Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

a lot of errors and crashes...virus?


  • Please log in to reply

#1
marcospritz2000

marcospritz2000

    Member

  • Member
  • PipPip
  • 32 posts
Hi everybody, thanks for the opportunity to receive some help.
Some time ago i had the wonderful idea top install registry mechanic in the time trial form.
Afterwhiloe i started to have lots of issues , i couldn't boot the pc, my laptop looks super slow, lots of error concerning the virtual shadow copy, the computer freeze a lot and most of the apps are no responding for a while.

I'm attaching the otl form, and as well the admin analisys of the recorded event, if somebody would like to give a look.
I tryied using malaware pro, eset 32 and i did full scans with all of them, with no results.
I also tryied using an app called spotmau, that i've been using before, having no issues, but nothing changed.
I also tryied with soluto ,restoiring the registry with erunt, and cleaning it with ccleaner and wise care 365.

All my drivers all the newest, and temperatures are controlled by speedfan.

Thanks for the help, lñet me know if i have to send you some more info.

Thanks guys and i hope to see you soon in Colombia! :)

OTL logfile created on: 16/07/2013 15:40:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\7\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,73 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 49,77% Memory free
9,32 Gb Paging File | 7,16 Gb Available in Paging File | 76,81% Paging File free
Paging file location(s): c:\pagefile.sys 5727 5727 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 47,97 Gb Free Space | 49,17% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 155,70 Gb Free Space | 42,30% Space Free | Partition Type: NTFS

Computer Name: MARCO-PC | User Name: 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/16 15:39:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\7\Desktop\OTL.exe
PRC - [2013/07/16 15:27:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\7\Desktop\HijackThis.exe
PRC - [2013/06/14 20:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/06 20:43:36 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/14 20:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
MOD - [2013/06/14 20:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 20:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 20:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 20:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 20:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/24 10:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/15 07:49:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/10 17:32:36 | 000,182,848 | ---- | M] (Soluto) [Disabled | Stopped] -- C:\Archivos de programa\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/07/10 17:32:30 | 000,792,128 | ---- | M] (Soluto) [Disabled | Stopped] -- C:\Archivos de programa\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/07/10 17:29:04 | 001,942,528 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Archivos de programa\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2013/06/21 10:57:12 | 000,162,408 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Archivos de programa\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/11/15 11:24:38 | 000,146,792 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe -- (CareMon)
SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/10 17:28:24 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2013/07/07 10:24:33 | 006,543,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013/05/29 11:06:30 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/04/18 09:07:49 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/19 12:38:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/01/28 21:09:52 | 001,605,280 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2013/01/28 20:51:57 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/12/12 22:27:29 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/18 20:26:54 | 000,114,688 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/11/18 20:24:50 | 000,117,912 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/11/18 20:23:42 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/11/18 20:16:15 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/11/18 20:16:15 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/18 20:12:58 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012/11/18 20:05:54 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/11/18 19:54:11 | 000,018,832 | ---- | M] (PenMount) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmkbdfltr.sys -- (pmkbdfltr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/05/24 11:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 09:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/31 13:54:32 | 000,227,896 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/11/15 11:23:04 | 000,238,072 | ---- | M] (Spotmau) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\supersafer64.sys -- (supersafer64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 EC 5E E8 70 77 CE 01 [binary data]
IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/11/13 19:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/11/13 19:41:19 | 000,000,000 | ---D | M]

[2013/05/09 22:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\1zkc3nu5.default\extensions
[2012/12/19 23:29:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\1zkc3nu5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/09 22:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\1zkc3nu5.default\extensions\staged
[2013/05/09 22:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles1zkc3nu5.default\extensions
[2013/05/09 22:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles1zkc3nu5.default\extensions\staged
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Word Search Puzzle = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: Google Docs = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Chrome YouTube Downloader = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.16_0\
CHR - Extension: Adblock de Youtube\u2122 = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\1.8_0\
CHR - Extension: PartyCloud = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko\4.1_0\
CHR - Extension: AdBlock = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Crimson: Steam Pirates = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfbkgkceahodalogdpenjoekbacjfcj\1.0_0\
CHR - Extension: Pacman = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\palgcoflnoaklkflllnmheiollkgkipm\1.21_0\
CHR - Extension: Gmail = C:\Users\7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/03 07:10:20 | 000,448,635 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Archivos de programa\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1178944339-76504460-3788672686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21294809-025E-4748-BD32-0C9F0C3FAB9B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E9F8325-9976-4A2A-AC4B-6AC50E09D742}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/16 11:51:59 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\ElevatedDiagnostics
[2013/07/15 11:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013/07/15 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013/07/15 07:49:45 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/15 07:49:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/07/14 22:50:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/07/14 22:49:52 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2013/07/14 22:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/07/14 22:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2013/07/14 22:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2013/07/14 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2013/07/14 22:33:07 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\SlimWare Utilities Inc
[2013/07/14 22:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/07/14 22:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/07/14 20:06:04 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\iolo
[2013/07/14 20:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/07/11 20:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/08 21:18:12 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\NFS Underground 2
[2013/07/08 21:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013/07/08 21:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2013/07/08 17:54:33 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Wise Care 365
[2013/07/08 17:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2013/07/08 17:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013/07/08 17:43:12 | 000,000,000 | ---D | C] -- C:\Users\7\Documents\08-07-2013
[2013/07/08 17:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/07/08 17:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/07/08 16:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2013/07/08 09:36:40 | 002,155,688 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
[2013/07/08 09:36:36 | 002,097,472 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
[2013/07/08 09:35:51 | 000,057,584 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
[2013/07/08 09:35:51 | 000,026,184 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
[2013/07/07 21:04:41 | 000,030,752 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\ElRawDsk.sys
[2013/07/07 14:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endless War Defense
[2013/07/07 14:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotmau
[2013/07/07 14:00:20 | 000,354,176 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\supersafer.sys
[2013/07/07 14:00:20 | 000,238,072 | ---- | C] (Spotmau) -- C:\Windows\SysWow64\drivers\supersafer64.sys
[2013/07/07 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\drivers
[2013/07/07 14:00:09 | 000,380,264 | ---- | C] (Wondershare Software Co.,Ltd) -- C:\Windows\SysWow64\comm.ocx
[2013/07/07 12:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/07/07 12:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013/07/07 12:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/07/07 12:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/07/07 11:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndlessWarDefense_at
[2013/07/07 10:27:37 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\WinBatch
[2013/07/06 19:51:48 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Systweak
[2013/07/06 16:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013/07/03 21:06:36 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Malwarebytes
[2013/07/03 21:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/03 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/03 21:06:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/03 21:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/03 14:55:16 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2013/07/02 21:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/07/02 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/07/02 21:48:59 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/02 21:48:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/02 21:48:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/02 21:48:46 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/02 21:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/02 21:20:54 | 000,000,000 | ---D | C] -- C:\Users\7\Documents\Downloads
[2013/06/27 16:49:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/06/24 19:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013/06/24 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\IrfanView
[2013/06/24 19:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013/06/24 18:57:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/06/24 18:57:48 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/06/24 18:56:41 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2013/06/24 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013/06/24 18:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/06/24 18:39:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\pdfforge
[2013/06/24 18:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/06/24 18:39:31 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2013/06/24 18:39:30 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2013/06/24 18:39:26 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013/06/24 18:39:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2013/06/24 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013/06/24 18:34:51 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\WinRAR
[2013/06/24 18:34:51 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/24 18:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/24 18:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/06/24 18:28:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/06/24 17:09:46 | 000,000,000 | R--D | C] -- C:\Users\7\Desktop\Documenti vari
[2013/06/24 13:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

========== Files - Modified Within 30 Days ==========

[2013/07/16 15:38:22 | 000,003,509 | ---- | M] () -- C:\Users\7\Desktop\hijackthis.rar
[2013/07/16 15:29:16 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/16 15:22:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/16 14:53:02 | 000,103,642 | ---- | M] () -- C:\Users\7\Desktop\admin.rar
[2013/07/16 14:41:38 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 14:41:38 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 14:34:05 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/16 14:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/16 14:32:32 | 3003,305,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/16 12:44:18 | 000,418,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/15 18:54:15 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/07/15 11:10:30 | 001,594,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/15 11:10:30 | 000,722,520 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/07/15 11:10:30 | 000,623,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/15 11:10:30 | 000,144,222 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/07/15 11:10:30 | 000,111,736 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/15 07:49:45 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/15 07:49:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/14 22:51:14 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/07/14 20:06:05 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2013/07/13 18:50:15 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1178944339-76504460-3788672686-1000UA.job
[2013/07/13 18:50:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1178944339-76504460-3788672686-1000Core.job
[2013/07/13 16:43:40 | 000,003,924 | ---- | M] () -- C:\Users\7\Documents\cc_20130713_164325.reg
[2013/07/11 21:09:13 | 033,541,713 | ---- | M] () -- C:\Users\7\Desktop\Tracy Chapman - Tracy Chapman [1988] Disco Completo and Link de Descarga Full Album.flv
[2013/07/10 22:58:21 | 000,097,928 | ---- | M] () -- C:\Users\7\Desktop\modelo de SAS.zip
[2013/07/10 17:28:24 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2013/07/08 23:57:45 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/08 23:57:45 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/07/08 21:15:39 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2013/07/08 09:38:14 | 000,000,406 | ---- | M] () -- C:\Windows\SysNative\ioloBootDefrag.cfg
[2013/07/07 21:02:19 | 000,074,703 | ---- | M] () -- C:\Windows\SysWOW64mfc45.dll
[2013/07/07 14:34:17 | 000,001,974 | ---- | M] () -- C:\Users\7\Desktop\Endless War Defense.lnk
[2013/07/07 10:26:15 | 000,843,162 | ---- | M] () -- C:\Windows\SysNative\oem4.inf
[2013/07/07 10:24:35 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2013/07/07 10:24:33 | 006,543,392 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2013/07/07 10:24:31 | 003,659,264 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2013/07/07 10:24:25 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2013/07/06 17:31:36 | 145,127,706 | ---- | M] () -- C:\Users\7\AppData\Roaming\hkey_local_machine.reg
[2013/07/03 07:10:20 | 000,448,635 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/02 21:48:31 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/02 21:48:19 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/02 21:48:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/02 21:48:18 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/02 21:48:15 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/02 21:48:15 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/02 18:20:02 | 001,238,369 | ---- | M] () -- C:\Users\7\Documents\Outlook.zip
[2013/07/02 16:54:43 | 000,152,797 | ---- | M] () -- C:\Users\7\Documents\CV europeo spanish version.pdf
[2013/06/24 18:28:09 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

========== Files Created - No Company Name ==========

[2013/07/16 15:38:22 | 000,003,509 | ---- | C] () -- C:\Users\7\Desktop\hijackthis.rar
[2013/07/16 14:53:02 | 000,103,642 | ---- | C] () -- C:\Users\7\Desktop\admin.rar
[2013/07/16 10:34:34 | 000,418,376 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/15 07:49:46 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/14 22:51:13 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/07/14 22:33:22 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/07/14 20:06:05 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/07/13 16:43:30 | 000,003,924 | ---- | C] () -- C:\Users\7\Documents\cc_20130713_164325.reg
[2013/07/11 20:51:33 | 033,541,713 | ---- | C] () -- C:\Users\7\Desktop\Tracy Chapman - Tracy Chapman [1988] Disco Completo and Link de Descarga Full Album.flv
[2013/07/10 22:58:18 | 000,097,928 | ---- | C] () -- C:\Users\7\Desktop\modelo de SAS.zip
[2013/07/08 21:15:39 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2013/07/08 18:02:43 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/07/08 09:38:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysNative\ioloBootDefrag.cfg
[2013/07/07 21:02:19 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2013/07/07 14:34:17 | 000,001,974 | ---- | C] () -- C:\Users\7\Desktop\Endless War Defense.lnk
[2013/07/07 10:26:33 | 000,843,162 | ---- | C] () -- C:\Windows\SysNative\oem4.inf
[2013/07/07 10:24:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/07/02 21:58:36 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/07/02 18:13:35 | 001,238,369 | ---- | C] () -- C:\Users\7\Documents\Outlook.zip
[2013/07/02 16:54:40 | 000,152,797 | ---- | C] () -- C:\Users\7\Documents\CV europeo spanish version.pdf
[2013/06/11 09:26:11 | 000,000,252 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/20 02:18:00 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2013/03/19 22:10:08 | 000,030,601 | ---- | C] () -- C:\Users\7\x.exe
[2013/03/19 13:51:32 | 000,007,663 | ---- | C] () -- C:\Users\7\AppData\Roaming\.freeciv-client-rc-2.3
[2013/03/13 13:37:17 | 145,127,706 | ---- | C] () -- C:\Users\7\AppData\Roaming\hkey_local_machine.reg
[2013/01/28 19:04:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/28 19:04:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/28 19:04:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/28 19:04:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/28 19:04:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/24 16:50:24 | 001,584,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/22 20:43:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/10/27 22:36:17 | 000,007,624 | ---- | C] () -- C:\Users\7\AppData\Local\Resmon.ResmonCfg
[2012/10/18 15:17:57 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/14 12:15:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/09 10:20:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Attached Files


Edited by RKinner, 16 July 2013 - 04:43 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


Ron
  • 0

#3
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I had to restore the system 3 times before to start the test you're asking me to do, because it was impossible to have a clear boot.



i tried to scan before combofix the system with aswmbr, but it stopped for 3 times, signin in red the driver sata and xata???? of amd, so i delete
the driver of my hard disck amd.
after i did combofix, and restarted aswmbr, but also this time aswmbr stopped suddenly.


speed test.net Posted Image


no threat in kasperky scan. not even in adwcleaner, as well in malawarebites, as i told you i scanned with it many times my pc, with no results

looking the event i found out 4 critical error in the last 24 hours, all of them code 10111 and 10110
i clear as you told me the errors in the event viewer, about system and applications.
wasn't usefull to check them out before than to clean them? so i made a copy of the admin registry, just in case, it's attached of the message.


sfc/scannow found out many errors, but was incapable to fix them all.
Vino's event viewer is not able to work on my system, due to the fact that is not able to work in a spanish enviroment.Could you suggest any other visor of events? :) thanks!

P.S. i compact the event in system event viewer before than to clean them, and i'm gonna put them here with a second mail with also the new results of the new scan of OTL :)

Attached Files


  • 0

#4
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
system event viewer for apps and of the system , thanks so much RKinner! :)

Attached Files


  • 0

#5
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
new OTL scans, thanks :)

i really do not understand what to do! :)))

Attached Files

  • Attached File  OTL.Txt   179.77KB   121 downloads
  • Attached File  Extras.Txt   59.23KB   165 downloads

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I don't know what your ISP is supposed to supply but the SpeedTest results are better than my sorry DSL connection so I suppose it is OK. If you are supposed to be getting a lot more bandwidth then you will need to talk to your ISP.

Uninstall these two:

RamBooster
SlimDrivers

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\Tasks\SlimDrivers Startup.job
c:\windows\Tasks\Wise Care 365.job
Wise Turbo Checker.job

Driver::
mjvhhu
WiseBootAssistant

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go, Combofix should start on its own.

Post the new log. (If after it comes back up, you get a warning about a registry key set for deletion then just reboot again.)

mjvhhu is a remnant from a virus. Wasn't removed completely. I saw it trying to load in your Extras event logs.

The rest is just removing remnants from programs that didn't uninstall cleanly.

Your CBS logs shows a bunch of sample programs missing. No doubt one of your "optimizer" removed them. We can live without them but it makes SFC unhappy.


Your event logs show a problem with a device that was G:\. I assume it was plugged into a USB port and is no longer there. I also see a problem with Conexión compartida a Internet (ICS) service. Are you still using that? If not: In the search box, type, services.msc and wait until it finds it then right click on it and Run As Admin. Find the Service and right click on it and select Properties then change the Startup Type: to Disabled. This one is a bit of a puzzle:

The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Usually this is from a Catalyst video driver but I do not see one in your uninstall list. Your Windows Search is messed up: Try one of the following methods:
Method 1:

You may run the fixit from the following link and check for the issue:

Fix Windows Desktop Search when it crashes or not showing results

http://support.micro...windows_search/

Method 2:

You may try rebuilding the index to see if it works:

Change advanced indexing options

http://windows.micro...ndexing-options


There were also a lot of corrupt files.
I think you need to do a diskcheck:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Please clear the logs. (You can save them if you want but I have no use for them) I don't want to see any old logs. Just want to see what happened during the boot and the diskcheck.

Reboot.

The disk check will run and will probably take an hour or more to finish.

You can WinRar your event logs and attach them again since VEW won't work.
  • 0

#7
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi!!! first of all really thanks, RKinner, for the help! so... i tried the fixit about windows searsh, but it looks is not working, error 8007001F, now i'm rebuilding the index with the second option you gave me. :) i uninstalled rambooster, that i used just couple of times when i was rendering, as well slimdriver. What do you use to keep your drivers updated? by the way i always used Revouninstaller to uninstall software, so it sounds weird that it left a bunch of corrupted files.

I remember that i installed some time ago a Catalyst video driver, even if i'm not sovent viewer sure. how could i check my video driver?
Also i think that G: was created by daemon tools, now i don't have anymore it on my computer.

Everything started i think with an issue with VSS, so i download and try the fix it, because the pc all the times another software tried to make a backup it was impossible to restart it without restoring it. yesterday i tried many times to check the disck, but i couldn't restart, the screen was black, showing just couple of pixel in the upper part of it.

i did clean the event viewer, and now i'm trying to do the checkdisk, but another time the screen remain just black, with some pixels on the top part of it. could it be because i changed the screen few months ago? i don't think so, but just in case.... is fixing the disck, even if doesn't look like this, waiting for another message from you! :) thanks so much for your help! :)

could still be a VSS related problem?

Attached Files


  • 0

#8
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Is there any other software to check the disck that i can use without rebooting the pc?

:) thanks!
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Skip the disk check for now and run sfc /scannow per the instructions.
  • 0

#10
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi!!! i just had to restore the system, because there was no way it was doing something.

i just checked couple of sites about errors on checkdisck, so i went there

http://www.thewindow...-run-at-startup

and i discovered that autocheck autochk* on my registry in my case is written vertically! is that normal?


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

i thought to try what is said in this site, let me know!
http://answers.micro...95-ce4a88b71ae4
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Should look like this:


If not go into Regedit and change it.
  • 0

#12
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok, doing the sfc/scannow, changed in regedit the registry (looks funny but was written like so)
a
u
t
o
c
h
e
c
k
a
u
t
o
c
h
k
*
with a space for every letter! also i noticed that in the same registry order HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
i have AutoChk TimeOut REG_DWORD 0x00000001 (1)
Thanks for the help! hoping you can help me to fix my pc today, becauseo need it for work tonight! :)
  • 0

#13
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
cbs log and combofix

Attached Files


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Normally Autochk Timeout is not present so the default of 10 seconds is used. Not sure why or how yours got changed perhaps more of your speedup my PC stuff. I would change it back to 10.

Let's try MBR check and see what it says:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Please run OTL again so I can see where we are after a restore.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Then you can uninstall Speccy.
  • 0

#15
marcospritz2000

marcospritz2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
should i attach to otl the text i had to attach before or i let it run normally?

:)

speccy and MBR attached :)

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP