Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02 Ran by jesus (2015-11-26 09:20:27) Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) (2010-10-20 22:58:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-642280661-2776801712-2906168080-500 - Administrator - Disabled) Guest (S-1-5-21-642280661-2776801712-2906168080-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-642280661-2776801712-2906168080-1003 - Limited - Enabled) jesus (S-1-5-21-642280661-2776801712-2906168080-1000 - Administrator - Enabled) => C:\Users\jesus ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Antivirus Pro 2012 (Enabled - Up to date) {86971480-9989-6750-B122-681A86518D59} AS: Panda Antivirus Pro 2012 (Enabled - Up to date) {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 10 Plugin (HKLM-x32\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.) Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.) Civilization III Complete Edition (HKLM-x32\...\InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}) (Version: 1.00.0000 - 2K Games) Civilization III Complete Edition (x32 Version: 1.00.0000 - 2K Games) Hidden CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent) HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java(TM) 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle) Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.300 - Sun Microsystems, Inc.) Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: - ) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Panda Antivirus Pro 2012 (HKLM-x32\...\{E55FB276-73C9-4776-AB53-BC028C0509ED}) (Version: 11.01.00 - Panda Security) Panda Antivirus Pro 2012 (x32 Version: 11.01.00 - Panda Security) Hidden Panda Secure Vault 5 (HKLM-x32\...\{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1) (Version: - AceBIT GmbH) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.) QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unity Web Player (HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS) Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.6.18 - Webroot) Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 16-09-2015 12:02:10 Scheduled Checkpoint 25-09-2015 07:23:44 Scheduled Checkpoint 02-10-2015 16:20:15 Scheduled Checkpoint 11-10-2015 12:03:17 Scheduled Checkpoint 22-10-2015 15:14:25 Scheduled Checkpoint 30-10-2015 08:56:06 Scheduled Checkpoint 06-11-2015 11:12:57 Scheduled Checkpoint 13-11-2015 17:02:13 Scheduled Checkpoint 20-11-2015 17:38:33 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2011-12-26 15:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0853BCBE-15A5-459C-A4E3-3ACB508D6E4C} - System32\Tasks\{20DC263C-46BA-4ABC-A950-5C6E39F7E46B} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {100AC843-31E0-4017-B9D1-A759CCE93296} - System32\Tasks\Security Center Update - 894935053 => C:\Users\jesus\AppData\Roaming\Oxdauwyq\keida.exe <==== ATTENTION Task: {11C9626F-7E19-40C3-BBCB-CA7314C9EAE8} - System32\Tasks\Security Center Update - 904127157 => C:\Users\jesus\AppData\Roaming\Ehinfieh\zyovypa.exe <==== ATTENTION Task: {171D5043-B60C-4286-A5A0-A4934FE752A9} - System32\Tasks\{6A734F0B-231E-451C-99DB-38B06018C9E2} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {1DDF310C-4B44-4C5C-B222-C9054490449E} - System32\Tasks\Security Center Update - 107377952 => C:\Users\jesus\AppData\Roaming\Uvloymu\zualha.exe <==== ATTENTION Task: {29496D6F-A74E-484E-9C5A-081585FC129B} - System32\Tasks\{69167B88-85C8-4A6E-BCFB-61FCD976D33D} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {2AFD5A99-5BFC-4D39-A20B-751D7AFDAA2A} - System32\Tasks\{9E6188BB-E24A-4E62-8CAB-A2C2705B3EEA} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {2C387EEA-2FB2-408F-8229-62A66F3BA0F0} - System32\Tasks\Security Center Update - 1958471968 => C:\Users\jesus\AppData\Roaming\Alikuhp\irhim.exe <==== ATTENTION Task: {2F340A9A-A2B6-48BC-A17C-56A3FF5715F6} - System32\Tasks\Security Center Update - 2609764692 => C:\Users\jesus\AppData\Roaming\Ugzogod\orucr.exe <==== ATTENTION Task: {3948E1D4-7486-43B5-85F1-291D4299B544} - System32\Tasks\{5A22C6B9-2ED5-41B7-8D94-FA253F455A67} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {3ADA5AAC-FAE4-4B0E-9D63-191A5BD372A4} - System32\Tasks\Security Center Update - 3756903478 => C:\Users\jesus\AppData\Roaming\Apexen\uvahr.exe <==== ATTENTION Task: {3E0640EF-DF00-4FAC-9660-537A58142AA2} - System32\Tasks\HPCeeScheduleForjesus => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {42D4706C-C755-429F-9B4D-0CE751E6CAA6} - System32\Tasks\Security Center Update - 488650916 => C:\Users\jesus\AppData\Roaming\Ykofzi\deazith.exe <==== ATTENTION Task: {4531857A-E1B7-4604-853C-6142C8890002} - System32\Tasks\Security Center Update - 3276310282 => C:\Users\jesus\AppData\Roaming\Edlawulo\sougz.exe <==== ATTENTION Task: {47E7EA8A-6536-405F-B848-581BF60DD7D6} - System32\Tasks\Security Center Update - 863622112 => C:\Users\jesus\AppData\Roaming\Tewiuw\aferla.exe <==== ATTENTION Task: {5043F24D-3719-4E44-98F1-D0E62D5C15BF} - System32\Tasks\{B85BE9BF-789F-458F-BF16-580907B03E86} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {54A29610-0778-4BCD-B459-A2C071551ADB} - System32\Tasks\Security Center Update - 1322901526 => C:\Users\jesus\AppData\Roaming\Yhrepu\xayki.exe <==== ATTENTION Task: {6294EFF0-BCEC-496A-BABE-9DB3DFE812E4} - System32\Tasks\Security Center Update - 930600146 => C:\Users\jesus\AppData\Roaming\Wavegu\wuwaqi.exe <==== ATTENTION Task: {6350C2E8-BBA1-46A5-AAE4-0E9FB552D897} - System32\Tasks\{6A3C32FC-8C47-49B5-BDA8-5FF3687EB7DF} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {6C92C604-71DF-4B7D-9886-D6C3FCC8CC8A} - System32\Tasks\Security Center Update - 3832951413 => C:\Users\jesus\AppData\Roaming\Itogol\unnela.exe <==== ATTENTION Task: {6FA2CC1D-5AFD-418E-92E3-76025C0832E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {719098D3-14C0-478A-BC49-FFD8A20382A5} - System32\Tasks\{968EA586-0B52-46BE-9440-29056A136D5C} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {74827645-3110-48D3-8F2B-2C4871E9BA83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated) Task: {79A85668-F325-4730-A487-1C093E50FB8D} - System32\Tasks\Security Center Update - 1302573264 => C:\Users\jesus\AppData\Roaming\Tielenvo\evilxi.exe <==== ATTENTION Task: {79CC659B-1FD5-4A07-A3D7-C2ED81A87A9C} - System32\Tasks\Security Center Update - 1003390054 => C:\Users\jesus\AppData\Roaming\Inendoaf\aspumyh.exe <==== ATTENTION Task: {7DEC3A00-9F28-4E98-AE7B-82FDC64BB3C7} - System32\Tasks\Security Center Update - 3234866331 => C:\Users\jesus\AppData\Roaming\Zeysydre\lonow.exe <==== ATTENTION Task: {815C595C-3D4A-48C2-9BB1-BEBD4A468542} - System32\Tasks\Security Center Update - 1366882444 => C:\Users\jesus\AppData\Roaming\Qaevboes\oxsye.exe <==== ATTENTION Task: {8A8273FE-EBB0-4531-8DD5-B4697876EE19} - System32\Tasks\Security Center Update - 2484097505 => C:\Users\jesus\AppData\Roaming\Uhufqio\evkiov.exe <==== ATTENTION Task: {99ADD8D0-5DFA-44CB-B8CB-ACA8D4E73689} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] () Task: {9FE91492-6B0B-4E76-B79F-8B06FDBABB26} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] () Task: {A435DF05-072E-4DBF-B830-98C0B21FCCB1} - System32\Tasks\Security Center Update - 1345039574 => C:\Users\jesus\AppData\Roaming\Teikqiot\ziray.exe <==== ATTENTION Task: {A7BBC2B0-1C28-49FB-A748-538D4869069D} - System32\Tasks\Security Center Update - 3078278498 => C:\Users\jesus\AppData\Roaming\Siinzyy\geynve.exe <==== ATTENTION Task: {AB3B903C-5E08-461C-98DC-C501BE3D9A87} - System32\Tasks\Security Center Update - 2787686042 => C:\Users\jesus\AppData\Roaming\Xasoruu\udziy.exe <==== ATTENTION Task: {ACA04521-1F92-4727-ADDE-6EA194BEA0B9} - System32\Tasks\Security Center Update - 973189518 => C:\Users\jesus\AppData\Roaming\Yzhohavy\dosyfei.exe <==== ATTENTION Task: {B174F380-E881-4A7E-9396-5110C707F9FA} - System32\Tasks\Security Center Update - 1327134039 => C:\Users\jesus\AppData\Roaming\Qywiorsy\iqzew.exe <==== ATTENTION Task: {B2D3BE87-D1C4-4B64-BD4B-A4C43EB52866} - System32\Tasks\Security Center Update - 66968138 => C:\Users\jesus\AppData\Roaming\Amogtat\seibcah.exe <==== ATTENTION Task: {B409316C-8DA6-4DBC-B56F-D53352C95C4B} - System32\Tasks\{9AB901C2-4965-42AE-809B-F6F627935BDF} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {B50EBAA2-66EE-4363-B62A-887B218A45C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {B63768A0-766C-4BC9-A322-4B39618733CD} - System32\Tasks\Security Center Update - 3841101167 => C:\Users\jesus\AppData\Roaming\Nouhwuy\ogylyhe.exe <==== ATTENTION Task: {B8335F4C-4616-4BFF-AF94-77650C9A2210} - System32\Tasks\Security Center Update - 1595370697 => C:\Users\jesus\AppData\Roaming\Ewzolua\bugaovi.exe <==== ATTENTION Task: {BBEDC643-07FB-4ADE-B0FF-3CF493294C25} - System32\Tasks\Security Center Update - 413989723 => C:\Users\jesus\AppData\Roaming\Gaavhao\opapz.exe <==== ATTENTION Task: {BDD1A9D0-8AF4-466B-B3F9-D9E37ADF2542} - System32\Tasks\Security Center Update - 1186375432 => C:\Users\jesus\AppData\Roaming\Wicoiqc\osewhua.exe <==== ATTENTION Task: {C1B59BED-6E44-46A0-B6FD-05BC0F86502D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {CBA05410-649F-4064-8A2F-FF4338C99447} - System32\Tasks\Security Center Update - 3847246625 => C:\Users\jesus\AppData\Roaming\Arlize\vasazoe.exe <==== ATTENTION Task: {D240E60C-6C71-446C-94D7-6D03C83B8B20} - System32\Tasks\{A58291A3-2D20-4BB7-A9A6-69E483D16E6A} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {D3B00729-2861-48A9-8DB5-09C611E1A0FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {DBAD9EA4-A1F8-48F8-A682-F9FB835DDDA3} - System32\Tasks\{17E22E69-BBBC-4677-BEEF-7B1B5903D71F} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {DEB87E1F-0F31-4A4D-8B4B-1B893181EAED} - System32\Tasks\Security Center Update - 125799621 => C:\Users\jesus\AppData\Roaming\Xyzixat\myeby.exe <==== ATTENTION Task: {F49271A5-8E9A-4201-93AE-8D7957830179} - System32\Tasks\{2A926070-6918-49AA-A9AD-2F728DA89E51} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) Task: {F5354D59-093E-460C-A58C-2EC75EE82D2F} - System32\Tasks\{911AF3AA-9EC7-4881-9F5D-A58185731F96} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {F7F0819C-D21A-420D-B3B1-554E221D4701} - System32\Tasks\Security Center Update - 2448523636 => C:\Users\jesus\AppData\Roaming\Exfewuza\byeto.exe <==== ATTENTION Task: {FD90FC44-D2AE-4DA7-9DE5-DD9E65AD0DBB} - System32\Tasks\{0438AD46-769E-472B-9F8D-48EAE7289264} => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Iface.exe [2011-09-12] (Panda Security, S.L.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForjesus.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-01-18 09:21 - 2010-01-18 09:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2009-06-08 15:45 - 2009-06-08 15:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-08-14 15:27 - 2010-08-14 15:27 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-12-26 19:15 - 2007-02-14 13:55 - 00165424 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll 2011-12-26 19:15 - 2004-05-19 11:33 - 00507904 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\libxml2.dll 2011-12-26 19:15 - 2007-02-14 13:55 - 00099888 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APIcr.dll 2010-09-28 14:00 - 2010-09-28 14:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2010-09-28 14:00 - 2010-09-28 14:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2010-09-28 14:00 - 2010-09-28 14:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jesus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= Name: NETGEAR N300 Wireless Router WNR2000v3 Description: NETGEAR N300 Wireless Router WNR2000v3 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (11/26/2015 09:16:51 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError. Error: (11/25/2015 06:29:53 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError. Error: (11/24/2015 08:58:42 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError. Error: (11/24/2015 08:48:31 PM) (Source: AdvisorDock) (EventID: 100) (User: ) Description: Failed to initialize HPAdvisor Error: (11/23/2015 06:24:16 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError. Error: (11/22/2015 05:13:12 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError. Error: (11/20/2015 10:47:03 PM) (Source: Sentinel) (EventID: 31424) (User: ) Description: Unexpected failure scanning file E:\AUTORUN.EXE. If the problem persists, please contact with support. Error: (11/20/2015 05:08:57 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError. Error: (11/20/2015 04:58:56 PM) (Source: ESENT) (EventID: 489) (User: ) Description: taskhost (3692) An attempt to open the file "C:\Users\jesus\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (11/19/2015 07:14:35 PM) (Source: Sentinel) (EventID: 31424) (User: ) Description: Unexpected failure scanning file C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE. If the problem persists, please contact with support. System errors: ============= Error: (11/26/2015 09:07:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error: (11/26/2015 09:07:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error: (11/26/2015 09:06:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Computer Browser service terminated with the following error: %%1060 Error: (11/26/2015 09:06:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error: (11/26/2015 09:06:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error: (11/25/2015 09:12:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Panda On-Access Anti-Malware Service service terminated with the following error: %%1 Error: (11/25/2015 06:20:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error: (11/25/2015 06:20:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error: (11/25/2015 06:19:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Computer Browser service terminated with the following error: %%1060 Error: (11/25/2015 06:19:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 CodeIntegrity: =================================== Date: 2011-12-26 15:07:36.567 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-12-26 15:07:36.489 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 630 Processor Percentage of memory in use: 31% Total physical RAM: 3839.29 MB Available physical RAM: 2637.47 MB Total Virtual: 7676.75 MB Available Virtual: 5979.27 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:686.46 GB) (Free:586.95 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:12.08 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (DISK1) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS Drive f: (USB) (Removable) (Total:14.45 GB) (Free:14.43 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 6E4FFDD1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=686.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 14.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================