.org

Protection, 14/06/2014 06:54:28 p.m., SYSTEM, USER-PC, Protection, Malware Protection, Starting,

Protection, 14/06/2014 06:54:28 p.m., SYSTEM, USER-PC, Protection, Malware Protection, Started,

Protection, 14/06/2014 06:54:28 p.m., SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,

Protection, 14/06/2014 06:54:29 p.m., SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,

Update, 14/06/2014 06:55:24 p.m., SYSTEM, USER-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1,

Update, 14/06/2014 06:55:36 p.m., SYSTEM, USER-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.14.6,

Protection, 14/06/2014 06:55:38 p.m., SYSTEM, USER-PC, Protection, Refresh, Starting,

Protection, 14/06/2014 06:55:38 p.m., SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping,

Protection, 14/06/2014 06:55:38 p.m., SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped,

Protection, 14/06/2014 06:55:41 p.m., SYSTEM, USER-PC, Protection, Refresh, Success,

Protection, 14/06/2014 06:55:41 p.m., SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,

Protection, 14/06/2014 06:55:42 p.m., SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,

Detection, 14/06/2014 06:56:57 p.m., SYSTEM, USER-PC, Protection, Malware Protection, File, PUP.Optional.Sanbreel.A, C:\Program Files (x86)\webget\bin\plugins\webget.BrowserAdapterS.dll, Quarantine, [74ea8bed9be0999d7ddd533506fb5da3]

(end)

and the Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02

Ran by User at 2014-06-14 18:52:13 Run:1

Running from C:\Users\User\Downloads

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

C:\Program Files (x86)\webget\updatewebget.exe

C:\Program Files (x86)\webget\bin\utilwebget.exe

C:\Program Files (x86)\webget\bin\webget.PurBrowse64.exe

C:\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe

C:\Program Files (x86)\webget

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-26] (StdLib)

C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys

R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib)

C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys

C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljnaaj.dll

webget (HKLM\...\webget) (Version: 2014.05.18.021520 - webget) <==== ATTENTION

End

*****************

C:\Program Files (x86)\webget\updatewebget.exe => Moved successfully.

C:\Program Files (x86)\webget\bin\utilwebget.exe => Moved successfully.

C:\Program Files (x86)\webget\bin\webget.PurBrowse64.exe => Moved successfully.

C:\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe => Moved successfully.

C:\Program Files (x86)\webget => Moved successfully.

'HKCU\SOFTWARE\Policies\Google' => Key deleted successfully.

{55685567-4840-4a91-962b-49a412e9485a}Gw64 => Service stopped successfully.

{55685567-4840-4a91-962b-49a412e9485a}Gw64 => Service deleted successfully.

C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys => Moved successfully.

{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => Service stopped successfully.

{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => Service deleted successfully.

C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys => Moved successfully.

"C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljnaaj.dll" => File/Directory not found.

==== End of Fixlog ====

kevinf80 · June 14, 2014

That is not the correct log from Malwarebytes, lets run another scan...

Open Malwarebytes 2.0, run a Threat Scan

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Post that log, let me know if any remaining issues or concerns....

Kevin

JoseB · June 15, 2014

Here is the correct log, my only concern is that it says: Rootkits: Disabled, besides that, it seems that everything is in order and working. Thank you very much Kevin. You're a savior.

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 14/06/2014

Scan Time: 11:24:00 p.m.

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.06.15.01

Rootkit Database: v2014.06.02.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7

CPU: x64

File System: NTFS

User: User

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 273145

Time Elapsed: 7 min, 59 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 1

PUP.Optional.Webget.A, C:\Program Files (x86)\webget\updatewebget.exe, 2932, Delete-on-Reboot, [219cf97f9ae183b397d9413a659c56aa]

Modules: 0

(No malicious items detected)

Registry Keys: 17

PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update webget, Quarantined, [219cf97f9ae183b397d9413a659c56aa],

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [eecf750382f956e0ab0b81f4db27aa56],

