Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware is blocking my Internet access [Closed]

malware blocking internet problem with antispyware

  • This topic is locked This topic is locked

#1
idcastillov

idcastillov

    New Member

  • Member
  • Pip
  • 1 posts

Hello.

 

Two days ago I saw that my laptop could not navigate on Internet. I tried with Chrome and Firefox but was futile. After, I tried with these programs to clean:

 

- Ccleaner  (ran ok)

- ComboFix (ran ok)

- Anti Malwarebytes (the system not allow the instalation)

- Norton Power Eraser (can´t be installed because it needs internet access)

- Dr.Web Cureit (ran ok. It detected 3 problems and after neutralize those)

 

The problem continues and I don´t know what else to do. ¿Can you help me please?

 

I like to add that I used all this programs in secure mode with network functions in Windows 7

 

Thanks in advance.

 

Now the logs:

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Usuario (administrator) on USUARIO-PC on 27-03-2015 00:39:19
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available profiles: Usuario)
Platform: Windows 7 Ultimate (X64) OS Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-19] (Avast Software s.r.o.)
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\...\Run: [Spotify Web Helper] => C:\Users\Usuario\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-03] (Spotify Ltd)
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...FB0E06LKCZ3VLCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...FB0E06LKCZ3VLCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...FB0E06LKCZ3VLCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...FB0E06LKCZ3VLCX
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsur...q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-15] (Avast Software s.r.o.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-15] (Avast Software s.r.o.)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION.
Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 181.48.0.231
 
FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1427209821&from=smt&uid=HitachiXHTS543225L9A300_081119FB0E06LKCZ3VLCX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll [2014-09-30] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\user.js [2015-03-26]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\searchplugins\istartsurf.xml [2015-03-24]
FF Extension: FF Toolbar - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\[email protected] [2015-03-24]
FF Extension: Search Enginer - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\[email protected] [2015-03-24]
FF Extension: Youtube Accelerator Helper - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [2015-03-24]
FF Extension: Shopper-Pro - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-03-24]
FF Extension: Video DownloadHelper - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\extensions\[email protected]
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-29]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-29]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-29]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-29]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-29]
CHR Extension: (Google Sheets) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-29]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-29]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-29]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09]
CHR Extension: (Google Sheets) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-15] (Avast Software s.r.o.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-20] (XTab system)
S3 Microsoft Office Groove Audit Service; D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [68464 2007-08-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-15] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-15] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-15] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-15] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-15] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-15] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 00:35 - 2015-03-27 00:39 - 00017351 _____ () C:\Users\Usuario\Desktop\FRST.txt
2015-03-27 00:34 - 2015-03-27 00:39 - 00000000 ____D () C:\FRST
2015-03-27 00:34 - 2015-03-27 00:31 - 02095616 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2015-03-26 11:29 - 2015-03-26 11:29 - 00000000 ____D () C:\ProgramData\Doctor Web
2015-03-26 11:15 - 2015-03-26 13:44 - 00000000 ____D () C:\Users\Usuario\Doctor Web
2015-03-26 09:32 - 2015-03-26 13:58 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashDumps
2015-03-26 09:32 - 2015-03-26 09:32 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-26 09:17 - 2015-03-26 23:29 - 00000000 ____D () C:\Users\Usuario\AppData\Local\NPE
2015-03-26 09:17 - 2015-03-26 09:18 - 00000000 ____D () C:\ProgramData\Norton
2015-03-26 01:57 - 2015-03-26 01:57 - 00049282 _____ () C:\ComboFix.txt
2015-03-26 01:37 - 2015-03-26 01:37 - 00108840 _____ () C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-26 01:26 - 2015-03-26 22:21 - 00024591 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 01:13 - 2015-03-26 13:50 - 00000280 _____ () C:\Windows\setupact.log
2015-03-26 01:13 - 2015-03-26 01:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-26 01:11 - 2015-03-26 13:49 - 00079520 _____ () C:\Windows\PFRO.log
2015-03-26 01:11 - 2015-03-26 01:29 - 05037464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-26 00:49 - 2015-03-26 01:58 - 00000000 ____D () C:\ComboFix
2015-03-26 00:49 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-26 00:49 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-26 00:49 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-26 00:49 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-26 00:49 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-26 00:49 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-26 00:49 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-26 00:49 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-26 00:29 - 2015-03-26 01:57 - 00000000 ____D () C:\Qoobox
2015-03-26 00:27 - 2015-03-26 01:34 - 00000000 ____D () C:\Windows\erdnt
2015-03-26 00:27 - 2015-03-26 00:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-26 00:27 - 2015-03-26 00:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-25 07:16 - 2015-03-25 07:16 - 00003170 _____ () C:\Windows\System32\Tasks\UNELEVATE_27390
2015-03-24 11:24 - 2015-03-24 11:24 - 00003158 _____ () C:\Windows\System32\Tasks\{F2DD3714-616A-4CBD-BB5A-906FDCB8C8E1}
2015-03-24 10:17 - 2015-03-26 13:44 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-03-24 10:17 - 2015-03-24 10:17 - 00004510 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-03-24 10:17 - 2015-03-24 10:17 - 00004246 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333230343233383833342d3437415a556c2a3223346c41
2015-03-24 10:17 - 2015-03-24 10:17 - 00003576 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-03-24 10:17 - 2015-03-24 10:17 - 00003502 _____ () C:\Windows\System32\Tasks\SPDriver
2015-03-24 10:17 - 2015-03-24 10:17 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-03-24 10:12 - 2015-03-26 13:44 - 00000000 ____D () C:\ProgramData\YTAHelper
2015-03-24 10:12 - 2015-03-25 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
2015-03-24 10:12 - 2015-03-24 11:25 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-24 10:12 - 2015-03-24 10:12 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com)C:\Windows\SysWOW64\AniGIF.ocx
2015-03-24 10:12 - 2015-03-24 10:12 - 00003458 _____ () C:\Windows\System32\Tasks\YTAUpdate
2015-03-24 10:12 - 2015-03-24 10:12 - 00003272 _____ () C:\Windows\System32\Tasks\YTAUpdate_logon
2015-03-24 10:12 - 2015-03-24 10:12 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-03-24 10:12 - 2015-03-24 10:12 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-03-24 10:11 - 2015-03-24 10:11 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashRpt
2015-03-24 10:10 - 2015-03-26 13:44 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-24 10:10 - 2015-03-25 00:34 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-24 10:10 - 2015-03-24 10:10 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-24 10:09 - 2015-03-24 10:10 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\AdvertismentImages
2015-03-24 09:51 - 2015-03-24 10:06 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Diffractor
2015-03-22 20:22 - 2015-03-22 20:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-18 08:28 - 2015-03-18 08:28 - 00000000 _____ () C:\Users\Usuario\AppData\Local\{B042ACCB-0D9C-4080-BE09-426C56AF9F17}
2015-03-17 09:32 - 2015-03-17 09:32 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-17 09:32 - 2015-03-17 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-17 09:30 - 2015-03-17 09:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-17 09:30 - 2015-03-17 09:31 - 00000000 ____D () C:\Program Files\iTunes
2015-03-17 09:30 - 2015-03-17 09:30 - 00000000 ____D () C:\Program Files\iPod
2015-03-17 09:30 - 2015-03-17 09:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-15 13:31 - 2015-03-15 13:31 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\AVAST Software
2015-03-15 12:48 - 2015-03-26 09:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-15 12:48 - 2015-03-15 12:48 - 00001922 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-15 12:48 - 2015-03-15 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-15 12:48 - 2015-03-15 12:46 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-15 12:48 - 2015-03-15 12:46 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-15 12:47 - 2015-03-15 12:46 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-15 12:47 - 2015-03-15 12:46 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-15 12:47 - 2015-03-15 12:46 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-15 12:47 - 2015-03-15 12:46 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-15 12:47 - 2015-03-15 12:46 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-15 12:47 - 2015-03-15 12:46 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-15 12:47 - 2015-03-15 12:45 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-15 12:45 - 2015-03-15 12:45 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-15 12:43 - 2015-03-15 12:43 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-15 12:41 - 2015-03-15 12:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-15 12:16 - 2015-03-15 12:16 - 00000000 ____D () C:\OETemp
2015-03-13 23:16 - 2015-03-13 23:17 - 47581143 _____ () C:\Users\Usuario\Downloads\Presentaciones_oct14_dic14.rar
2015-03-13 20:11 - 2015-03-13 20:11 - 00221320 _____ (Deposit Files) C:\Users\Usuario\Downloads\dfdownloader_fSSLN5_.exe
2015-03-07 18:54 - 2015-03-07 18:54 - 00269990 _____ () C:\Users\Usuario\Downloads\RapiPlan.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 00:34 - 2009-07-14 04:31 - 00694148 _____ () C:\Windows\system32\perfh00A.dat
2015-03-27 00:34 - 2009-07-14 04:31 - 00134242 _____ () C:\Windows\system32\perfc00A.dat
2015-03-27 00:34 - 2009-07-14 00:13 - 01530242 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 22:21 - 2014-09-29 16:44 - 00000000 ____D () C:\Users\Usuario
2015-03-26 21:54 - 2009-07-13 23:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 21:54 - 2009-07-13 23:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 21:28 - 2014-09-29 17:05 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 19:28 - 2014-09-29 17:05 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 13:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-26 09:33 - 2014-09-30 14:37 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Adobe
2015-03-26 01:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-26 01:09 - 2009-07-13 21:34 - 54525952 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-26 01:09 - 2009-07-13 21:34 - 13893632 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-26 01:09 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-26 01:09 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-03-26 01:09 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-26 00:40 - 2014-09-29 21:06 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Azureus
2015-03-26 00:38 - 2014-09-29 10:20 - 00000000 ____D () C:\Windows\Panther
2015-03-25 07:16 - 2009-07-14 00:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-25 01:24 - 2014-09-30 12:20 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\vlc
2015-03-24 23:19 - 2014-09-30 10:15 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-24 23:19 - 2014-09-30 10:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-24 23:19 - 2014-09-29 17:08 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-24 23:19 - 2014-09-29 16:50 - 00001427 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-24 23:19 - 2014-09-29 16:50 - 00001393 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-24 12:22 - 2014-09-29 17:23 - 00000000 ____D () C:\Users\Usuario\Downloads\CW
2015-03-24 09:51 - 2015-01-20 00:37 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Audacity
2015-03-24 09:42 - 2014-09-30 12:21 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\NCH Software
2015-03-24 09:42 - 2014-09-30 12:21 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-03-24 09:38 - 2014-09-30 13:27 - 00000000 ____D () C:\Users\Usuario\dwhelper
2015-03-24 09:06 - 2014-09-29 21:27 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Dropbox
2015-03-24 08:48 - 2014-09-30 10:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-17 09:30 - 2014-09-30 10:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-15 12:23 - 2014-09-29 21:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-14 02:45 - 2014-10-12 16:06 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\NewzToolz
2015-03-12 21:52 - 2014-09-30 12:21 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-03-11 12:08 - 2014-09-29 21:30 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Files in the root of some directories =======
 
2015-03-18 08:28 - 2015-03-18 08:28 - 0000000 _____ () C:\Users\Usuario\AppData\Local\{B042ACCB-0D9C-4080-BE09-426C56AF9F17}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-26 14:34
 
==================== End Of Log ============================
 
Now for Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Usuario at 2015-03-27 00:41:08
Running from C:\Users\Usuario\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version:  - ) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32 bits) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-3024409782-2630941238-160038457-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EPUB to MOBI (HKLM-x32\...\{C65AA5AE-8B80-46B6-ADFC-BBF1EFF2AD98}_is1) (Version:  - epubtomobi.com)
Free ePub reader 1.0 (HKLM-x32\...\{BB49A5B5-FEAE-46DB-91BC-F9F914A72DBA}_is1) (Version: 1.0 - SoftDevResource)
GetFLV 9.6.8.1 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iTalk Sync 1.0 (HKLM-x32\...\iTalk Sync) (Version: 1.0 116 - Griffin Technology)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 es-ES)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NewzToolz v2.0.3 (HKLM-x32\...\NewzToolz_is1) (Version:  - )
Paquete de compatibilidad para 2007 Office system (HKLM-x32\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3024409782-2630941238-160038457-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3024409782-2630941238-160038457-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
23-03-2015 11:26:11 Punto de control programado
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-03-26 01:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08DCF849-9609-4D86-A405-C41A8EB14A3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {12A3DF3A-E8F2-4B0D-BBF4-90909E2FEC3B} - System32\Tasks\{F2DD3714-616A-4CBD-BB5A-906FDCB8C8E1} => pcalua.exe -a C:\Users\Usuario\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=smt
Task: {14D9D773-338C-436B-A305-0CF5D110C184} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {28A5C919-A6AA-4336-8349-530543EACCA7} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {5A57306E-9509-4E69-A656-6A7FB3E37041} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-15] (Avast Software s.r.o.)
Task: {6A7943D8-1692-488B-891E-6F077100201D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {772CDA07-525E-47CF-AC82-70260731902D} - System32\Tasks\UNELEVATE_27390 => C:\Program Files (x86)\ShopperPro\JSDriver\1.39.0.1648\jsdrv.exe <==== ATTENTION
Task: {7C35257B-AF01-4F8F-9AFF-271054C18AC2} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {7F799572-925C-480B-8D64-267B4AC0A094} - System32\Tasks\AdobeAAMUpdater-1.0-Usuario-PC-Usuario => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {7FC09703-CA86-46B9-BDC1-B0EB15543914} - System32\Tasks\SPBIW_UpdateTask_Time_333230343233383833342d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8E94487F-A5AF-4441-B643-5C2B17942380} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {CFB9213C-D38F-4CB9-9994-A16C483D969D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {D1E2C9BD-8197-484A-A946-6EB42ED20951} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.39.0.1648\jsdrv.exe <==== ATTENTION
Task: {DB777759-D052-4E66-B964-94C669A0E720} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {E88D1A80-51B3-4D93-8F80-B3762249865D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {FAF6F554-4B24-4556-A6D3-4FF1D8AF8196} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2008-12-23 18:39 - 2008-12-23 18:39 - 00097280 _____ () D:\Program Files (x86)\Griffin Technology\iTalk Sync\CopyHook64.dll
2014-09-29 17:20 - 2007-09-21 10:00 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 190.157.8.33 - 181.48.0.231
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3024409782-2630941238-160038457-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3024409782-2630941238-160038457-1002 - Limited - Enabled)
Invitado (S-1-5-21-3024409782-2630941238-160038457-501 - Limited - Disabled)
Usuario (S-1-5-21-3024409782-2630941238-160038457-1000 - Administrator - Enabled) => C:\Users\Usuario
 
==================== Faulty Device Manager Devices =============
 
Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/26/2015 01:58:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DTLite.exe, versión: 4.49.1.356, marca de tiempo: 0x53159ab2
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bdbdf
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x0000b727
Id. del proceso con errores: 0xb90
Hora de inicio de la aplicación con errores: 0xDTLite.exe0
Ruta de acceso de la aplicación con errores: DTLite.exe1
Ruta de acceso del módulo con errores: DTLite.exe2
Id. del informe: DTLite.exe3
 
Error: (03/26/2015 00:14:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DTLite.exe, versión: 4.49.1.356, marca de tiempo: 0x53159ab2
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bdbdf
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x0000b727
Id. del proceso con errores: 0x9d8
Hora de inicio de la aplicación con errores: 0xDTLite.exe0
Ruta de acceso de la aplicación con errores: DTLite.exe1
Ruta de acceso del módulo con errores: DTLite.exe2
Id. del informe: DTLite.exe3
 
Error: (03/26/2015 10:44:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DTLite.exe, versión: 4.49.1.356, marca de tiempo: 0x53159ab2
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bdbdf
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x0000b727
Id. del proceso con errores: 0xb00
Hora de inicio de la aplicación con errores: 0xDTLite.exe0
Ruta de acceso de la aplicación con errores: DTLite.exe1
Ruta de acceso del módulo con errores: DTLite.exe2
Id. del informe: DTLite.exe3
 
Error: (03/26/2015 10:41:37 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: El punto de restauración seleccionado se dañó o eliminó durante la restauración (avast! antivirus system restore point).
 
Error: (03/26/2015 09:29:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DTLite.exe, versión: 4.49.1.356, marca de tiempo: 0x53159ab2
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bdbdf
Código de excepción: 0xc06d007e
Desplazamiento de errores: 0x0000b727
Id. del proceso con errores: 0x758
Hora de inicio de la aplicación con errores: 0xDTLite.exe0
Ruta de acceso de la aplicación con errores: DTLite.exe1
Ruta de acceso del módulo con errores: DTLite.exe2
Id. del informe: DTLite.exe3
 
Error: (03/26/2015 01:30:05 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/26/2015 01:30:05 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/26/2015 01:30:05 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.
 
Contexto: aplicación Windows
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/26/2015 01:30:05 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.
 
Contexto: aplicación Windows, catálogo SystemIndex
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/26/2015 01:30:05 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.
 
Contexto: aplicación Windows, catálogo SystemIndex
 
Detalles:
No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)
 
 
System errors:
=============
Error: (03/27/2015 00:40:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/27/2015 00:40:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/27/2015 00:40:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/27/2015 00:38:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/27/2015 00:38:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/27/2015 00:38:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/27/2015 00:38:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Proveedor de Grupo Hogar depende del servicio Host de proveedor de detección de función, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/27/2015 00:32:38 AM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk2\DR2.
 
Error: (03/26/2015 11:28:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (03/26/2015 11:28:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-26 01:06:56.564
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2015-03-26 01:06:56.548
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2015-03-25 12:03:11.446
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-03-25 11:45:05.846
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-03-25 11:38:31.934
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-03-25 08:13:35.720
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-03-25 07:08:09.010
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-03-25 01:47:13.379
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-03-25 01:13:55.573
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-03-25 01:03:42.050
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 16%
Total physical RAM: 4027.2 MB
Available physical RAM: 3362.65 MB
Total Pagefile: 8052.54 MB
Available Pagefile: 7406.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:71.53 GB) (Free:44.7 GB) NTFS
Drive d: (Datos) (Fixed) (Total:161.25 GB) (Free:25.21 GB) NTFS
Drive h: (IVAN_C) (Removable) (Total:3.61 GB) (Free:1.93 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E61CE61C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=71.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=161.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 3.6 GB) (Disk ID: 656D2F6F)
No partition Table on disk 2.
 
==================== End Of Log ============================

Edited by idcastillov, 27 March 2015 - 02:06 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets see if we can sort this out
After the FRST fix has completed try normal mode and see if the network functions

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...FB0E06LKCZ3VLCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...FB0E06LKCZ3VLCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...FB0E06LKCZ3VLCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...FB0E06LKCZ3VLCX
HKU\S-1-5-21-3024409782-2630941238-160038457-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3024409782-2630941238-160038457-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsur...q={searchTerms}
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll No File
Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION.
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1427209821&from=smt&uid=HitachiXHTS543225L9A300_081119FB0E06LKCZ3VLCX
FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\user.js [2015-03-26]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\searchplugins\istartsurf.xml [2015-03-24]
FF Extension: FF Toolbar - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\[email protected] [2015-03-24]
FF Extension: Search Enginer - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\[email protected] [2015-03-24]
FF Extension: Youtube Accelerator Helper - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [2015-03-24]
FF Extension: Shopper-Pro - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-03-24]
FF Extension: Video DownloadHelper - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\bfvobih0.default\extensions\[email protected]
CHR Extension: (Avira Browser Safety) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-09]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-03-24 11:24 - 2015-03-24 11:24 - 00003158 _____ () C:\Windows\System32\Tasks\{F2DD3714-616A-4CBD-BB5A-906FDCB8C8E1}
2015-03-24 10:17 - 2015-03-26 13:44 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-03-24 10:17 - 2015-03-24 10:17 - 00004510 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-03-24 10:17 - 2015-03-24 10:17 - 00004246 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333230343233383833342d3437415a556c2a3223346c41
2015-03-24 10:17 - 2015-03-24 10:17 - 00003576 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-03-24 10:17 - 2015-03-24 10:17 - 00003502 _____ () C:\Windows\System32\Tasks\SPDriver
2015-03-24 10:17 - 2015-03-24 10:17 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-03-24 10:12 - 2015-03-26 13:44 - 00000000 ____D () C:\ProgramData\YTAHelper
2015-03-24 10:12 - 2015-03-25 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
2015-03-24 10:12 - 2015-03-24 10:12 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft....OW64\AniGIF.ocx
2015-03-24 10:12 - 2015-03-24 10:12 - 00003458 _____ () C:\Windows\System32\Tasks\YTAUpdate
2015-03-24 10:12 - 2015-03-24 10:12 - 00003272 _____ () C:\Windows\System32\Tasks\YTAUpdate_logon
2015-03-24 10:12 - 2015-03-24 10:12 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-03-24 10:12 - 2015-03-24 10:12 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-03-24 10:10 - 2015-03-26 13:44 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-24 10:10 - 2015-03-25 00:34 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-24 10:10 - 2015-03-24 10:10 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-24 10:09 - 2015-03-24 10:10 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\AdvertismentImages
2015-03-24 09:51 - 2015-03-24 10:06 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Diffractor
2015-03-18 08:28 - 2015-03-18 08:28 - 00000000 _____ () C:\Users\Usuario\AppData\Local\{B042ACCB-0D9C-4080-BE09-426C56AF9F17}
Task: {12A3DF3A-E8F2-4B0D-BBF4-90909E2FEC3B} - System32\Tasks\{F2DD3714-616A-4CBD-BB5A-906FDCB8C8E1} => pcalua.exe -a C:\Users\Usuario\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt
Task: {14D9D773-338C-436B-A305-0CF5D110C184} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {28A5C919-A6AA-4336-8349-530543EACCA7} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {772CDA07-525E-47CF-AC82-70260731902D} - System32\Tasks\UNELEVATE_27390 => C:\Program Files (x86)\ShopperPro\JSDriver\1.39.0.1648\jsdrv.exe <==== ATTENTION
Task: {7C35257B-AF01-4F8F-9AFF-271054C18AC2} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {7FC09703-CA86-46B9-BDC1-B0EB15543914} - System32\Tasks\SPBIW_UpdateTask_Time_333230343233383833342d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8E94487F-A5AF-4441-B643-5C2B17942380} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {D1E2C9BD-8197-484A-A946-6EB42ED20951} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.39.0.1648\jsdrv.exe <==== ATTENTION
Task: {DB777759-D052-4E66-B964-94C669A0E720} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {FAF6F554-4B24-4556-A6D3-4FF1D8AF8196} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
C:\PROGRA~2\YOUTUB~1
C:\Program Files (x86)\Search Extensions
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, blocking internet, problem with antispyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP