Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with ZeroAccess rootkit


  • This topic is locked This topic is locked
40 replies to this topic

#1 Bakersfieldboy

Bakersfieldboy

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 05:21 PM

______________________

 

Here's the Logs:DDS   

 

Follow up from :http://www.bleepingcomputer.com/forums/t/508635/help-i-got-popups-redirects-and-browser-going-crazy/

 

Other logs I ran,was ask to show them....

 

MB rootkit txt is the same as the attach file,not sure why I did it twice.

 

______________________

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.40.2
Run by jacobo at 14:48:17 on 2013-09-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16383.9994 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\vsnp2std.exe
C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\program files (x86)\lyricssay-1\lyricssay-1-bg.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: LyricsSay-1: {11111111-1111-1111-1111-110411151152} - C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Search--NeewTab: {6C8D1329-D1A5-9B8E-A233-816A346BA1F6} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: BrowseFox: {b9507101-e464-4b3b-a4cb-291aaedd94f2} - C:\Program Files (x86)\BrowseFox\BrowseFoxbho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe -s
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [SearchProtection] "C:\Users\jacobo\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [MurGeeMon] C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe :silent
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB3675] command.com /c del "C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll"
uRunOnce: [SpybotDeletingD1765] cmd.exe /c del "C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll"
uRunOnce: [SpybotDeletingB8309] command.com /c del "C:\ProgramData\InstallMate\OptimizerPro\Custom.dll"
uRunOnce: [SpybotDeletingD5316] cmd.exe /c del "C:\ProgramData\InstallMate\OptimizerPro\Custom.dll"
uRunOnce: [SpybotDeletingB6710] command.com /c del "C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll"
uRunOnce: [SpybotDeletingD1484] cmd.exe /c del "C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [tsnp2std] C:\Windows\tsnp2std.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [SpybotDeletingA3396] command.com /c del "C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll"
mRunOnce: [SpybotDeletingC6934] cmd.exe /c del "C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll"
mRunOnce: [SpybotDeletingA6726] command.com /c del "C:\ProgramData\InstallMate\OptimizerPro\Custom.dll"
mRunOnce: [SpybotDeletingC9752] cmd.exe /c del "C:\ProgramData\InstallMate\OptimizerPro\Custom.dll"
mRunOnce: [SpybotDeletingA6339] command.com /c del "C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll"
mRunOnce: [SpybotDeletingC2896] cmd.exe /c del "C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2688B099-615D-4C74-B7B5-E2F6904EA950} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2688B099-615D-4C74-B7B5-E2F6904EA950}\144545438383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{81513402-7786-4A43-A61C-506356C5AE57} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{8C43D351-5977-4714-BDD9-89CBCF862C21} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{C7D98627-A3AF-4FDA-B6F1-F89FBE28AFFA} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: LyricsSay-1: {11111111-1111-1111-1111-110411151152} - C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [pcreg] C:\Program Files\wrapper_inst\service.exe
x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-Run: [snp2std] C:\Windows\vsnp2std.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jacobo\AppData\Roaming\Mozilla\Firefox\Profiles\s31lhp91.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\jacobo\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\jacobo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-10 22:55; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-08-29 18:57; [email protected]; C:\Users\jacobo\AppData\Roaming\Mozilla\Firefox\Profiles\s31lhp91.default\extensions\[email protected]
FF - ExtSQL: 2013-09-04 10:38; {0113D088-8ED1-468C-B225-585A9C53B5E3}; C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
FF - ExtSQL: 2013-09-11 18:53; [email protected]; C:\Users\jacobo\AppData\Roaming\Mozilla\Firefox\Profiles\s31lhp91.default\extensions\[email protected]
FF - ExtSQL: 2013-09-11 18:53; [email protected]; C:\Users\jacobo\AppData\Roaming\Mozilla\Firefox\Profiles\s31lhp91.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2013-08-10 22:55; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-23 70256]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-23 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-16 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-16 361984]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2013-2-6 57952]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-20 92216]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-8 1119768]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-7-17 1025408]
R2 Update BrowseFox;Update BrowseFox;C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe [2013-8-29 206624]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-6-25 632352]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\drivers\dtscsibus.sys [2013-9-3 29696]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-6-2 31232]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-9 38456]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2013-2-6 137096]
S2 CachemanService;Cacheman Service;C:\Program Files (x86)\Cacheman\CachemanServ.exe --> C:\Program Files (x86)\Cacheman\CachemanServ.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-8-7 1315728]
S2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-5-3 20608]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-9-21 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-9-16 22704]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-8-26 14448]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-1-8 1002848]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-8 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-8-25 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-8 57856]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-6-2 759192]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-24 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2013-09-22 20:42:12 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-21 20:25:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-09-21 20:24:45 -------- d-----w- C:\Program Files (x86)\LyricsSay-1
2013-09-21 20:24:37 -------- d-----w- C:\Program Files (x86)\BrowseFox
2013-09-20 20:49:46 271256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-09-17 19:29:10 -------- d-----w- C:\Program Files (x86)\RAR Password Unlocker
2013-09-17 19:13:25 -------- d-----w- C:\Program Files (x86)\Daossoft ZIP Password Recovery
2013-09-17 05:52:25 -------- d-----w- C:\ProgramData\Oracle
2013-09-17 05:52:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-17 05:46:36 -------- d-----w- C:\Users\jacobo\AppData\Local\Adobe
2013-09-16 17:29:53 -------- d-----w- C:\AdwCleaner
2013-09-16 17:06:22 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2013-09-16 17:06:19 110080 ----a-r- C:\Users\jacobo\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconF7A21AF7.exe
2013-09-16 17:06:19 110080 ----a-r- C:\Users\jacobo\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconD7F16134.exe
2013-09-16 17:06:19 110080 ----a-r- C:\Users\jacobo\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\Icon1226A4C5.exe
2013-09-16 17:06:18 -------- d-----w- C:\sh4ldr
2013-09-16 17:06:18 -------- d-----w- C:\Program Files\Enigma Software Group
2013-09-16 17:05:43 -------- d-----w- C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 16:54:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-15 02:19:47 -------- d-----w- C:\ProgramData\vsosdk
2013-09-15 00:54:33 99384 ----a-w- C:\Users\jacobo\AppData\Roaming\inst.exe
2013-09-15 00:54:33 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2013-09-15 00:54:33 82816 ----a-w- C:\Users\jacobo\AppData\Roaming\pcouffin.sys
2013-09-15 00:54:30 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll
2013-09-15 00:54:30 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2013-09-15 00:54:30 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll
2013-09-15 00:54:30 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll
2013-09-15 00:54:30 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll
2013-09-15 00:54:30 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2013-09-15 00:54:29 1645320 ----a-w- C:\Windows\gdiplus.dll
2013-09-15 00:54:29 -------- d-----w- C:\Program Files (x86)\VSO
2013-09-13 06:06:32 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3
2013-09-12 01:59:43 -------- d-----w- C:\Program Files (x86)\Steam
2013-09-12 01:53:45 -------- d-----w- C:\ProgramData\SummerSoft
2013-09-12 01:53:38 -------- d-----w- C:\Users\jacobo\AppData\Local\WeatherBug
2013-09-12 01:53:35 -------- d-----w- C:\Users\jacobo\AppData\Roaming\WeatherBug
2013-09-12 01:53:33 -------- d-----w- C:\Program Files (x86)\AWS
2013-09-12 01:51:18 -------- d-----w- C:\ProgramData\InstallMate
2013-09-12 01:49:24 -------- d-----w- C:\Users\jacobo\AppData\Local\Macromedia
2013-09-11 23:53:06 -------- d-----w- C:\ProgramData\Tunngle
2013-09-10 03:15:59 -------- d-----w- C:\Users\jacobo\AppData\Local\PAYDAY 2
2013-09-09 16:06:37 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D9F63C2-9D55-4DD8-91BB-5D199A25B918}\offreg.dll
2013-09-09 15:54:04 -------- d-----w- C:\New folder
2013-09-09 15:04:34 -------- d-----w- C:\Program Files (x86)\PAYDAY 2
2013-09-07 21:17:52 -------- d-----w- C:\Program Files (x86)\EA Games
2013-09-07 01:41:11 -------- d-----w- C:\Users\jacobo\AppData\Roaming\The Creative Assembly
2013-09-07 01:13:27 -------- d-----w- C:\Program Files (x86)\Total War ROME II
2013-09-06 23:38:09 -------- d-----w- C:\Program Files (x86)\TML-Studios
2013-09-06 11:20:47 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D9F63C2-9D55-4DD8-91BB-5D199A25B918}\mpengine.dll
2013-09-04 21:38:58 -------- d-----w- C:\Program Files (x86)\X-Motor Racing Demo
2013-09-04 19:46:53 -------- d-----w- C:\Program Files (x86)\Eutechnyx
2013-09-04 17:39:32 -------- d-----w- C:\Program Files (x86)\dumps
2013-09-04 17:38:18 -------- d-----w- C:\Users\jacobo\AppData\Local\DTClient
2013-09-04 17:38:18 -------- d-----w- C:\Users\jacobo\AppData\Local\avgchrome
2013-09-04 17:26:12 -------- d-----w- C:\Program Files (x86)\Source-Hacks.Com
2013-09-03 17:49:59 -------- d-----w- C:\ProgramData\Codemasters
2013-09-03 17:49:58 -------- d-----w- C:\ProgramData\Steam
2013-09-03 17:36:49 -------- d-----w- C:\Program Files (x86)\GRID 2
2013-09-03 17:28:39 29696 ----a-w- C:\Windows\System32\drivers\dtscsibus.sys
2013-09-03 17:28:37 -------- d-----w- C:\Users\jacobo\AppData\Roaming\DAEMON Tools Ultra
2013-09-03 17:28:33 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Ultra
2013-09-03 17:26:23 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra
2013-09-02 21:14:59 -------- d-----w- C:\Users\jacobo\AppData\Local\CyberLink
2013-09-02 21:14:57 -------- d-----w- C:\Users\jacobo\AppData\Local\PowerCinema
2013-09-02 15:30:25 -------- d-----w- C:\Crash
2013-08-30 21:51:05 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-08-29 20:26:21 -------- d-----w- C:\ProgramData\DriverGenius
2013-08-29 20:11:42 -------- d-----w- C:\Users\jacobo\AppData\Roaming\SoftGrid Client
2013-08-29 20:11:42 -------- d-----w- C:\Users\jacobo\AppData\Local\SoftGrid Client
2013-08-29 20:10:59 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-08-29 20:10:52 -------- d-----w- C:\Users\jacobo\AppData\Roaming\TP
2013-08-29 01:29:56 328704 ----a-w- C:\Windows\System32\vsnp2std.dll
2013-08-29 01:29:55 83968 ----a-w- C:\Windows\System32\csnp2std.dll
2013-08-29 01:29:55 675840 ----a-w- C:\Windows\vsnp2std.exe
2013-08-29 01:29:55 32896 ----a-w- C:\Windows\System32\drivers\sncamd.sys
2013-08-29 01:29:55 12296704 ----a-w- C:\Windows\System32\drivers\snp2sxp.sys
2013-08-29 01:29:54 249856 ----a-w- C:\Windows\SysWow64\vsnp2std.dll
2013-08-29 01:29:54 24832 ----a-w- C:\Windows\SysWow64\drivers\sncamd.sys
2013-08-29 01:29:54 151552 ----a-w- C:\Windows\SysWow64\rsnp2std.dll
2013-08-29 01:29:54 12006784 ----a-w- C:\Windows\SysWow64\drivers\snp2sxp.sys
2013-08-29 01:29:54 -------- d-----w- C:\Program Files (x86)\Common Files\snp2std
2013-08-29 01:28:39 -------- d-----w- C:\Program Files (x86)\PC Camer@
2013-08-29 01:28:39 -------- d-----w- C:\Program Files (x86)\Common Files\PAC207
2013-08-29 01:00:04 97832 ----a-w- C:\Windows\SysWow64\drivers\STV680.SYS
2013-08-29 01:00:04 9728 ----a-w- C:\Windows\SysWow64\VIMG.DLL
2013-08-29 01:00:04 9328 ----a-w- C:\Windows\SysWow64\STV680SG.DRV
2013-08-29 01:00:04 69632 ----a-w- C:\Windows\SysWow64\STV680CP.DLL
2013-08-29 01:00:04 430080 ----a-w- C:\Windows\SysWow64\STVCOL.DLL
2013-08-29 01:00:04 36864 ----a-w- C:\Windows\SysWow64\STV680TG.DLL
2013-08-29 01:00:04 36864 ----a-w- C:\Windows\SysWow64\STV680SL.DLL
2013-08-29 01:00:04 217088 ----a-w- C:\Windows\SysWow64\STV680U.DLL
2013-08-29 01:00:03 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2013-08-29 01:00:03 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2013-08-29 01:00:03 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2013-08-29 01:00:03 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2013-08-29 00:57:40 65296 ----a-w- C:\Windows\SysWow64\stisvc.exe
2013-08-29 00:57:40 147456 ----a-w- C:\Windows\VMCap.exe
2013-08-29 00:57:39 91060 ----a-w- C:\Windows\SysWow64\drivers\usbVM31b.sys
2013-08-29 00:57:39 61440 ----a-w- C:\Windows\SysWow64\VM31bSTI.dll
2013-08-29 00:57:39 53248 ----a-w- C:\Windows\StillCap.exe
2013-08-29 00:57:39 49152 ----a-w- C:\Windows\amcap.exe
2013-08-29 00:57:39 39776 ----a-w- C:\Windows\SysWow64\drivers\stream.sys
2013-08-29 00:57:39 307200 ----a-w- C:\Windows\vidcap32.Exe
2013-08-29 00:57:39 159799 ----a-w- C:\Windows\SysWow64\VM31bPrp.Ax
2013-08-29 00:57:39 -------- d-----w- C:\Program Files (x86)\Vimicro
2013-08-29 00:57:25 -------- d-----w- C:\250-3121
2013-08-29 00:55:22 -------- d-----w- C:\Program Files (x86)\PC VGA Camera
2013-08-29 00:43:34 -------- d-----w- C:\Windows\PAC7311
2013-08-29 00:42:41 -------- d-----w- C:\Windows\Downloaded Installations
2013-08-29 00:19:02 -------- d-----w- C:\Windows\PixArt
2013-08-28 16:04:05 -------- d-----w- C:\Users\jacobo\AppData\Local\Kobo
2013-08-27 01:28:19 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2013-08-27 01:28:19 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-08-27 01:28:19 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2013-08-27 01:27:26 -------- d-----w- C:\ProgramData\Sony Ericsson
2013-08-27 01:27:01 -------- d-----w- C:\Program Files (x86)\Sony Ericsson
2013-08-25 16:49:24 -------- d-----w- C:\Program Files (x86)\Sony
.
==================== Find3M  ====================
.
2013-09-20 08:26:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 08:26:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-17 05:51:59 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-17 05:51:59 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-18 22:08:26 32768 ----a-w- C:\Windows\SysWow64\asteriskie.exe
2013-08-18 05:25:32 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-08-18 05:25:32 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-08-18 05:23:32 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-08-18 04:59:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-08-18 04:59:49 840264 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2013-08-07 11:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 14:48:38.88 ===============
 

.
 ****************************************************************************************************************************************************************

****************************************************************************************************************************************************************

*****************************************************************************************************************************************************************

 

.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2013 8:28:17 AM
System Uptime: 9/20/2013 3:07:19 PM (47 hours ago)
.
Motherboard: FOXCONN |  | 2AB1
Processor: AMD Athlon™ II X4 640 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 321.987 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.585 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM (UDF)
I: is CDROM (CDFS)
J: is CDROM (CDFS)
K: is CDROM (CDFS)
L: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP194: 9/19/2013 11:13:46 AM - Scheduled Checkpoint
RP195: 9/20/2013 2:01:18 PM - Windows Modules Installer
RP196: 9/20/2013 10:10:30 PM - HPSF Restore Point
RP197: 9/22/2013 12:50:38 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
 Leawo Video Converter Ultimate version  4.0.0.0
µTorrent
«Dishonored»  1.0
1600
1600_Help
1600Trb
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
7-Zip 9.21
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Agatha Christie - Peril at End House
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Aliens vs. Predator
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD OverDrive
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Amnesia - The Dark Descent
ArmA 2 Free Uninstall
Battlefield 3™
Battlelog Web Plugins
Bejeweled 2 Deluxe
Belarc Advisor 8.3
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
BrowseFox 3.0.0
BufferChm
Build-a-lot 2
Cain & Abel 4.9.46
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.3
Chuzzle Deluxe
City Bus Simulator 2010 - New York
ConvertXtoDVD 3.0.0.1
Copy
Core Temp 1.0 RC4
CPUID CPU-Z 1.63.0
Crysis®3
CyberLink DVD Suite Deluxe
DAEMON Tools Lite
DAEMON Tools Ultra
Daossoft ZIP Password Recovery 7.0.0.1
Dark Souls Prepare to Die Edition
DefianceRuntimes
Demigod
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DiskCheckup v3.1
DisplayFusion 5.1
DocProc
Dora's World Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
EA Installer
EA Shared Game Component: Activation
Earth Defense Force Insect Armageddon
Escape Rosecliff Island
ESN Sonar
EVE Online (remove only)
Far Cry 3 3.1.0.3
Farm Frenzy
FATE
Fax
Final Drive Nitro
Firefall
Fraps
Freelancer
FTL version 1.01
Geeks3D.com FurMark 1.10.6
Google Chrome
GPBaseService2
GRID 2 © Codemasters version 1
Happy Cloud Client
HD Tune 2.55
Heaven Benchmark version 4.0
Heroes of Hellas 2 - Olympia
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Game Console
HP Games
HP Imaging Device Functions 13.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MovieStore
HP Odometer
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Product Detection
HP Setup
HP Setup Manager
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hulu Desktop
Human Head demo by NVIDIA (remove only)
iCam 322
Impulse
Java 7 Update 17 (64-bit)
Java 7 Update 40
Java Auto Updater
Jewel Quest Solitaire 2
JFK Reloaded 1.1
Kid's Digital Camera Drivers
Kobo
LabelPrint
Labyrinth version 1.1
League of Legends
LightScribe System Software
LogMeIn Hamachi
LyricsSay-1
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Mass Effect 2
MechWarrior 4 Mercenaries
Medialink MWN-USB150N
Men of War: Assault Squad - Game of the year (Remove Only)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual C++ Run Time  Lib Setup
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft XNA Framework Redistributable 4.0
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.3.1
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MurGeeMon 1.8
Mystery P.I. - The London Caper
MyTomTom 3.2.0.1116
NASCAR SimRacing Demo
NASCAR The Game 2013
NASCAR® Racing 4 Demo
Need for Speed Most Wanted
Need For Speed™ World
Network64
Neverwinter
NVIDIA PhysX
OCR Software by I.R.I.S. 13.0
OpenAL
Origin
PAYDAY 2
PC Camer@
PC VGA Camera
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Planetside
PlanetSide 2
PlanetSide 2 Live Test
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Portal 2 by CSmania.RU
Power2Go
PowerDirector
PressReader
PunkBuster Services
RadeonPro 1.0 (Build 1.1.1.0)
Ralink RT2860 Wireless LAN Card
Raptr
RAR Password Unlocker 4.2.0.0
Razer Game Booster
Realtek High Definition Audio Driver
Recovery Manager
Republic at War 1.1
Republic at War 1.1.5
Resource Hacker Version 3.6.0
RIFT
ROR StarWars BattleFront II NODVD + Keygen 1.0
RoxioNow Player
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
Scan
Search Protection
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shop for HP Supplies
Skype Click to Call
Skype™ 6.6
SmartWebPrinting
SolutionCenter
Sony Ericsson Update Engine
Sony PC Companion 2.10.174
Spybot - Search & Destroy
SpyHunter
Star Wars: The Old Republic
StarCraft II
Status
Steam
swMSM
TeamSpeak 3 Client
TERA
Tombraider
Toolbox
tools-windows
Total War ROME II
TrayApp
Tunngle beta
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Zip Opener
USB Vibration Joystick
USB2.0 PC Camera (SN9C201&202)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.5
VMware Player
VMwarePlayer_x64
War Thunder Launcher 1.0.1.199
WeatherBug
WebReg
Wheel of Fortune 2
Windows Live ID Sign-in Assistant
Windows Remote Service
WinPcap 4.1.3
Wireshark 1.10.1 (64-bit)
World of Tanks
X-Motor Racing Demo
X3 Reunion
XCOM: Enemy Unknown
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
9/22/2013 1:52:29 PM, Error: mbamchameleon [61703]  -
9/20/2013 3:11:01 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
9/20/2013 3:11:01 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
9/20/2013 3:10:48 PM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
9/20/2013 3:10:45 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  papycpu papyjoy
9/20/2013 3:09:51 PM, Error: Service Control Manager [7003]  - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
9/20/2013 3:09:40 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the RadeonPro Support Service service to connect.
9/20/2013 3:09:40 PM, Error: Service Control Manager [7000]  - The RadeonPro Support Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/20/2013 3:09:01 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/20/2013 3:08:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the DisplayFusionService service to connect.
9/20/2013 3:08:48 PM, Error: Service Control Manager [7000]  - The DisplayFusionService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/20/2013 3:08:18 PM, Error: Service Control Manager [7000]  - The Cacheman Service service failed to start due to the following error:  The system cannot find the file specified.
9/20/2013 3:08:16 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
9/20/2013 3:07:32 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\papyjoy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/20/2013 3:07:32 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\papycpu.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/20/2013 2:18:57 PM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
9/18/2013 2:40:50 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
*********************************************************************************************

********************************************************************************************

***********************************************************************************************

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
jacobo :: JACOBO-HP [administrator]

9/22/2013 1:42:15 PM
mbar-log-2013-09-22 (13-42-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 235452
Time elapsed: 18 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙ (Trojan.0Access) -> No action taken.
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> No action taken.
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ (Trojan.0Access) -> No action taken.
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216} (Trojan.0Access) -> No action taken.
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\L (Trojan.0Access) -> No action taken.
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\U (Trojan.0Access) -> No action taken.
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216} (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\    (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \... (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛ (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216} (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\l (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\u (Trojan.0Access) -> No action taken.
C:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216} (Trojan.0Access) -> No action taken.

Files Detected: 7
C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\U\00000001.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\U\00000002.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\U\80000000.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\U\80000001.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\U\800000cb.@ (Trojan.0Access) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
jacobo :: JACOBO-HP [administrator]

9/22/2013 1:37:09 PM
mbam-log-2013-09-22 (13-37-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 549021
Time elapsed: 1 hour(s), 15 minute(s), 22 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bg.exe (PUP.Optional.Lyrics.A) -> 3792 -> No action taken.
C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> 2712 -> No action taken.

Memory Modules Detected: 2
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho.dll (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFoxBHO.dll (PUP.Optional.BrowseFox.A) -> No action taken.

Registry Keys Detected: 28
HKCR\CLSID\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440444154452} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550455155552} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\CrossriderApp0041552.BHO.1 (PUP.Optional.Lyrics.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\CLSID\{b9507101-e464-4b3b-a4cb-291aaedd94f2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\TypeLib\{006232f7-dbd6-4631-84e8-66ea161b43c4} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\Interface\{BB9817CA-9B43-41EB-8706-44847957338D} (PUP.Optional.BrowseFox.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B58DA926-EAFD-5CC3-DCDD-BE50FCECDF7C} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseFox (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CrossriderApp0041552.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0041552.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0041552.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCU\Software\InstalledBrowserExtensions\Lyrics (PUP.Optional.Lyrics.A) -> No action taken.
HKLM\Software\LyricsSay-1 (PUP.Optional.LyricsSay.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LyricsSay-1 (PUP.Optional.LyricsSay.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Program Files (x86)\BrowseFox (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1 (PUP.Optional.LyricsSay.A) -> No action taken.

Files Detected: 66
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bg.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho.dll (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho64.dll (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFoxBHO.dll (PUP.Optional.BrowseFox.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\sprotector.dll.vir (PUP.Optional.SProtect.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\ProgramData\Search--NeewTab\Eegbzw_KLcA.exe.vir (PUP.Optional.MultiPlug.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\ProgramData\Search--NeewTab\F_qSxk3hd7.dll.vir (PUP.Optional.MultiPlug.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Bundled software uninstaller\bi_client.exe.vir (PUP.Optional.Somoto.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\chLogic.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\ctbe.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\ffLogic.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\ieLogic.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\spch.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\spff.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\statisticsStub.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jacobo\AppData\Local\Temp\CT3310511\stub.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\wrapper_inst\service.exe (PUP.Optional.Chatzum) -> No action taken.
C:\Program Files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\utils.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\ProgramData\InstallMate\{68503D80-99C9-4F34-ADDF-D1EBB3B31F76}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\InstallMate\{68503D80-99C9-4F34-ADDF-D1EBB3B31F76}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\jacobo\Downloads\Download_Planetary_Annihilation_–_2013_–_[PC_MAC]_downloader_us_99280.exe (PUP.Optional.GoForFiles.A) -> No action taken.
C:\Users\jacobo\Downloads\installer_nascar_the_game_2013_steam_English.exe (PUP.Optional.VIT) -> No action taken.
C:\Users\jacobo\Downloads\PAYDAY 2 Steamworks Fix Proper V3 RVTFiX.exe (PUP.Optional.Installrex) -> No action taken.
C:\Users\jacobo\Downloads\Pwddis.exe (PUP.PasswordSpy) -> No action taken.
C:\Users\jacobo\Downloads\SoftonicDownloader_for_americas-army.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\jacobo\Downloads\SoftonicDownloader_for_tunngle.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\jacobo\Downloads\Spybot%20Search%20&%20Destroy.exe (PUP.Optional.Firseria) -> No action taken.
C:\Windows\System32\asteriskie.exe (PUP.PSWTool.Asterisk) -> No action taken.
C:\Windows\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Windows\Tasks\schedule!3036567561.job (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\updateBrowseFox.InstallState (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFox.Common.dll (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFox.ico (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFoxUninstall.exe (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\ppdjnkblmcjfnlogjjhpigpdgpcgdpll.crx (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\sqlite3.exe (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-chromeinstaller.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-codedownloader.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-enabler.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-firefoxinstaller.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-updater.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\jacobo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\41552.crx (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\41552.xpi (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\background.html (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\Installer.log (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.dll (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.dll (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-helper.exe (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1.ico (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\Uninstall.exe (PUP.Optional.LyricsSay.A) -> No action taken.

(end)

++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/22/2013 01:39:47 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Possibly Patched Files.

 * C:\Windows\Explorer.EXE

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\   \...\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\ [ZA Dir]
     * C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\ [ZA Dir]
     * C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\ [ZA Dir]
     * C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
     * C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
     * C:\Users\jacobo\AppData\Local\Google\Desktop\Install\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{7a467fc9-2f04-2792-fc66-958fd4f0b216}\ [ZA Dir]

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * PcaSvc [Missing Service]
 * PolicyAgent [Missing Service]
 * RemoteAccess [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * C:\Windows\explorer.exe : 2,871,808 : 02/24/2011 11:19 PM : 80c62dd6e4282a7bfd2309c5c84786c6 [NoSig]
 +-> C:\Windows\SysWOW64\explorer.exe : 2,616,320 : 02/24/2011 10:30 PM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/13/2009 06:39 PM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2,868,224 : 01/09/2011 00:01 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe : 2,868,736 : 01/09/2011 00:02 AM : 6d4f9e4b640b413c6f73414327484c80 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2,870,272 : 01/09/2011 00:03 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe : 2,870,272 : 02/25/2011 11:23 PM : 0862495e0c825893db75ef44faea8e93 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2,868,224 : 01/09/2011 00:01 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe : 2,868,736 : 01/09/2011 00:02 AM : ca17f8620815267dc838e30b68cb5052 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2,870,272 : 01/09/2011 00:03 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe : 2,870,784 : 02/25/2011 11:26 PM : e38899074d4951d31b4040e994dd7c8d [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2,872,320 : 11/20/2010 06:24 AM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2,871,808 : 02/24/2011 11:19 PM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2,871,808 : 02/25/2011 11:14 PM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/13/2009 06:14 PM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2,613,248 : 01/09/2011 00:01 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe : 2,613,248 : 01/09/2011 00:02 AM : fc89faca0473641cb625eda9277d0885 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2,614,272 : 01/09/2011 00:03 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe : 2,614,784 : 02/25/2011 10:33 PM : 2af58d15edc06ec6fdacce1f19482bbf [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2,613,248 : 01/09/2011 00:01 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe : 2,613,248 : 01/09/2011 00:02 AM : 00b0358734caa32c39d181fe6916b178 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2,614,272 : 01/09/2011 00:03 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe : 2,614,784 : 02/25/2011 10:51 PM : 255cf508d7cfb10e0794d6ac93280bd8 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2,616,320 : 11/20/2010 05:17 AM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2,616,320 : 02/24/2011 10:30 PM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2,616,320 : 02/25/2011 10:19 PM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com

  20 out of 15299 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 09/22/2013 01:40:16 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)

 

+++++++++++++++++

++++++++++++++++

Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Avira Desktop  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 40 
 Java version out of Date!
 Adobe Flash Player 11.8.800.168 
 Mozilla Firefox (24.0)
 Google Chrome 29.0.1547.66 
 Google Chrome 29.0.1547.76 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++++++++++++++

Farbar Service Scanner Version: 13-09-2013
Ran by jacobo (administrator) on 22-09-2013 at 13:32:24
Running from "C:\Users\jacobo\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is offline
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 AM

Posted 22 September 2013 - 06:02 PM





Hello Bakersfieldboy

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 09:13 PM

not sure whats going on but it want let me paste the log or attach it any ideas


Edited by Bakersfieldboy, 22 September 2013 - 09:17 PM.


#4 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 09:18 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-09-2013
Ran by jacobo at 2013-09-22 17:24:05
Running from C:\Users\jacobo\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

 Leawo Video Converter Ultimate version  4.0.0.0 (x32)
«Dishonored»  1.0 (x32 Version: 1.0)
µTorrent (HKCU Version: 3.3.1.30017)
1600 (x32 Version: 130.0.365.000)
1600_Help (x32 Version: 82.0.242.000)
1600Trb (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
7-Zip 9.21 (x32 Version: 9.21.00.0)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
Aliens vs. Predator (x32)
AMD Accelerated Video Transcoding (Version: 12.10.100.30416)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0416.1036.17145)
AMD Media Foundation Decoders (Version: 1.0.80416.1032)
AMD OverDrive (x32 Version: 4.2.6.0638)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2013.0416.1036.17145)
Amnesia - The Dark Descent  (x32 Version: 1.2.1)
ArmA 2 Free Uninstall (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Belarc Advisor 8.3 (x32 Version: 8.3.2.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.0.5350)
Bounce Symphony (x32 Version: 2.2.0.95)
BrowseFox 3.0.0 (Version: 3.0.0)
BufferChm (x32 Version: 130.0.331.000)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cain & Abel 4.9.46 (x32)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.1036.17145)
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.1036.17145)
Catalyst Control Center Localization All (x32 Version: 2013.0416.1036.17145)
CCC Help Chinese Standard (x32 Version: 2013.0416.1035.17145)
CCC Help Chinese Traditional (x32 Version: 2013.0416.1035.17145)
CCC Help Czech (x32 Version: 2013.0416.1035.17145)
CCC Help Danish (x32 Version: 2013.0416.1035.17145)
CCC Help Dutch (x32 Version: 2013.0416.1035.17145)
CCC Help English (x32 Version: 2013.0416.1035.17145)
CCC Help Finnish (x32 Version: 2013.0416.1035.17145)
CCC Help French (x32 Version: 2013.0416.1035.17145)
CCC Help German (x32 Version: 2013.0416.1035.17145)
CCC Help Greek (x32 Version: 2013.0416.1035.17145)
CCC Help Hungarian (x32 Version: 2013.0416.1035.17145)
CCC Help Italian (x32 Version: 2013.0416.1035.17145)
CCC Help Japanese (x32 Version: 2013.0416.1035.17145)
CCC Help Korean (x32 Version: 2013.0416.1035.17145)
CCC Help Norwegian (x32 Version: 2013.0416.1035.17145)
CCC Help Polish (x32 Version: 2013.0416.1035.17145)
CCC Help Portuguese (x32 Version: 2013.0416.1035.17145)
CCC Help Russian (x32 Version: 2013.0416.1035.17145)
CCC Help Spanish (x32 Version: 2013.0416.1035.17145)
CCC Help Swedish (x32 Version: 2013.0416.1035.17145)
CCC Help Thai (x32 Version: 2013.0416.1035.17145)
CCC Help Turkish (x32 Version: 2013.0416.1035.17145)
ccc-utility64 (Version: 2013.0416.1036.17145)
CCleaner (Version: 3.28)
Cheat Engine 6.3 (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
City Bus Simulator 2010 - New York (x32 Version: 1.3)
ConvertXtoDVD 3.0.0.1 (x32 Version: 3.0.0.1)
Copy (x32 Version: 130.0.428.000)
Core Temp 1.0 RC4 (Version: 1.0)
CPUID CPU-Z 1.63.0
Crysis®3 (x32 Version: 1.0.0.0)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
DAEMON Tools Ultra (x32 Version: 1.1.0.0103)
Daossoft ZIP Password Recovery 7.0.0.1 (x32 Version: 7.0.0.1)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130)
DefianceRuntimes (x32 Version: 1.0.2)
Demigod (x32 Version: 1.00)
Demigod (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DiskCheckup v3.1 (x32 Version: 3.1.1007)
DisplayFusion 5.1 (x32 Version: 5.1.0.0)
DocProc (x32 Version: 13.0.0.0)
Dora's World Adventure (x32 Version: 2.2.0.95)
Dropbox (HKCU Version: 2.0.26)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
EA Installer (x32 Version: 2.2.0.62)
EA Shared Game Component: Activation (x32 Version: 2.2.0)
EA Shared Game Component: Activation (x32 Version: 2.2.0.62)
Earth Defense Force Insect Armageddon (x32)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
ESN Sonar (x32 Version: 0.70.4)
EVE Online (remove only) (x32)
Far Cry 3 3.1.0.3 (x32 Version: 3.1.0.3)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Fax (x32 Version: 130.0.418.000)
Final Drive Nitro (x32 Version: 2.2.0.95)
Firefall (x32)
Fraps (x32)
Freelancer (x32)
FTL version 1.01 (x32 Version: 1.01)
Geeks3D.com FurMark 1.10.6 (x32)
Google Chrome (x32 Version: 29.0.1547.76)
GPBaseService2 (x32 Version: 130.0.371.000)
GRID 2 © Codemasters version 1 (x32 Version: 1)
Happy Cloud Client (HKCU Version: 1.374)
HD Tune 2.55 (x32)
Heaven Benchmark version 4.0 (x32 Version: 4.0)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart DVD (x32 Version: 4.2.4725)
HP MediaSmart Music (x32 Version: 4.2.4517)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MovieStore (x32 Version: 1.0.027)
HP MovieStore (x32 Version: 2.0.2)
HP Odometer (x32 Version: 2.10.0000)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Product Detection (x32 Version: 11.15.0007)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version: 5.1.8.12)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.005.000.002)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Hulu Desktop (HKCU Version: 0.9.14)
Human Head demo by NVIDIA (remove only) (x32)
iCam 322 (x32 Version: 1.00.000)
Impulse (x32 Version: 1.0)
Impulse (x32)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
JFK Reloaded 1.1 (x32 Version: 1.1)
Kid's Digital Camera Drivers (x32)
Kobo (x32 Version: 1.6)
LabelPrint (x32 Version: 2.5.3130)
Labyrinth version 1.1 (x32 Version: 1.1)
League of Legends (x32 Version: 1.3)
LightScribe System Software (x32 Version: 1.18.20.1)
LogMeIn Hamachi (x32 Version: 2.1.0.296)
LyricsSay-1 (x32 Version: 1.28.153.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Mass Effect 2 (x32 Version: 1.2.1604.0)
MechWarrior 4 Mercenaries (x32)
Medialink MWN-USB150N (x32 Version: 1.00.0000)
Men of War: Assault Squad - Game of the year (Remove Only) (x32 Version: 2.0.11.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Game Studios Common Redistributables Pack 1 (x32 Version: 1.0.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ Run Time  Lib Setup (x32 Version: 1.0.0)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XML Parser (x32 Version: 8.20.8730.4)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MurGeeMon 1.8 (x32 Version: 1.8)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
MyTomTom 3.2.0.1116 (x32 Version: 3.2.0.1116)
NASCAR SimRacing Demo (x32)
NASCAR The Game 2013 (x32)
NASCAR® Racing 4 Demo (x32)
Need for Speed Most Wanted (x32)
Need For Speed™ World (x32 Version: 1.0.0.1516)
Network64 (Version: 130.0.572.000)
Neverwinter (x32)
NVIDIA PhysX (x32 Version: 9.12.1031)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenAL (x32)
Origin (x32 Version: 9.1.15.109)
PAYDAY 2 (x32)
PC Camer@  (x32 Version: 1.0.4.9)
PC VGA Camera (x32 Version: 1.0.1.49)
PDF Complete Special Edition (x32 Version: 4.0.9)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
PictureMover (x32 Version: 3.5.0.33)
Planetside (HKCU Version: 1.0.3.183)
PlanetSide 2 (HKCU Version: 1.0.3.183)
PlanetSide 2 Live Test (HKCU Version: 1.0.3.183)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Portal 2 by CSmania.RU (x32)
Power2Go (x32 Version: 6.1.4329)
PowerDirector (x32 Version: 8.0.3129)
PressReader (x32 Version: 5.10.1102.0)
PunkBuster Services (x32 Version: 0.993)
RadeonPro 1.0 (Build 1.1.1.0) (x32)
Ralink RT2860 Wireless LAN Card (x32)
Raptr (x32)
RAR Password Unlocker 4.2.0.0 (x32)
Razer Game Booster (x32 Version: 3.7)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Recovery Manager (x32 Version: 5.5.3219)
Republic at War 1.1 (x32)
Republic at War 1.1.5 (x32 Version: 1.1.5)
Resource Hacker Version 3.6.0 (x32)
RIFT (HKCU)
ROR StarWars BattleFront II NODVD + Keygen 1.0 (x32 Version: 1.0)
RoxioNow Player (x32 Version: 1.9.5.101)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (x32 Version: 1.6.02)
Scan (x32 Version: 13.0.0.0)
Search Protection (HKCU Version: 7.5.0.1)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Sony Ericsson Update Engine (x32 Version: 2.13.9.201308081522)
Sony PC Companion 2.10.174 (x32 Version: 2.10.174)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SpyHunter (Version: 4.15.1.4270)
Star Wars: The Old Republic (x32 Version: 1.00)
StarCraft II (x32 Version: 2.0.11.26825)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (x32 Version: 3.0.11)
TERA (HKCU)
Tombraider (x32)
Toolbox (x32 Version: 130.0.648.000)
tools-windows (x32 Version: 9.2.0.812388)
Total War ROME II (x32 Version: 1)
TrayApp (x32 Version: 130.0.422.000)
Tunngle beta (x32)
Unity Web Player (HKCU Version: )
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Zip Opener (HKCU)
USB Vibration Joystick (x32 Version: v3.70)
USB2.0 PC Camera (SN9C201&202) (x32 Version: 5.7.12.205_WHQL)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
VLC media player 2.0.5 (x32 Version: 2.0.5)
VMware Player (x32 Version: 5.0.0)
VMwarePlayer_x64 (Version: 5.0.0)
War Thunder Launcher 1.0.1.199 (x32)
WeatherBug (x32 Version: 7.0.0.11)
WebReg (x32 Version: 130.0.132.017)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Remote Service (Version: 1.2.9)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
Wireshark 1.10.1 (64-bit) (x32 Version: 1.10.1)
World of Tanks (x32)
X3 Reunion (x32 Version: 12)
XCOM: Enemy Unknown (x32)
X-Motor Racing Demo (x32)
Zinio Reader 4 (x32 Version: 4.0.3184)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

19-09-2013 18:13:46 Scheduled Checkpoint
20-09-2013 21:01:18 Windows Modules Installer
21-09-2013 05:10:30 HPSF Restore Point
22-09-2013 19:50:38 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-09-04 10:15 - 00444830 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {034CD6C9-90C6-4775-90C3-715735A37973} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] ()
Task: {06DE7305-B680-4053-83F9-0E19AFD235FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {12DD87A3-722B-4676-91B5-87366A1BC919} - System32\Tasks\LyricsSay-1-chromeinstaller => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe [2013-09-21] (Lyrics)
Task: {17602F61-66B4-4429-B86D-64D57C19F1AB} - System32\Tasks\LyricsSay-1-updater => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe [2013-09-21] (Lyrics)
Task: {21865D3E-5AD3-4BAC-A814-D9DB57C42418} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-06-05] ()
Task: {2AFD8BE5-4342-42D2-BEB1-2ED7C66C20E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {3AFB575E-75CB-41CC-8483-867D604725C7} - System32\Tasks\PcRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe
Task: {3B724FCD-A725-47E9-BD06-C840BD834989} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
Task: {62AAF17A-B2F8-430D-BE74-287225838E57} - System32\Tasks\Test TimeTrigger => C:\Users\jacobo\AppData\Local\Temp\Runner.exe
Task: {69D15AC5-484C-425F-B47E-8317DC654CF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {7380BC6B-F67E-4CBD-8C2B-E2DFEB636354} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {771EFBEF-21D8-4215-9C4E-D7F42169F1CA} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-19] (CyberLink)
Task: {7C588486-BFD1-458A-B601-4E97D471AAEC} - System32\Tasks\HPCeeScheduleForJACOBO-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {7EEB7CED-154F-405D-BB65-BE51985B6C1B} - System32\Tasks\LyricsSay-1-firefoxinstaller => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe [2013-09-21] (Lyrics)
Task: {833656B6-DB28-4735-82CB-F479ADA44F38} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe [2013-08-16] ()
Task: {8B10493D-536C-40C4-BB6F-202192A312C2} - System32\Tasks\LyricsSay-1-enabler => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe [2013-09-21] (Lyrics)
Task: {8FEBAA99-0BE5-4F9D-B40B-5210F49E9244} - System32\Tasks\TopArcadeHits => C:\Users\jacobo\AppData\Local\TopArcadeHits\updater.exe
Task: {A81BDD46-BDAB-45C2-9708-40D93B757C45} - \DSite No Task File
Task: {B1140C1E-7310-4300-AF4C-C9BF54A7029D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
Task: {B9509C98-3D8C-4C5A-A3C2-40D31284D354} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-07-17] (Enigma Software Group USA, LLC.)
Task: {D0753386-9D04-4485-9CA3-0BB63846B03D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {E1BEDEED-128B-49C3-BE59-C3BE1C0BD478} - System32\Tasks\LyricsSay-1-codedownloader => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe [2013-09-21] (Lyrics)
Task: {E40E055F-78CE-4B9A-A197-1CE3685FB4E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {F16F7AC9-3221-4FA5-9EC0-873BC5A2076F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F17272CE-81F1-4127-BEAC-A8E2614AD910} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-24] (Microsoft Corporation)
Task: {FD13DA87-ED49-430B-BEC3-CB8E15C610D9} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJACOBO-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\LyricsSay-1-chromeinstaller.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe
Task: C:\Windows\Tasks\LyricsSay-1-codedownloader.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe
Task: C:\Windows\Tasks\LyricsSay-1-enabler.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe
Task: C:\Windows\Tasks\LyricsSay-1-firefoxinstaller.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe
Task: C:\Windows\Tasks\LyricsSay-1-updater.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\jacobo\AppData\Local\TopArcadeHits\updater.exe

==================== Loaded Modules (whitelisted) =============

2013-06-05 10:17 - 2013-06-05 10:17 - 00164016 _____ (Dropbox, Inc.) C:\Users\jacobo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2013-09-07 07:43 - 2013-09-02 13:06 - 00305520 _____ (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\Hooks\AppHookWIN6064_1F24968F-E553-42E8-A87A-4053C7BDA9CD.dll
2012-11-13 21:53 - 2012-08-01 15:44 - 00139024 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll
2013-04-16 10:47 - 2013-04-16 10:47 - 00037888 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.ImplementationNet4.dll
2013-04-16 10:47 - 2013-04-16 10:47 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-02-24 22:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
2013-02-24 22:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
2013-02-24 22:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
2013-02-24 22:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
2013-08-25 09:49 - 2013-05-21 08:57 - 00593920 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\NewUI.dll
2013-08-25 09:49 - 2013-02-05 12:49 - 00701952 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\bvrpctln.dll
2013-08-25 09:49 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-08-25 09:49 - 2013-08-27 09:26 - 00920064 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\Device.dll
2013-08-25 09:49 - 2013-05-17 10:51 - 00207872 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-08-25 09:49 - 2011-04-04 14:14 - 00113664 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\WUNPACLN.dll
2013-08-25 09:49 - 2013-07-24 11:10 - 00991232 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.dll
2013-08-25 09:49 - 2012-12-26 15:44 - 00287744 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PluginManager.dll
2013-08-25 09:49 - 2013-04-23 17:27 - 00342528 _____ (TODO: <Company name>) C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdateTools.dll
2013-08-25 09:49 - 2012-07-11 17:39 - 00329728 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\DownloadManager.dll
2013-05-14 09:36 - 2013-05-14 09:36 - 00913408 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\BackupRestore.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-08-25 09:49 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2013-05-27 12:22 - 2013-05-27 12:22 - 00339456 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\CrashDump.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-08-25 09:49 - 2013-06-10 17:46 - 00285696 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\Statistics.dll
2013-09-20 14:20 - 2013-09-10 14:43 - 00183296 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCWebServices.dll
2013-06-21 10:57 - 2013-06-21 10:57 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-06-05 10:17 - 2013-06-05 10:17 - 00130736 _____ (Dropbox, Inc.) C:\Users\jacobo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-08-28 18:29 - 2006-10-03 14:35 - 00328704 _____ (Sonix) C:\Windows\system32\vsnp2std.dll
2013-09-07 07:43 - 2013-09-02 13:06 - 00292208 _____ (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\Hooks\AppHookWIN6032_5ABBEA16-CB56-4DAB-A63A-238CB3F4E640.dll
2013-09-20 01:26 - 2013-09-20 01:26 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_175.ocx
2008-12-03 20:05 - 2008-12-03 20:05 - 00053760 _____ (Hewlett-Packard) C:\Windows\system32\hpzipr12.dll
2013-09-21 13:24 - 2013-09-21 13:24 - 00598528 _____ (Lyrics) C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho.dll
2013-08-29 18:57 - 2013-08-29 18:57 - 00149280 _____ (Browse Fox) C:\Program Files (x86)\BrowseFox\BrowseFoxbho.dll
2013-09-09 20:13 - 2013-08-13 07:19 - 00442368 _____ (Valve Corporation) C:\Games\PAYDAY 2\steam_api.dll
2013-09-09 20:12 - 2013-05-16 11:07 - 00227328 _____ (RAD Game Tools, Inc.) C:\Games\PAYDAY 2\binkw32.dll
2013-09-09 20:12 - 2013-07-28 19:58 - 00106496 _____ () C:\Games\PAYDAY 2\d3d9.dll
2013-09-09 20:12 - 2013-05-16 11:07 - 04379984 _____ (Microsoft Corporation) C:\Games\PAYDAY 2\d3dx9_40.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 00081768 _____ (Microsoft Corporation) C:\Games\PAYDAY 2\XINPUT1_3.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 01149760 _____ (NVIDIA Corporation) C:\Games\PAYDAY 2\PhysX3Common_x86.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 00304960 _____ (NVIDIA Corporation) C:\Games\PAYDAY 2\PhysX3Cooking_x86.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 01745728 _____ (NVIDIA Corporation) C:\Games\PAYDAY 2\PhysX3_x86.dll
2013-09-11 18:48 - 2013-09-10 19:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 03:26 - 2013-09-16 22:47 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system.ini:c1_encryption_d
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e2
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_d
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e2
AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75428453.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75428453.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2013 00:52:35 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/">.

Error: (09/22/2013 11:24:07 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/21/2013 04:37:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/21/2013 03:35:48 PM) (Source: Application Hang) (User: )
Description: The program WINWORDC.EXE version 14.0.6129.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8d4

Start Time: 01ceb71a7bcd504b

Termination Time: 0

Application Path: Q:\140066.enu\Office14\WINWORDC.EXE

Report Id: 18620bb5-230e-11e3-b9cd-005056c00008

Error: (09/21/2013 03:31:27 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 164c

Start Time: 01ceb71a48bc5c7f

Termination Time: 2

Application Path: C:\Windows\SysWOW64\NOTEPAD.EXE

Report Id: 8b15799f-230d-11e3-b9cd-005056c00008

Error: (09/21/2013 01:26:54 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/">.

Error: (09/21/2013 01:23:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/21/2013 01:21:48 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/">.

Error: (09/20/2013 10:10:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.2.0, time stamp: 0x50eaf921
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xf28
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3

Error: (09/20/2013 09:12:18 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108


System errors:
=============
Error: (09/22/2013 01:52:29 PM) (Source: mbamchameleon) (User: )
Description: C01C0005

Error: (09/22/2013 01:46:31 PM) (Source: mbamchameleon) (User: )
Description: C01C0005

Error: (09/22/2013 01:41:18 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\DAEMON TOOLS ULTRA\DISCSOFTBUSSERVICE.EXE

Error: (09/22/2013 01:41:17 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\DAEMON TOOLS ULTRA\DISCSOFTBUSSERVICE.EXE

Error: (09/22/2013 01:41:16 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe

Error: (09/22/2013 01:41:16 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\DAEMON TOOLS ULTRA\DISCSOFTBUSSERVICE.EXE

Error: (09/20/2013 03:11:01 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/20/2013 03:11:01 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/20/2013 03:10:48 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2013 03:10:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
papycpu
papyjoy


Microsoft Office Sessions:
=========================
Error: (09/22/2013 00:52:35 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/

Error: (09/22/2013 11:24:07 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (09/21/2013 04:37:14 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/21/2013 03:35:48 PM) (Source: Application Hang)(User: )
Description: WINWORDC.EXE14.0.6129.50008d401ceb71a7bcd504b0Q:\140066.enu\Office14\WINWORDC.EXE18620bb5-230e-11e3-b9cd-005056c00008

Error: (09/21/2013 03:31:27 PM) (Source: Application Hang)(User: )
Description: NOTEPAD.EXE6.1.7600.16385164c01ceb71a48bc5c7f2C:\Windows\SysWOW64\NOTEPAD.EXE8b15799f-230d-11e3-b9cd-005056c00008

Error: (09/21/2013 01:26:54 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/

Error: (09/21/2013 01:23:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\jacobo\Downloads\SoftonicDownloader_for_tunngle.exe

Error: (09/21/2013 01:21:48 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/

Error: (09/20/2013 10:10:21 PM) (Source: Application Error)(User: )
Description: hpasset.exe3.0.2.050eaf921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3f2801ceb688dd1cb2ceC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Windows\SysWOW64\ntdll.dll1c8ada0c-227c-11e3-b9cd-005056c00008

Error: (09/20/2013 09:12:18 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108


CodeIntegrity Errors:
===================================
  Date: 2013-08-28 18:10:19.351
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 18:10:19.164
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 18:07:12.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 18:07:11.943
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 16383.29 MB
Available physical RAM: 9916.46 MB
Total Pagefile: 24381.47 MB
Available Pagefile: 16791.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:321.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GRID2) (CDROM) (Total:5.72 GB) (Free:0 GB) CDFS
Drive g: (NASCAR The Game) (CDROM) (Total:3.04 GB) (Free:0 GB) CDFS
Drive h: (TDU2) (CDROM) (Total:6.34 GB) (Free:0 GB) UDF
Drive i: (CBS) (CDROM) (Total:4.22 GB) (Free:0 GB) CDFS
Drive j: (GRID2) (CDROM) (Total:5.72 GB) (Free:0 GB) CDFS
Drive k: (TW_ROME_II) (CDROM) (Total:9.47 GB) (Free:0 GB) CDFS
Drive l: (NFS13) (CDROM) (Total:5.3 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2215BC93)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#5 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 09:19 PM

i know i was to put this in attchment but it would not let me....

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-09-2013
Ran by jacobo at 2013-09-22 17:24:05
Running from C:\Users\jacobo\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

 Leawo Video Converter Ultimate version  4.0.0.0 (x32)
«Dishonored»  1.0 (x32 Version: 1.0)
µTorrent (HKCU Version: 3.3.1.30017)
1600 (x32 Version: 130.0.365.000)
1600_Help (x32 Version: 82.0.242.000)
1600Trb (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
7-Zip 9.21 (x32 Version: 9.21.00.0)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
Aliens vs. Predator (x32)
AMD Accelerated Video Transcoding (Version: 12.10.100.30416)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0416.1036.17145)
AMD Media Foundation Decoders (Version: 1.0.80416.1032)
AMD OverDrive (x32 Version: 4.2.6.0638)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2013.0416.1036.17145)
Amnesia - The Dark Descent  (x32 Version: 1.2.1)
ArmA 2 Free Uninstall (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Belarc Advisor 8.3 (x32 Version: 8.3.2.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.0.5350)
Bounce Symphony (x32 Version: 2.2.0.95)
BrowseFox 3.0.0 (Version: 3.0.0)
BufferChm (x32 Version: 130.0.331.000)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cain & Abel 4.9.46 (x32)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.1036.17145)
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.1036.17145)
Catalyst Control Center Localization All (x32 Version: 2013.0416.1036.17145)
CCC Help Chinese Standard (x32 Version: 2013.0416.1035.17145)
CCC Help Chinese Traditional (x32 Version: 2013.0416.1035.17145)
CCC Help Czech (x32 Version: 2013.0416.1035.17145)
CCC Help Danish (x32 Version: 2013.0416.1035.17145)
CCC Help Dutch (x32 Version: 2013.0416.1035.17145)
CCC Help English (x32 Version: 2013.0416.1035.17145)
CCC Help Finnish (x32 Version: 2013.0416.1035.17145)
CCC Help French (x32 Version: 2013.0416.1035.17145)
CCC Help German (x32 Version: 2013.0416.1035.17145)
CCC Help Greek (x32 Version: 2013.0416.1035.17145)
CCC Help Hungarian (x32 Version: 2013.0416.1035.17145)
CCC Help Italian (x32 Version: 2013.0416.1035.17145)
CCC Help Japanese (x32 Version: 2013.0416.1035.17145)
CCC Help Korean (x32 Version: 2013.0416.1035.17145)
CCC Help Norwegian (x32 Version: 2013.0416.1035.17145)
CCC Help Polish (x32 Version: 2013.0416.1035.17145)
CCC Help Portuguese (x32 Version: 2013.0416.1035.17145)
CCC Help Russian (x32 Version: 2013.0416.1035.17145)
CCC Help Spanish (x32 Version: 2013.0416.1035.17145)
CCC Help Swedish (x32 Version: 2013.0416.1035.17145)
CCC Help Thai (x32 Version: 2013.0416.1035.17145)
CCC Help Turkish (x32 Version: 2013.0416.1035.17145)
ccc-utility64 (Version: 2013.0416.1036.17145)
CCleaner (Version: 3.28)
Cheat Engine 6.3 (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
City Bus Simulator 2010 - New York (x32 Version: 1.3)
ConvertXtoDVD 3.0.0.1 (x32 Version: 3.0.0.1)
Copy (x32 Version: 130.0.428.000)
Core Temp 1.0 RC4 (Version: 1.0)
CPUID CPU-Z 1.63.0
Crysis®3 (x32 Version: 1.0.0.0)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
DAEMON Tools Ultra (x32 Version: 1.1.0.0103)
Daossoft ZIP Password Recovery 7.0.0.1 (x32 Version: 7.0.0.1)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130)
DefianceRuntimes (x32 Version: 1.0.2)
Demigod (x32 Version: 1.00)
Demigod (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DiskCheckup v3.1 (x32 Version: 3.1.1007)
DisplayFusion 5.1 (x32 Version: 5.1.0.0)
DocProc (x32 Version: 13.0.0.0)
Dora's World Adventure (x32 Version: 2.2.0.95)
Dropbox (HKCU Version: 2.0.26)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
EA Installer (x32 Version: 2.2.0.62)
EA Shared Game Component: Activation (x32 Version: 2.2.0)
EA Shared Game Component: Activation (x32 Version: 2.2.0.62)
Earth Defense Force Insect Armageddon (x32)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
ESN Sonar (x32 Version: 0.70.4)
EVE Online (remove only) (x32)
Far Cry 3 3.1.0.3 (x32 Version: 3.1.0.3)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Fax (x32 Version: 130.0.418.000)
Final Drive Nitro (x32 Version: 2.2.0.95)
Firefall (x32)
Fraps (x32)
Freelancer (x32)
FTL version 1.01 (x32 Version: 1.01)
Geeks3D.com FurMark 1.10.6 (x32)
Google Chrome (x32 Version: 29.0.1547.76)
GPBaseService2 (x32 Version: 130.0.371.000)
GRID 2 © Codemasters version 1 (x32 Version: 1)
Happy Cloud Client (HKCU Version: 1.374)
HD Tune 2.55 (x32)
Heaven Benchmark version 4.0 (x32 Version: 4.0)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart DVD (x32 Version: 4.2.4725)
HP MediaSmart Music (x32 Version: 4.2.4517)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MovieStore (x32 Version: 1.0.027)
HP MovieStore (x32 Version: 2.0.2)
HP Odometer (x32 Version: 2.10.0000)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Product Detection (x32 Version: 11.15.0007)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version: 5.1.8.12)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.005.000.002)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Hulu Desktop (HKCU Version: 0.9.14)
Human Head demo by NVIDIA (remove only) (x32)
iCam 322 (x32 Version: 1.00.000)
Impulse (x32 Version: 1.0)
Impulse (x32)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
JFK Reloaded 1.1 (x32 Version: 1.1)
Kid's Digital Camera Drivers (x32)
Kobo (x32 Version: 1.6)
LabelPrint (x32 Version: 2.5.3130)
Labyrinth version 1.1 (x32 Version: 1.1)
League of Legends (x32 Version: 1.3)
LightScribe System Software (x32 Version: 1.18.20.1)
LogMeIn Hamachi (x32 Version: 2.1.0.296)
LyricsSay-1 (x32 Version: 1.28.153.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Mass Effect 2 (x32 Version: 1.2.1604.0)
MechWarrior 4 Mercenaries (x32)
Medialink MWN-USB150N (x32 Version: 1.00.0000)
Men of War: Assault Squad - Game of the year (Remove Only) (x32 Version: 2.0.11.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Game Studios Common Redistributables Pack 1 (x32 Version: 1.0.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ Run Time  Lib Setup (x32 Version: 1.0.0)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XML Parser (x32 Version: 8.20.8730.4)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MurGeeMon 1.8 (x32 Version: 1.8)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
MyTomTom 3.2.0.1116 (x32 Version: 3.2.0.1116)
NASCAR SimRacing Demo (x32)
NASCAR The Game 2013 (x32)
NASCAR® Racing 4 Demo (x32)
Need for Speed Most Wanted (x32)
Need For Speed™ World (x32 Version: 1.0.0.1516)
Network64 (Version: 130.0.572.000)
Neverwinter (x32)
NVIDIA PhysX (x32 Version: 9.12.1031)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenAL (x32)
Origin (x32 Version: 9.1.15.109)
PAYDAY 2 (x32)
PC Camer@  (x32 Version: 1.0.4.9)
PC VGA Camera (x32 Version: 1.0.1.49)
PDF Complete Special Edition (x32 Version: 4.0.9)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
PictureMover (x32 Version: 3.5.0.33)
Planetside (HKCU Version: 1.0.3.183)
PlanetSide 2 (HKCU Version: 1.0.3.183)
PlanetSide 2 Live Test (HKCU Version: 1.0.3.183)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Portal 2 by CSmania.RU (x32)
Power2Go (x32 Version: 6.1.4329)
PowerDirector (x32 Version: 8.0.3129)
PressReader (x32 Version: 5.10.1102.0)
PunkBuster Services (x32 Version: 0.993)
RadeonPro 1.0 (Build 1.1.1.0) (x32)
Ralink RT2860 Wireless LAN Card (x32)
Raptr (x32)
RAR Password Unlocker 4.2.0.0 (x32)
Razer Game Booster (x32 Version: 3.7)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Recovery Manager (x32 Version: 5.5.3219)
Republic at War 1.1 (x32)
Republic at War 1.1.5 (x32 Version: 1.1.5)
Resource Hacker Version 3.6.0 (x32)
RIFT (HKCU)
ROR StarWars BattleFront II NODVD + Keygen 1.0 (x32 Version: 1.0)
RoxioNow Player (x32 Version: 1.9.5.101)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (x32 Version: 1.6.02)
Scan (x32 Version: 13.0.0.0)
Search Protection (HKCU Version: 7.5.0.1)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Sony Ericsson Update Engine (x32 Version: 2.13.9.201308081522)
Sony PC Companion 2.10.174 (x32 Version: 2.10.174)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SpyHunter (Version: 4.15.1.4270)
Star Wars: The Old Republic (x32 Version: 1.00)
StarCraft II (x32 Version: 2.0.11.26825)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (x32 Version: 3.0.11)
TERA (HKCU)
Tombraider (x32)
Toolbox (x32 Version: 130.0.648.000)
tools-windows (x32 Version: 9.2.0.812388)
Total War ROME II (x32 Version: 1)
TrayApp (x32 Version: 130.0.422.000)
Tunngle beta (x32)
Unity Web Player (HKCU Version: )
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Zip Opener (HKCU)
USB Vibration Joystick (x32 Version: v3.70)
USB2.0 PC Camera (SN9C201&202) (x32 Version: 5.7.12.205_WHQL)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
VLC media player 2.0.5 (x32 Version: 2.0.5)
VMware Player (x32 Version: 5.0.0)
VMwarePlayer_x64 (Version: 5.0.0)
War Thunder Launcher 1.0.1.199 (x32)
WeatherBug (x32 Version: 7.0.0.11)
WebReg (x32 Version: 130.0.132.017)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Remote Service (Version: 1.2.9)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
Wireshark 1.10.1 (64-bit) (x32 Version: 1.10.1)
World of Tanks (x32)
X3 Reunion (x32 Version: 12)
XCOM: Enemy Unknown (x32)
X-Motor Racing Demo (x32)
Zinio Reader 4 (x32 Version: 4.0.3184)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

19-09-2013 18:13:46 Scheduled Checkpoint
20-09-2013 21:01:18 Windows Modules Installer
21-09-2013 05:10:30 HPSF Restore Point
22-09-2013 19:50:38 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-09-04 10:15 - 00444830 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {034CD6C9-90C6-4775-90C3-715735A37973} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] ()
Task: {06DE7305-B680-4053-83F9-0E19AFD235FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {12DD87A3-722B-4676-91B5-87366A1BC919} - System32\Tasks\LyricsSay-1-chromeinstaller => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe [2013-09-21] (Lyrics)
Task: {17602F61-66B4-4429-B86D-64D57C19F1AB} - System32\Tasks\LyricsSay-1-updater => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe [2013-09-21] (Lyrics)
Task: {21865D3E-5AD3-4BAC-A814-D9DB57C42418} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-06-05] ()
Task: {2AFD8BE5-4342-42D2-BEB1-2ED7C66C20E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {3AFB575E-75CB-41CC-8483-867D604725C7} - System32\Tasks\PcRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe
Task: {3B724FCD-A725-47E9-BD06-C840BD834989} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
Task: {62AAF17A-B2F8-430D-BE74-287225838E57} - System32\Tasks\Test TimeTrigger => C:\Users\jacobo\AppData\Local\Temp\Runner.exe
Task: {69D15AC5-484C-425F-B47E-8317DC654CF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {7380BC6B-F67E-4CBD-8C2B-E2DFEB636354} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {771EFBEF-21D8-4215-9C4E-D7F42169F1CA} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-19] (CyberLink)
Task: {7C588486-BFD1-458A-B601-4E97D471AAEC} - System32\Tasks\HPCeeScheduleForJACOBO-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {7EEB7CED-154F-405D-BB65-BE51985B6C1B} - System32\Tasks\LyricsSay-1-firefoxinstaller => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe [2013-09-21] (Lyrics)
Task: {833656B6-DB28-4735-82CB-F479ADA44F38} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe [2013-08-16] ()
Task: {8B10493D-536C-40C4-BB6F-202192A312C2} - System32\Tasks\LyricsSay-1-enabler => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe [2013-09-21] (Lyrics)
Task: {8FEBAA99-0BE5-4F9D-B40B-5210F49E9244} - System32\Tasks\TopArcadeHits => C:\Users\jacobo\AppData\Local\TopArcadeHits\updater.exe
Task: {A81BDD46-BDAB-45C2-9708-40D93B757C45} - \DSite No Task File
Task: {B1140C1E-7310-4300-AF4C-C9BF54A7029D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
Task: {B9509C98-3D8C-4C5A-A3C2-40D31284D354} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-07-17] (Enigma Software Group USA, LLC.)
Task: {D0753386-9D04-4485-9CA3-0BB63846B03D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {E1BEDEED-128B-49C3-BE59-C3BE1C0BD478} - System32\Tasks\LyricsSay-1-codedownloader => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe [2013-09-21] (Lyrics)
Task: {E40E055F-78CE-4B9A-A197-1CE3685FB4E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {F16F7AC9-3221-4FA5-9EC0-873BC5A2076F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F17272CE-81F1-4127-BEAC-A8E2614AD910} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-24] (Microsoft Corporation)
Task: {FD13DA87-ED49-430B-BEC3-CB8E15C610D9} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJACOBO-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\LyricsSay-1-chromeinstaller.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe
Task: C:\Windows\Tasks\LyricsSay-1-codedownloader.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe
Task: C:\Windows\Tasks\LyricsSay-1-enabler.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe
Task: C:\Windows\Tasks\LyricsSay-1-firefoxinstaller.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe
Task: C:\Windows\Tasks\LyricsSay-1-updater.job => C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\jacobo\AppData\Local\TopArcadeHits\updater.exe

==================== Loaded Modules (whitelisted) =============

2013-06-05 10:17 - 2013-06-05 10:17 - 00164016 _____ (Dropbox, Inc.) C:\Users\jacobo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2013-09-07 07:43 - 2013-09-02 13:06 - 00305520 _____ (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\Hooks\AppHookWIN6064_1F24968F-E553-42E8-A87A-4053C7BDA9CD.dll
2012-11-13 21:53 - 2012-08-01 15:44 - 00139024 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll
2013-04-16 10:47 - 2013-04-16 10:47 - 00037888 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.ImplementationNet4.dll
2013-04-16 10:47 - 2013-04-16 10:47 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-02-24 22:00 - 2007-12-06 11:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
2013-02-24 22:00 - 2009-04-06 16:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
2013-02-24 22:00 - 2009-01-05 21:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
2013-02-24 22:00 - 2009-04-06 16:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
2013-08-25 09:49 - 2013-05-21 08:57 - 00593920 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\NewUI.dll
2013-08-25 09:49 - 2013-02-05 12:49 - 00701952 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\bvrpctln.dll
2013-08-25 09:49 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-08-25 09:49 - 2013-08-27 09:26 - 00920064 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\Device.dll
2013-08-25 09:49 - 2013-05-17 10:51 - 00207872 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-08-25 09:49 - 2011-04-04 14:14 - 00113664 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\WUNPACLN.dll
2013-08-25 09:49 - 2013-07-24 11:10 - 00991232 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.dll
2013-08-25 09:49 - 2012-12-26 15:44 - 00287744 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PluginManager.dll
2013-08-25 09:49 - 2013-04-23 17:27 - 00342528 _____ (TODO: <Company name>) C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdateTools.dll
2013-08-25 09:49 - 2012-07-11 17:39 - 00329728 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\DownloadManager.dll
2013-05-14 09:36 - 2013-05-14 09:36 - 00913408 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\BackupRestore.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-08-25 09:49 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2013-05-27 12:22 - 2013-05-27 12:22 - 00339456 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\CrashDump.dll
2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-08-25 09:49 - 2013-06-10 17:46 - 00285696 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\Statistics.dll
2013-09-20 14:20 - 2013-09-10 14:43 - 00183296 _____ (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCWebServices.dll
2013-06-21 10:57 - 2013-06-21 10:57 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-06-05 10:17 - 2013-06-05 10:17 - 00130736 _____ (Dropbox, Inc.) C:\Users\jacobo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-08-28 18:29 - 2006-10-03 14:35 - 00328704 _____ (Sonix) C:\Windows\system32\vsnp2std.dll
2013-09-07 07:43 - 2013-09-02 13:06 - 00292208 _____ (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\Hooks\AppHookWIN6032_5ABBEA16-CB56-4DAB-A63A-238CB3F4E640.dll
2013-09-20 01:26 - 2013-09-20 01:26 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_175.ocx
2008-12-03 20:05 - 2008-12-03 20:05 - 00053760 _____ (Hewlett-Packard) C:\Windows\system32\hpzipr12.dll
2013-09-21 13:24 - 2013-09-21 13:24 - 00598528 _____ (Lyrics) C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho.dll
2013-08-29 18:57 - 2013-08-29 18:57 - 00149280 _____ (Browse Fox) C:\Program Files (x86)\BrowseFox\BrowseFoxbho.dll
2013-09-09 20:13 - 2013-08-13 07:19 - 00442368 _____ (Valve Corporation) C:\Games\PAYDAY 2\steam_api.dll
2013-09-09 20:12 - 2013-05-16 11:07 - 00227328 _____ (RAD Game Tools, Inc.) C:\Games\PAYDAY 2\binkw32.dll
2013-09-09 20:12 - 2013-07-28 19:58 - 00106496 _____ () C:\Games\PAYDAY 2\d3d9.dll
2013-09-09 20:12 - 2013-05-16 11:07 - 04379984 _____ (Microsoft Corporation) C:\Games\PAYDAY 2\d3dx9_40.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 00081768 _____ (Microsoft Corporation) C:\Games\PAYDAY 2\XINPUT1_3.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 01149760 _____ (NVIDIA Corporation) C:\Games\PAYDAY 2\PhysX3Common_x86.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 00304960 _____ (NVIDIA Corporation) C:\Games\PAYDAY 2\PhysX3Cooking_x86.dll
2013-09-09 20:13 - 2013-05-16 11:07 - 01745728 _____ (NVIDIA Corporation) C:\Games\PAYDAY 2\PhysX3_x86.dll
2013-09-11 18:48 - 2013-09-10 19:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 03:26 - 2013-09-16 22:47 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system.ini:c1_encryption_d
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e2
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_d
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e2
AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75428453.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75428453.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2013 00:52:35 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/">.

Error: (09/22/2013 11:24:07 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/21/2013 04:37:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/21/2013 03:35:48 PM) (Source: Application Hang) (User: )
Description: The program WINWORDC.EXE version 14.0.6129.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8d4

Start Time: 01ceb71a7bcd504b

Termination Time: 0

Application Path: Q:\140066.enu\Office14\WINWORDC.EXE

Report Id: 18620bb5-230e-11e3-b9cd-005056c00008

Error: (09/21/2013 03:31:27 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 164c

Start Time: 01ceb71a48bc5c7f

Termination Time: 2

Application Path: C:\Windows\SysWOW64\NOTEPAD.EXE

Report Id: 8b15799f-230d-11e3-b9cd-005056c00008

Error: (09/21/2013 01:26:54 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/">.

Error: (09/21/2013 01:23:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/21/2013 01:21:48 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/">.

Error: (09/20/2013 10:10:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.2.0, time stamp: 0x50eaf921
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xf28
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3

Error: (09/20/2013 09:12:18 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108


System errors:
=============
Error: (09/22/2013 01:52:29 PM) (Source: mbamchameleon) (User: )
Description: C01C0005

Error: (09/22/2013 01:46:31 PM) (Source: mbamchameleon) (User: )
Description: C01C0005

Error: (09/22/2013 01:41:18 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\DAEMON TOOLS ULTRA\DISCSOFTBUSSERVICE.EXE

Error: (09/22/2013 01:41:17 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\DAEMON TOOLS ULTRA\DISCSOFTBUSSERVICE.EXE

Error: (09/22/2013 01:41:16 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe

Error: (09/22/2013 01:41:16 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\DAEMON TOOLS ULTRA\DISCSOFTBUSSERVICE.EXE

Error: (09/20/2013 03:11:01 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/20/2013 03:11:01 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/20/2013 03:10:48 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2013 03:10:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
papycpu
papyjoy


Microsoft Office Sessions:
=========================
Error: (09/22/2013 00:52:35 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/

Error: (09/22/2013 11:24:07 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (09/21/2013 04:37:14 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/21/2013 03:35:48 PM) (Source: Application Hang)(User: )
Description: WINWORDC.EXE14.0.6129.50008d401ceb71a7bcd504b0Q:\140066.enu\Office14\WINWORDC.EXE18620bb5-230e-11e3-b9cd-005056c00008

Error: (09/21/2013 03:31:27 PM) (Source: Application Hang)(User: )
Description: NOTEPAD.EXE6.1.7600.16385164c01ceb71a48bc5c7f2C:\Windows\SysWOW64\NOTEPAD.EXE8b15799f-230d-11e3-b9cd-005056c00008

Error: (09/21/2013 01:26:54 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/

Error: (09/21/2013 01:23:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\jacobo\Downloads\SoftonicDownloader_for_tunngle.exe

Error: (09/21/2013 01:21:48 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2134264747-4051326518-3151763139-1000}/

Error: (09/20/2013 10:10:21 PM) (Source: Application Error)(User: )
Description: hpasset.exe3.0.2.050eaf921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3f2801ceb688dd1cb2ceC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Windows\SysWOW64\ntdll.dll1c8ada0c-227c-11e3-b9cd-005056c00008

Error: (09/20/2013 09:12:18 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108


CodeIntegrity Errors:
===================================
  Date: 2013-08-28 18:10:19.351
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 18:10:19.164
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 18:07:12.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 18:07:11.943
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snp2sxp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 16383.29 MB
Available physical RAM: 9916.46 MB
Total Pagefile: 24381.47 MB
Available Pagefile: 16791.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:321.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GRID2) (CDROM) (Total:5.72 GB) (Free:0 GB) CDFS
Drive g: (NASCAR The Game) (CDROM) (Total:3.04 GB) (Free:0 GB) CDFS
Drive h: (TDU2) (CDROM) (Total:6.34 GB) (Free:0 GB) UDF
Drive i: (CBS) (CDROM) (Total:4.22 GB) (Free:0 GB) CDFS
Drive j: (GRID2) (CDROM) (Total:5.72 GB) (Free:0 GB) CDFS
Drive k: (TW_ROME_II) (CDROM) (Total:9.47 GB) (Free:0 GB) CDFS
Drive l: (NFS13) (CDROM) (Total:5.3 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2215BC93)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 AM

Posted 22 September 2013 - 09:20 PM

Hello



that is one report can you send me the other one please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 09:30 PM

i sent 2 logs from farbar is there more you need.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 AM

Posted 22 September 2013 - 09:36 PM

they were both the same report - you sent one report twice


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 10:03 PM

can u help me understand something each time i tryed to post it say "You do not have permission for that action"

???



#10 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 10:05 PM

how about this way

 

 

Sry

 

computer is getting really bad copy and paste is not working


Edited by Bakersfieldboy, 22 September 2013 - 10:11 PM.


#11 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 10:07 PM

Here it is



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 AM

Posted 22 September 2013 - 10:27 PM

Hello Bakersfieldboy

you have allot of things going on so we are going to have to do this in parts



I need you to download this script I have made for you --> Attached File  fixlist.txt   491bytes   5 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 10:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2013
Ran by jacobo at 2013-09-22 20:38:47 Run:1
Running from C:\Users\jacobo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\jacobo\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s



*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\jacobo\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found
"C:\Windows\system64" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========


==== End of Fixlog ====

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 AM

Posted 22 September 2013 - 10:43 PM


Hello

you should be able to download now - can you verify that please

I am going to run this to see if we can find these files on the computer


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Bakersfieldboy

Bakersfieldboy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 22 September 2013 - 10:54 PM

 Internet explorer has stop saying virus detected but when i try to download it says interternet exploreer has stop working

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:51 on 22/09/2013 by jacobo
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe    --a---- 2871808 bytes    [11:25 24/02/2013]    [06:19 25/02/2011] 80C62DD6E4282A7BFD2309C5C84786C6
C:\Windows\SysWOW64\explorer.exe    --a---- 2616320 bytes    [11:25 24/02/2013]    [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe    --a---- 2868224 bytes    [23:56 13/07/2009]    [01:39 14/07/2009] C235A51CB740E45FFA0EBFB9BAFCDA64
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe    --a---- 2868224 bytes    [07:01 09/01/2011]    [07:01 09/01/2011] F170B4A061C9E026437B193B4D571799
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe    --a---- 2868736 bytes    [07:02 09/01/2011]    [07:02 09/01/2011] 6D4F9E4B640B413C6F73414327484C80
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe    --a---- 2870272 bytes    [07:03 09/01/2011]    [07:03 09/01/2011] 9AAAEC8DAC27AA17B053E6352AD233AE
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe    --a---- 2870272 bytes    [11:25 24/02/2013]    [06:23 26/02/2011] 0862495E0C825893DB75EF44FAEA8E93
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe    --a---- 2868224 bytes    [07:01 09/01/2011]    [07:01 09/01/2011] 700073016DAC1C3D2E7E2CE4223334B6
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe    --a---- 2868736 bytes    [07:02 09/01/2011]    [07:02 09/01/2011] CA17F8620815267DC838E30B68CB5052
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe    --a---- 2870272 bytes    [07:03 09/01/2011]    [07:03 09/01/2011] B8EC4BD49CE8F6FC457721BFC210B67F
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe    --a---- 2870784 bytes    [11:25 24/02/2013]    [06:26 26/02/2011] E38899074D4951D31B4040E994DD7C8D
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe    --a---- 2872320 bytes    [18:18 25/02/2013]    [13:24 20/11/2010] AC4C51EB24AA95B77F705AB159189E24
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe    --a---- 2871808 bytes    [11:25 24/02/2013]    [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe    --a---- 2871808 bytes    [11:25 24/02/2013]    [06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe    --a---- 2613248 bytes    [23:41 13/07/2009]    [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe    --a---- 2613248 bytes    [07:01 09/01/2011]    [07:01 09/01/2011] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe    --a---- 2613248 bytes    [07:02 09/01/2011]    [07:02 09/01/2011] FC89FACA0473641CB625EDA9277D0885
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe    --a---- 2614272 bytes    [07:03 09/01/2011]    [07:03 09/01/2011] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe    --a---- 2614784 bytes    [11:25 24/02/2013]    [05:33 26/02/2011] 2AF58D15EDC06EC6FDACCE1F19482BBF
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe    --a---- 2613248 bytes    [07:01 09/01/2011]    [07:01 09/01/2011] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe    --a---- 2613248 bytes    [07:02 09/01/2011]    [07:02 09/01/2011] 00B0358734CAA32C39D181FE6916B178
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe    --a---- 2614272 bytes    [07:03 09/01/2011]    [07:03 09/01/2011] C76153C7ECA00FA852BB0C193378F917
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe    --a---- 2614784 bytes    [11:25 24/02/2013]    [05:51 26/02/2011] 255CF508D7CFB10E0794D6AC93280BD8
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe    --a---- 2616320 bytes    [18:18 25/02/2013]    [12:17 20/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe    --a---- 2616320 bytes    [11:25 24/02/2013]    [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe    --a---- 2616320 bytes    [11:25 24/02/2013]    [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746

Searching for "svchost.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe    --a---- 218184 bytes    [04:15 12/04/2013]    [21:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC
C:\Windows\System32\svchost.exe    --a---- 27136 bytes    [23:31 13/07/2009]    [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\SysWOW64\svchost.exe    --a---- 20992 bytes    [23:19 13/07/2009]    [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe    --a---- 27136 bytes    [23:31 13/07/2009]    [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe    --a---- 20992 bytes    [23:19 13/07/2009]    [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

Searching for "winlogon.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe    --a---- 218184 bytes    [04:15 12/04/2013]    [21:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC
C:\Windows\System32\winlogon.exe    --a---- 390656 bytes    [18:18 25/02/2013]    [13:25 20/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe    --a---- 389120 bytes    [23:52 13/07/2009]    [01:39 14/07/2009] 132328DF455B0028F13BF0ABEE51A63A
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe    --a---- 389632 bytes    [07:03 09/01/2011]    [07:03 09/01/2011] DA3E2A6FA9660CC75B471530CE88453A
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe    --a---- 389632 bytes    [07:03 09/01/2011]    [07:03 09/01/2011] A93D41A4D4B0D91C072D11DD8AF266DE
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe    --a---- 390656 bytes    [18:18 25/02/2013]    [13:25 20/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457

-= EOF =-

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users