Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer wont let me download anything


  • Please log in to reply

#1
kirby816

kirby816

    New Member

  • Member
  • Pip
  • 1 posts

My computer wont let me download anything. I was using chrome browser at first and thought that this was simply a problem with the browser so I deleted the program and tried to reinstall it from IE. However, whenever I try to download anything, it wont let me and says the program contained a virus. This happens for email attachments, programs, pretty much anything I try to download from the internet.

 

I did a google search for possible fixes. So far anything that deals with the browser or computer settings has not worked so I'm sure that is not the issue. I did find an old forum topic on here that dealt with the same issue and downloaded FRST onto a separate flash drive and ran that on my computer, but I can't move on from here since I don't have a fix list for this. I've attached both of the FRST files that came from the scan and the link to the forum that has a similar problem.

 

 

http://www.geekstogo...g-regardless-o/

 

also my computer uses Windows 7 Home Premium, 64bit operating system

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
Ran by jesus (administrator) on JESUSHP (26-11-2015 09:19:25)
Running from F:\
Loaded Profiles: jesus (Available Profiles: jesus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APVXDWIN] => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE [1000768 2011-04-13] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe [70464 2011-02-02] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr64.dll (On-Access Anti-Malware Scanner Sync)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [Google Update**.d<*>] => "C:\Users\jesus\AppData\Local\Google\Desktop\Install\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [Windows Live] => rundll32 "C:\Users\jesus\AppData\Local\{09F9419A-86F4-40B6-87BA-C4D7A85F0E5E}\Windows Live\dehlnd.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [GameServer515] => "C:\Users\jesus\AppData\Roaming\hpqLog\WINA446.exe"
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [GameServer518] => "C:\Users\jesus\AppData\Roaming\Leadertech\WIN1027.exe"
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [PandaSecurityUpgrade] => C:\ProgramData\Panda Security Upgrade\Upgrade.exe [213752 2015-07-27] (Panda Security, S.L.)
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dllATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe -update activex
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-06-16]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-06-16]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2010-08-14]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll No File 
Winsock: Catalog9 02 mswsock.dll No File 
Winsock: Catalog9 03 mswsock.dll No File 
Winsock: Catalog9 04 mswsock.dll No File 
Winsock: Catalog9 05 mswsock.dll No File 
Winsock: Catalog9 06 mswsock.dll No File 
Winsock: Catalog9 07 mswsock.dll No File 
Winsock: Catalog9 08 mswsock.dll No File 
Winsock: Catalog9 09 mswsock.dll No File 
Winsock: Catalog9 10 mswsock.dll No File 
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll No File 
Winsock: Catalog9-x64 02 mswsock.dll No File 
Winsock: Catalog9-x64 03 mswsock.dll No File 
Winsock: Catalog9-x64 04 mswsock.dll No File 
Winsock: Catalog9-x64 05 mswsock.dll No File 
Winsock: Catalog9-x64 06 mswsock.dll No File 
Winsock: Catalog9-x64 07 mswsock.dll No File 
Winsock: Catalog9-x64 08 mswsock.dll No File 
Winsock: Catalog9-x64 09 mswsock.dll No File 
Winsock: Catalog9-x64 10 mswsock.dll No File 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6E0D5B34-4733-4D00-937D-F6AF9A6368DA}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{E1E0DC81-40FA-4809-8BC0-5726D49C2096}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {60F001CC-D80D-498C-B9E2-2660637F1EC5} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {761420A7-9D95-4656-82B9-20BBC673E8A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {76C78AA3-EA7B-4CBA-8733-AC012729FA77} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {C40530CA-DD4A-479E-B68C-0416599C7AD4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {60F001CC-D80D-498C-B9E2-2660637F1EC5} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {761420A7-9D95-4656-82B9-20BBC673E8A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {76C78AA3-EA7B-4CBA-8733-AC012729FA77} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {C40530CA-DD4A-479E-B68C-0416599C7AD4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {60F001CC-D80D-498C-B9E2-2660637F1EC5} URL = 
SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {761420A7-9D95-4656-82B9-20BBC673E8A5} URL = 
SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {76C78AA3-EA7B-4CBA-8733-AC012729FA77} URL = 
SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {C40530CA-DD4A-479E-B68C-0416599C7AD4} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-12-26] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-06-16] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-26] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-06-16] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-06-16] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-06-16] (Webroot)
Toolbar: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-26] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-642280661-2776801712-2906168080-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jesus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-28]
CHR Extension: (Google Search) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-28]
CHR Extension: (Google Wallet) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR Extension: (Gmail) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe [173312 2009-08-10] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe [202016 2012-10-16] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe [314176 2010-06-04] (Panda Security, S.L.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\   \...\???\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [65608 2010-05-21] (Panda Security, S.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.)
R1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-03] (Webroot)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [X]
R3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-26 09:18 - 2015-11-26 09:19 - 00000000 ____D C:\FRST
2015-11-19 19:42 - 2015-11-20 16:58 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForjesus.job
2015-11-19 19:42 - 2015-11-19 19:42 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForjesus
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-26 09:19 - 2014-06-16 19:20 - 00000000 ____D C:\ProgramData\WRData
2015-11-26 09:19 - 2009-07-13 21:13 - 00733164 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-26 09:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-11-26 09:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-11-26 09:13 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-26 09:13 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-26 09:08 - 2012-04-03 07:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-26 09:06 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-25 21:11 - 2010-10-20 16:54 - 00000000 ____D C:\Users\jesus\AppData\Roaming\SoftGrid Client
2015-11-25 17:36 - 2014-08-03 18:17 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-25 06:26 - 2013-01-31 09:09 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{62FDFF31-3B08-4FDC-9A6F-38A982062ED7}
2015-11-20 17:03 - 2014-06-16 19:21 - 00170760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-11-20 17:03 - 2014-06-16 19:21 - 00105888 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-11-20 16:59 - 2010-08-14 15:25 - 00000000 ____D C:\ProgramData\PDFC
2015-11-19 19:14 - 2010-10-20 15:59 - 00008627 _____ C:\Windows\SysWOW64\PAV_FOG.OPC
2015-11-17 09:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-10 19:08 - 2012-04-03 07:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 19:08 - 2012-04-03 07:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 19:08 - 2011-05-20 06:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2011-08-04 14:37 - 2011-08-04 14:37 - 0001854 _____ () C:\Users\jesus\AppData\Roaming\GhostObjGAFix.xml
2014-05-16 11:37 - 2014-05-16 11:37 - 0000055 _____ () C:\Users\jesus\AppData\Roaming\mbam.context.scan
2011-12-24 15:29 - 2011-12-24 15:33 - 0010098 ___SH () C:\Users\jesus\AppData\Local\d31w03803t6bly5mr8gi647
2012-01-01 15:06 - 2012-01-02 11:01 - 0013242 ___SH () C:\Users\jesus\AppData\Local\oid711gu8xhb03rf7p358s0cbgfia7nt8yyel
2011-05-02 07:40 - 2011-05-02 07:40 - 0000000 _____ () C:\Users\jesus\AppData\Local\{D4A74673-F89F-422C-BC78-4B031B39EC3C}
2011-12-24 15:29 - 2011-12-24 15:33 - 0010098 ___SH () C:\ProgramData\d31w03803t6bly5mr8gi647
2012-01-01 15:06 - 2012-01-02 11:01 - 0013242 ___SH () C:\ProgramData\oid711gu8xhb03rf7p358s0cbgfia7nt8yyel
ZeroAccess:
C:\Users\jesus\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Some files in TEMP:
====================
C:\Users\jesus\AppData\Local\Temp\01361741089046.exe
C:\Users\jesus\AppData\Local\Temp\01361741089775.exe
C:\Users\jesus\AppData\Local\Temp\1.exe
C:\Users\jesus\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\jesus\AppData\Local\Temp\COMAP.EXE
C:\Users\jesus\AppData\Local\Temp\Couponscom.exe
C:\Users\jesus\AppData\Local\Temp\ehdwniqldfrurtoabdd.exe
C:\Users\jesus\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\jesus\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\jesus\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\jesus\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\jesus\AppData\Local\Temp\ohnabvsrdtylicmodex.exe
C:\Users\jesus\AppData\Local\Temp\Resource.exe
C:\Users\jesus\AppData\Local\Temp\sp54931.exe
C:\Users\jesus\AppData\Local\Temp\sp58915.exe
C:\Users\jesus\AppData\Local\Temp\uninst1.exe
C:\Users\jesus\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\jesus\AppData\Local\Temp\WRupdate338350.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2015-11-20 17:31
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by jesus (2015-11-26 09:20:27)
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) (2010-10-20 22:58:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-642280661-2776801712-2906168080-500 - Administrator - Disabled)
Guest (S-1-5-21-642280661-2776801712-2906168080-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-642280661-2776801712-2906168080-1003 - Limited - Enabled)
jesus (S-1-5-21-642280661-2776801712-2906168080-1000 - Administrator - Enabled) => C:\Users\jesus
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Antivirus Pro 2012 (Enabled - Up to date) {86971480-9989-6750-B122-681A86518D59}
AS: Panda Antivirus Pro 2012 (Enabled - Up to date) {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Civilization III Complete Edition (HKLM-x32\...\InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}) (Version: 1.00.0000 - 2K Games)
Civilization III Complete Edition (x32 Version: 1.00.0000 - 2K Games) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java™ 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Panda Antivirus Pro 2012 (HKLM-x32\...\{E55FB276-73C9-4776-AB53-BC028C0509ED}) (Version: 11.01.00 - Panda Security)
Panda Antivirus Pro 2012 (x32 Version: 11.01.00 - Panda Security) Hidden
Panda Secure Vault 5 (HKLM-x32\...\{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1) (Version:  - AceBIT GmbH)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.6.18 - Webroot)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-09-2015 12:02:10 Scheduled Checkpoint
25-09-2015 07:23:44 Scheduled Checkpoint
02-10-2015 16:20:15 Scheduled Checkpoint
11-10-2015 12:03:17 Scheduled Checkpoint
22-10-2015 15:14:25 Scheduled Checkpoint
30-10-2015 08:56:06 Scheduled Checkpoint
06-11-2015 11:12:57 Scheduled Checkpoint
13-11-2015 17:02:13 Scheduled Checkpoint
20-11-2015 17:38:33 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2011-12-26 15:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0853BCBE-15A5-459C-A4E3-3ACB508D6E4C} - System32\Tasks\{20DC263C-46BA-4ABC-A950-5C6E39F7E46B} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {100AC843-31E0-4017-B9D1-A759CCE93296} - System32\Tasks\Security Center Update - 894935053 => C:\Users\jesus\AppData\Roaming\Oxdauwyq\keida.exe <==== ATTENTION
Task: {11C9626F-7E19-40C3-BBCB-CA7314C9EAE8} - System32\Tasks\Security Center Update - 904127157 => C:\Users\jesus\AppData\Roaming\Ehinfieh\zyovypa.exe <==== ATTENTION
Task: {171D5043-B60C-4286-A5A0-A4934FE752A9} - System32\Tasks\{6A734F0B-231E-451C-99DB-38B06018C9E2} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {1DDF310C-4B44-4C5C-B222-C9054490449E} - System32\Tasks\Security Center Update - 107377952 => C:\Users\jesus\AppData\Roaming\Uvloymu\zualha.exe <==== ATTENTION
Task: {29496D6F-A74E-484E-9C5A-081585FC129B} - System32\Tasks\{69167B88-85C8-4A6E-BCFB-61FCD976D33D} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {2AFD5A99-5BFC-4D39-A20B-751D7AFDAA2A} - System32\Tasks\{9E6188BB-E24A-4E62-8CAB-A2C2705B3EEA} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {2C387EEA-2FB2-408F-8229-62A66F3BA0F0} - System32\Tasks\Security Center Update - 1958471968 => C:\Users\jesus\AppData\Roaming\Alikuhp\irhim.exe <==== ATTENTION
Task: {2F340A9A-A2B6-48BC-A17C-56A3FF5715F6} - System32\Tasks\Security Center Update - 2609764692 => C:\Users\jesus\AppData\Roaming\Ugzogod\orucr.exe <==== ATTENTION
Task: {3948E1D4-7486-43B5-85F1-291D4299B544} - System32\Tasks\{5A22C6B9-2ED5-41B7-8D94-FA253F455A67} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {3ADA5AAC-FAE4-4B0E-9D63-191A5BD372A4} - System32\Tasks\Security Center Update - 3756903478 => C:\Users\jesus\AppData\Roaming\Apexen\uvahr.exe <==== ATTENTION
Task: {3E0640EF-DF00-4FAC-9660-537A58142AA2} - System32\Tasks\HPCeeScheduleForjesus => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {42D4706C-C755-429F-9B4D-0CE751E6CAA6} - System32\Tasks\Security Center Update - 488650916 => C:\Users\jesus\AppData\Roaming\Ykofzi\deazith.exe <==== ATTENTION
Task: {4531857A-E1B7-4604-853C-6142C8890002} - System32\Tasks\Security Center Update - 3276310282 => C:\Users\jesus\AppData\Roaming\Edlawulo\sougz.exe <==== ATTENTION
Task: {47E7EA8A-6536-405F-B848-581BF60DD7D6} - System32\Tasks\Security Center Update - 863622112 => C:\Users\jesus\AppData\Roaming\Tewiuw\aferla.exe <==== ATTENTION
Task: {5043F24D-3719-4E44-98F1-D0E62D5C15BF} - System32\Tasks\{B85BE9BF-789F-458F-BF16-580907B03E86} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {54A29610-0778-4BCD-B459-A2C071551ADB} - System32\Tasks\Security Center Update - 1322901526 => C:\Users\jesus\AppData\Roaming\Yhrepu\xayki.exe <==== ATTENTION
Task: {6294EFF0-BCEC-496A-BABE-9DB3DFE812E4} - System32\Tasks\Security Center Update - 930600146 => C:\Users\jesus\AppData\Roaming\Wavegu\wuwaqi.exe <==== ATTENTION
Task: {6350C2E8-BBA1-46A5-AAE4-0E9FB552D897} - System32\Tasks\{6A3C32FC-8C47-49B5-BDA8-5FF3687EB7DF} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {6C92C604-71DF-4B7D-9886-D6C3FCC8CC8A} - System32\Tasks\Security Center Update - 3832951413 => C:\Users\jesus\AppData\Roaming\Itogol\unnela.exe <==== ATTENTION
Task: {6FA2CC1D-5AFD-418E-92E3-76025C0832E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {719098D3-14C0-478A-BC49-FFD8A20382A5} - System32\Tasks\{968EA586-0B52-46BE-9440-29056A136D5C} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {74827645-3110-48D3-8F2B-2C4871E9BA83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {79A85668-F325-4730-A487-1C093E50FB8D} - System32\Tasks\Security Center Update - 1302573264 => C:\Users\jesus\AppData\Roaming\Tielenvo\evilxi.exe <==== ATTENTION
Task: {79CC659B-1FD5-4A07-A3D7-C2ED81A87A9C} - System32\Tasks\Security Center Update - 1003390054 => C:\Users\jesus\AppData\Roaming\Inendoaf\aspumyh.exe <==== ATTENTION
Task: {7DEC3A00-9F28-4E98-AE7B-82FDC64BB3C7} - System32\Tasks\Security Center Update - 3234866331 => C:\Users\jesus\AppData\Roaming\Zeysydre\lonow.exe <==== ATTENTION
Task: {815C595C-3D4A-48C2-9BB1-BEBD4A468542} - System32\Tasks\Security Center Update - 1366882444 => C:\Users\jesus\AppData\Roaming\Qaevboes\oxsye.exe <==== ATTENTION
Task: {8A8273FE-EBB0-4531-8DD5-B4697876EE19} - System32\Tasks\Security Center Update - 2484097505 => C:\Users\jesus\AppData\Roaming\Uhufqio\evkiov.exe <==== ATTENTION
Task: {99ADD8D0-5DFA-44CB-B8CB-ACA8D4E73689} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {9FE91492-6B0B-4E76-B79F-8B06FDBABB26} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {A435DF05-072E-4DBF-B830-98C0B21FCCB1} - System32\Tasks\Security Center Update - 1345039574 => C:\Users\jesus\AppData\Roaming\Teikqiot\ziray.exe <==== ATTENTION
Task: {A7BBC2B0-1C28-49FB-A748-538D4869069D} - System32\Tasks\Security Center Update - 3078278498 => C:\Users\jesus\AppData\Roaming\Siinzyy\geynve.exe <==== ATTENTION
Task: {AB3B903C-5E08-461C-98DC-C501BE3D9A87} - System32\Tasks\Security Center Update - 2787686042 => C:\Users\jesus\AppData\Roaming\Xasoruu\udziy.exe <==== ATTENTION
Task: {ACA04521-1F92-4727-ADDE-6EA194BEA0B9} - System32\Tasks\Security Center Update - 973189518 => C:\Users\jesus\AppData\Roaming\Yzhohavy\dosyfei.exe <==== ATTENTION
Task: {B174F380-E881-4A7E-9396-5110C707F9FA} - System32\Tasks\Security Center Update - 1327134039 => C:\Users\jesus\AppData\Roaming\Qywiorsy\iqzew.exe <==== ATTENTION
Task: {B2D3BE87-D1C4-4B64-BD4B-A4C43EB52866} - System32\Tasks\Security Center Update - 66968138 => C:\Users\jesus\AppData\Roaming\Amogtat\seibcah.exe <==== ATTENTION
Task: {B409316C-8DA6-4DBC-B56F-D53352C95C4B} - System32\Tasks\{9AB901C2-4965-42AE-809B-F6F627935BDF} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {B50EBAA2-66EE-4363-B62A-887B218A45C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B63768A0-766C-4BC9-A322-4B39618733CD} - System32\Tasks\Security Center Update - 3841101167 => C:\Users\jesus\AppData\Roaming\Nouhwuy\ogylyhe.exe <==== ATTENTION
Task: {B8335F4C-4616-4BFF-AF94-77650C9A2210} - System32\Tasks\Security Center Update - 1595370697 => C:\Users\jesus\AppData\Roaming\Ewzolua\bugaovi.exe <==== ATTENTION
Task: {BBEDC643-07FB-4ADE-B0FF-3CF493294C25} - System32\Tasks\Security Center Update - 413989723 => C:\Users\jesus\AppData\Roaming\Gaavhao\opapz.exe <==== ATTENTION
Task: {BDD1A9D0-8AF4-466B-B3F9-D9E37ADF2542} - System32\Tasks\Security Center Update - 1186375432 => C:\Users\jesus\AppData\Roaming\Wicoiqc\osewhua.exe <==== ATTENTION
Task: {C1B59BED-6E44-46A0-B6FD-05BC0F86502D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {CBA05410-649F-4064-8A2F-FF4338C99447} - System32\Tasks\Security Center Update - 3847246625 => C:\Users\jesus\AppData\Roaming\Arlize\vasazoe.exe <==== ATTENTION
Task: {D240E60C-6C71-446C-94D7-6D03C83B8B20} - System32\Tasks\{A58291A3-2D20-4BB7-A9A6-69E483D16E6A} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {D3B00729-2861-48A9-8DB5-09C611E1A0FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {DBAD9EA4-A1F8-48F8-A682-F9FB835DDDA3} - System32\Tasks\{17E22E69-BBBC-4677-BEEF-7B1B5903D71F} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {DEB87E1F-0F31-4A4D-8B4B-1B893181EAED} - System32\Tasks\Security Center Update - 125799621 => C:\Users\jesus\AppData\Roaming\Xyzixat\myeby.exe <==== ATTENTION
Task: {F49271A5-8E9A-4201-93AE-8D7957830179} - System32\Tasks\{2A926070-6918-49AA-A9AD-2F728DA89E51} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
Task: {F5354D59-093E-460C-A58C-2EC75EE82D2F} - System32\Tasks\{911AF3AA-9EC7-4881-9F5D-A58185731F96} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {F7F0819C-D21A-420D-B3B1-554E221D4701} - System32\Tasks\Security Center Update - 2448523636 => C:\Users\jesus\AppData\Roaming\Exfewuza\byeto.exe <==== ATTENTION
Task: {FD90FC44-D2AE-4DA7-9DE5-DD9E65AD0DBB} - System32\Tasks\{0438AD46-769E-472B-9F8D-48EAE7289264} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForjesus.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-18 09:21 - 2010-01-18 09:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-08 15:45 - 2009-06-08 15:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-14 15:27 - 2010-08-14 15:27 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-26 19:15 - 2007-02-14 13:55 - 00165424 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll
2011-12-26 19:15 - 2004-05-19 11:33 - 00507904 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\libxml2.dll
2011-12-26 19:15 - 2007-02-14 13:55 - 00099888 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APIcr.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jesus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: NETGEAR N300 Wireless Router WNR2000v3
Description: NETGEAR N300 Wireless Router WNR2000v3
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/26/2015 09:16:51 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/25/2015 06:29:53 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/24/2015 08:58:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/24/2015 08:48:31 PM) (Source: AdvisorDock) (EventID: 100) (User: )
Description: Failed to initialize HPAdvisor
 