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [eecf750382f956e0ab0b81f4db27aa56],

PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\webget, Quarantined, [4a73aeca3b404de9a5ba822904fe7c84],

PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util webget, Quarantined, [ab124533c4b7fe38a1c14c5fcf33f907],

PUP.Optional.Webget.A, HKU\S-1-5-21-141022101-3564374924-2541518121-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\webget, Quarantined, [516c54249fdc74c26df19d0e06fc1de3],

PUP.Optional.Conduit.A, HKU\S-1-5-21-141022101-3564374924-2541518121-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [77467bfd4a31b77fe982c3191ce72dd3],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-141022101-3564374924-2541518121-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [6657a3d5ee8df442a735566a23dfb54b],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-141022101-3564374924-2541518121-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [625bc4b4116a0e289a4d8452788b857b],

PUP.Optional.Softonic.A, HKU\S-1-5-21-141022101-3564374924-2541518121-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [a01dafc90279f2445237416ed23045bb],

PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{dc264a72-fa75-4948-b881-ea8eff8e5dd2}, Quarantined, [1ca19ade8fece6505f7642397c88b050],

PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}, Quarantined, [1ca19ade8fece6505f7642397c88b050],

PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0a4aa078-e14f-4459-901a-d5f6acb22dd6}, Quarantined, [1ca19ade8fece6505f7642397c88b050],

PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F88A773B-C7D6-4097-AD99-144D59C291E1}, Quarantined, [1ca19ade8fece6505f7642397c88b050],

PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F88A773B-C7D6-4097-AD99-144D59C291E1}, Quarantined, [1ca19ade8fece6505f7642397c88b050],

PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0a4aa078-e14f-4459-901a-d5f6acb22dd6}, Quarantined, [1ca19ade8fece6505f7642397c88b050],

PUP.Optional.Webget.A, HKU\S-1-5-21-141022101-3564374924-2541518121-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}, Quarantined, [1ca19ade8fece6505f7642397c88b050],

Registry Values: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-141022101-3564374924-2541518121-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0S1S1N0A, Quarantined, [625bc4b4116a0e289a4d8452788b857b]

Registry Data: 0

(No malicious items detected)

Folders: 4

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro, Delete-on-Reboot, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, Delete-on-Reboot, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.SimilarSites.A, C:\Users\User\AppData\Roaming\SimilarSites, Quarantined, [beff7cfc8eed092db3e32f610101d42c],

Files: 43

PUP.Optional.Webget.A, C:\Program Files (x86)\webget\updatewebget.exe, Delete-on-Reboot, [219cf97f9ae183b397d9413a659c56aa],

Trojan.Agent.ED, C:\Users\User\Desktop\RogueKiller.exe, Quarantined, [bb0296e2de9d2a0cc993607cf907ab55],

PUP.Optional.Webget.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o5bkiw1c.default\extensions\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.xpi, Quarantined, [66571c5cb0cbd660dbe26446ef1319e7],

PUP.Optional.BProtector.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data, Quarantined, [efcec2b6dc9fa690c557a13935ceb848],

PUP.Optional.BProtector.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences, Quarantined, [7c4126525f1c6acc4fcee4f61ae946ba],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\1361669473.reg, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-25-2013.log, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-26-2013.log, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-27-2013.log, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-28-2013.log, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-29-2013.log, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_10-12-2013.log, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\productSetup_Setup_8_28_2013.exe, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\spanish_rcp.dat, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\summary2.bin, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000002.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000002.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000003.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000003.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000004.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000004.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000005.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000005.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000006.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000006.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000007.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000007.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000008.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000008.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000009.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000009.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000010.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000010.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000011.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000011.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000012.rmx, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

PUP.Optional.RegCleanerPro.A, C:\Users\User\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000012.rxb, Quarantined, [f1cc93e59ae1d95d26f4bacfd72bf808],

Physical Sectors: 0

(No malicious items detected)

(end)

Malwarebytes Log.txt

kevinf80 · June 15, 2014

The rootkit scan option is not set by default, that option is only used if you suspect rootkit infections..... to set do the following:

Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats" is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

Copy and paste the report in next reply.

Let me see the ESET log, also give an update on any remaining issues or concerns...

Kevin

JoseB · June 15, 2014

Ok here is the ESET SCAN log, I also attach another log of Malwarebyte with rootkits scan in case you need it.

C:\FRST\Quarantine\C\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe.xBAD a variant of Win32/BrowseFox.I potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\bin\webget.PurBrowse64.exe.xBAD a variant of Win64/BrowseFox.A potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\webgetUninstall.exe Win32/BrowseFox.C potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\webgetBAApp.dll a variant of Win32/BrowseFox.I potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\{55685567-4840-4a91-962b-49a412e9485a}.dll a variant of Win32/BrowseFox.K potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.dll a variant of Win32/BrowseFox.K potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\plugins\webget.Bromon.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\plugins\webget.BroStats.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\plugins\webget.CompatibilityChecker.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\plugins\webget.FFUpdate.dll a variant of MSIL/BrowseFox.E potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\webget\webget\bin\plugins\webget.IEUpdate.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\Program Files (x86)\webget\bin\plugins\webget.Bromon.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\Program Files (x86)\webget\bin\plugins\webget.BroStats.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\Program Files (x86)\webget\bin\plugins\webget.CompatibilityChecker.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\Program Files (x86)\webget\bin\plugins\webget.FFUpdate.dll a variant of MSIL/BrowseFox.E potentially unwanted application

C:\Program Files (x86)\webget\bin\plugins\webget.IEUpdate.dll a variant of MSIL/BrowseFox.G potentially unwanted application

C:\Users\User\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application

C:\Users\User\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application

C:\Users\User\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application

C:\Users\User\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application

Malwarebytes Log 2.txt

ESET SCAN.txt

kevinf80 · June 15, 2014

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on webget to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
```
:FilesC:\Program Files (x86)\webgetC:\Users\User\AppData\Roaming\BabylonToolbar:Commands[EmptyTemp]
```
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me know if the UNinstall is successful, post the log from OTM, also give update on any remaining issues or concerns...

Kevin

JoseB · June 19, 2014

Hi again kevin, here is the log from OTM, and the uninstall from GeekUnistaller was successful. The only thing left to know is if there is some other step to follow that you would recommend.

All processes killed

========== FILES ==========

File/Folder C:\Program Files (x86)\webget not found.

C:\Users\User\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.

C:\Users\User\AppData\Roaming\BabylonToolbar\IE folder moved successfully.

C:\Users\User\AppData\Roaming\BabylonToolbar\FF folder moved successfully.

C:\Users\User\AppData\Roaming\BabylonToolbar\CR folder moved successfully.

C:\Users\User\AppData\Roaming\BabylonToolbar folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User

->Temp folder emptied: 244514936 bytes

->Temporary Internet Files folder emptied: 52434331 bytes

->Java cache emptied: 97575 bytes

->FireFox cache emptied: 22200373 bytes

->Google Chrome cache emptied: 381319619 bytes

->Flash cache emptied: 1233 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1670801 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195275 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67975 bytes

RecycleBin emptied: 3266901234 bytes

Total Files Cleaned = 3.786,00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 06182014_214441

Files moved on Reboot...

File move failed. C:\Users\User\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a860_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.

File move failed. C:\Users\User\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a860_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.

C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

kevinf80 · June 19, 2014

What is the current status of your system, any remaining issues or concerns?

Adobe Reader maybe outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Next,

Download "Delfix by Xplode" and save it to your desktop.

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT, the back up will be created here:

C:\Windows\ERUNT

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Let me know if we can close out?

Kevin.....

JoseB · June 19, 2014

Kevin

Thank you very much, you saved my computer, I think everything is fine now.

kevinf80 · June 19, 2014

Thank you for the update, good to hear all is good.....

Take care and surf safe,

Kevin....

AdvancedSetup · July 1, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

HELP! Can't install Malwarebytes

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information