Error: (11/23/2015 06:24:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/22/2015 05:13:12 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/20/2015 10:47:03 PM) (Source: Sentinel) (EventID: 31424) (User: )
Description: Unexpected failure scanning file E:\AUTORUN.EXE.
 
If the problem persists, please contact with support.
 
Error: (11/20/2015 05:08:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (11/20/2015 04:58:56 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3692) An attempt to open the file "C:\Users\jesus\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/19/2015 07:14:35 PM) (Source: Sentinel) (EventID: 31424) (User: )
Description: Unexpected failure scanning file C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE.
 
If the problem persists, please contact with support.
 
 
System errors:
=============
Error: (11/26/2015 09:07:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (11/26/2015 09:07:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/26/2015 09:06:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (11/26/2015 09:06:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/26/2015 09:06:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (11/25/2015 09:12:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Panda On-Access Anti-Malware Service service terminated with the following error: 
%%1
 
Error: (11/25/2015 06:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (11/25/2015 06:20:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (11/25/2015 06:19:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (11/25/2015 06:19:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
 
CodeIntegrity:
===================================
  Date: 2011-12-26 15:07:36.567
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-12-26 15:07:36.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 630 Processor
Percentage of memory in use: 31%
Total physical RAM: 3839.29 MB
Available physical RAM: 2637.47 MB
Total Virtual: 7676.75 MB
Available Virtual: 5979.27 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:686.46 GB) (Free:586.95 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.08 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DISK1) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
Drive f: (USB) (Removable) (Total:14.45 GB) (Free:14.43 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6E4FFDD1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 14.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP

Copy the text between the asterisks:

 

***************************

HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [Google Update**.d<*>] => "C:\Users\jesus\AppData\Local\Google\Desktop\Install\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [Windows Live] => rundll32 "C:\Users\jesus\AppData\Local\{09F9419A-86F4-40B6-87BA-C4D7A85F0E5E}\Windows Live\dehlnd.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [GameServer515] => "C:\Users\jesus\AppData\Roaming\hpqLog\WINA446.exe"
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [GameServer518] => "C:\Users\jesus\AppData\Roaming\Leadertech\WIN1027.exe"
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dllATTENTION! ====> ZeroAccess?
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll No File 
Winsock: Catalog9 02 mswsock.dll No File 
Winsock: Catalog9 03 mswsock.dll No File 
Winsock: Catalog9 04 mswsock.dll No File 
Winsock: Catalog9 05 mswsock.dll No File 
Winsock: Catalog9 06 mswsock.dll No File 
Winsock: Catalog9 07 mswsock.dll No File 
Winsock: Catalog9 08 mswsock.dll No File 
Winsock: Catalog9 09 mswsock.dll No File 
Winsock: Catalog9 10 mswsock.dll No File 
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll No File 
Winsock: Catalog9-x64 02 mswsock.dll No File 
Winsock: Catalog9-x64 03 mswsock.dll No File 
Winsock: Catalog9-x64 04 mswsock.dll No File 
Winsock: Catalog9-x64 05 mswsock.dll No File 
Winsock: Catalog9-x64 06 mswsock.dll No File 
Winsock: Catalog9-x64 07 mswsock.dll No File 
Winsock: Catalog9-x64 08 mswsock.dll No File 
Winsock: Catalog9-x64 09 mswsock.dll No File 
Winsock: Catalog9-x64 10 mswsock.dll No File 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-642280661-2776801712-2906168080-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\   \...\???\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\jesus\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Windows\system64
Task: {100AC843-31E0-4017-B9D1-A759CCE93296} - System32\Tasks\Security Center Update - 894935053 => C:\Users\jesus\AppData\Roaming\Oxdauwyq\keida.exe <==== ATTENTION
Task: {11C9626F-7E19-40C3-BBCB-CA7314C9EAE8} - System32\Tasks\Security Center Update - 904127157 => C:\Users\jesus\AppData\Roaming\Ehinfieh\zyovypa.exe <==== ATTENTION
Task: {1DDF310C-4B44-4C5C-B222-C9054490449E} - System32\Tasks\Security Center Update - 107377952 => C:\Users\jesus\AppData\Roaming\Uvloymu\zualha.exe <==== ATTENTION
Task: {2C387EEA-2FB2-408F-8229-62A66F3BA0F0} - System32\Tasks\Security Center Update - 1958471968 => C:\Users\jesus\AppData\Roaming\Alikuhp\irhim.exe <==== ATTENTION
Task: {2F340A9A-A2B6-48BC-A17C-56A3FF5715F6} - System32\Tasks\Security Center Update - 2609764692 => C:\Users\jesus\AppData\Roaming\Ugzogod\orucr.exe <==== ATTENTION
Task: {3ADA5AAC-FAE4-4B0E-9D63-191A5BD372A4} - System32\Tasks\Security Center Update - 3756903478 => C:\Users\jesus\AppData\Roaming\Apexen\uvahr.exe <==== ATTENTION
Task: {42D4706C-C755-429F-9B4D-0CE751E6CAA6} - System32\Tasks\Security Center Update - 488650916 => C:\Users\jesus\AppData\Roaming\Ykofzi\deazith.exe <==== ATTENTION
Task: {4531857A-E1B7-4604-853C-6142C8890002} - System32\Tasks\Security Center Update - 3276310282 => C:\Users\jesus\AppData\Roaming\Edlawulo\sougz.exe <==== ATTENTION
Task: {47E7EA8A-6536-405F-B848-581BF60DD7D6} - System32\Tasks\Security Center Update - 863622112 => C:\Users\jesus\AppData\Roaming\Tewiuw\aferla.exe <==== ATTENTION
Task: {54A29610-0778-4BCD-B459-A2C071551ADB} - System32\Tasks\Security Center Update - 1322901526 => C:\Users\jesus\AppData\Roaming\Yhrepu\xayki.exe <==== ATTENTION
Task: {6294EFF0-BCEC-496A-BABE-9DB3DFE812E4} - System32\Tasks\Security Center Update - 930600146 => C:\Users\jesus\AppData\Roaming\Wavegu\wuwaqi.exe <==== ATTENTION
Task: {6C92C604-71DF-4B7D-9886-D6C3FCC8CC8A} - System32\Tasks\Security Center Update - 3832951413 => C:\Users\jesus\AppData\Roaming\Itogol\unnela.exe <==== ATTENTION
Task: {79A85668-F325-4730-A487-1C093E50FB8D} - System32\Tasks\Security Center Update - 1302573264 => C:\Users\jesus\AppData\Roaming\Tielenvo\evilxi.exe <==== ATTENTION
Task: {79CC659B-1FD5-4A07-A3D7-C2ED81A87A9C} - System32\Tasks\Security Center Update - 1003390054 => C:\Users\jesus\AppData\Roaming\Inendoaf\aspumyh.exe <==== ATTENTION
Task: {7DEC3A00-9F28-4E98-AE7B-82FDC64BB3C7} - System32\Tasks\Security Center Update - 3234866331 => C:\Users\jesus\AppData\Roaming\Zeysydre\lonow.exe <==== ATTENTION
Task: {815C595C-3D4A-48C2-9BB1-BEBD4A468542} - System32\Tasks\Security Center Update - 1366882444 => C:\Users\jesus\AppData\Roaming\Qaevboes\oxsye.exe <==== ATTENTION
Task: {8A8273FE-EBB0-4531-8DD5-B4697876EE19} - System32\Tasks\Security Center Update - 2484097505 => C:\Users\jesus\AppData\Roaming\Uhufqio\evkiov.exe <==== ATTENTION
Task: {A435DF05-072E-4DBF-B830-98C0B21FCCB1} - System32\Tasks\Security Center Update - 1345039574 => C:\Users\jesus\AppData\Roaming\Teikqiot\ziray.exe <==== ATTENTION
Task: {A7BBC2B0-1C28-49FB-A748-538D4869069D} - System32\Tasks\Security Center Update - 3078278498 => C:\Users\jesus\AppData\Roaming\Siinzyy\geynve.exe <==== ATTENTION
Task: {AB3B903C-5E08-461C-98DC-C501BE3D9A87} - System32\Tasks\Security Center Update - 2787686042 => C:\Users\jesus\AppData\Roaming\Xasoruu\udziy.exe <==== ATTENTION
Task: {ACA04521-1F92-4727-ADDE-6EA194BEA0B9} - System32\Tasks\Security Center Update - 973189518 => C:\Users\jesus\AppData\Roaming\Yzhohavy\dosyfei.exe <==== ATTENTION
Task: {B174F380-E881-4A7E-9396-5110C707F9FA} - System32\Tasks\Security Center Update - 1327134039 => C:\Users\jesus\AppData\Roaming\Qywiorsy\iqzew.exe <==== ATTENTION
Task: {B2D3BE87-D1C4-4B64-BD4B-A4C43EB52866} - System32\Tasks\Security Center Update - 66968138 => C:\Users\jesus\AppData\Roaming\Amogtat\seibcah.exe <==== ATTENTION
Task: {B63768A0-766C-4BC9-A322-4B39618733CD} - System32\Tasks\Security Center Update - 3841101167 => C:\Users\jesus\AppData\Roaming\Nouhwuy\ogylyhe.exe <==== ATTENTION
Task: {B8335F4C-4616-4BFF-AF94-77650C9A2210} - System32\Tasks\Security Center Update - 1595370697 => C:\Users\jesus\AppData\Roaming\Ewzolua\bugaovi.exe <==== ATTENTION
Task: {BBEDC643-07FB-4ADE-B0FF-3CF493294C25} - System32\Tasks\Security Center Update - 413989723 => C:\Users\jesus\AppData\Roaming\Gaavhao\opapz.exe <==== ATTENTION
Task: {BDD1A9D0-8AF4-466B-B3F9-D9E37ADF2542} - System32\Tasks\Security Center Update - 1186375432 => C:\Users\jesus\AppData\Roaming\Wicoiqc\osewhua.exe <==== ATTENTION
Task: {CBA05410-649F-4064-8A2F-FF4338C99447} - System32\Tasks\Security Center Update - 3847246625 => C:\Users\jesus\AppData\Roaming\Arlize\vasazoe.exe <==== ATTENTION
Task: {DEB87E1F-0F31-4A4D-8B4B-1B893181EAED} - System32\Tasks\Security Center Update - 125799621 => C:\Users\jesus\AppData\Roaming\Xyzixat\myeby.exe <==== ATTENTION
Task: {F7F0819C-D21A-420D-B3B1-554E221D4701} - System32\Tasks\Security Center Update - 2448523636 => C:\Users\jesus\AppData\Roaming\Exfewuza\byeto.exe <==== ATTENTION
CMD: netsh winsock reset catalog
EmptyTemp:
 
**************************************************************************************
 
Open Notepad and Edit, Paste.  File Save As to the same folder where FRST is.  Call it:  fixlist
 
Then run FRST (right click and Run As Admin) and hit the Fix button.  It will reboot and then it should generate a fixlog.txt in the same folder.  Please post it.  Also tun FRST again check the Addition box  and hit SCAN.  You should get two logs.  Post both.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP