Jump to content

I'm infected with Trojan.Zaccess, please help


Recommended Posts

Hello all,

 

I've been all over the net and apparently this Trojan.Zaccess is becoming very popular recently infecting people out there. Unfortunately I was one of those infected and can't seem to delete this virus off my computer. So I came here seeking help from the experts. This virus was detected by Malwarebytes Anti-Malware. This virus also deactivated my firewall and would not let me turn it back on. Furthermore, this virus deactivated my Microsoft Security Essentials software. I installed Trojan Remover and am now able to turn on my firewall and Microsoft Security Essentials is up and running. However, Malwarebytes is still showing Trojan.Zaccess,  Category: Registry Key,   Item: HKLM\SYSTEM\CurrentControlSet\Services\gupdate  

Please, any help is greatly appreciated.

 

Thank you,

Shadow956

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Hello again, 

Thank you for the quick reply. Here are both the logs you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013
Ran by JAVIER (administrator) on JAVIER-HP on 09-09-2013 10:37:48
Running from C:\Users\JAVIER\Desktop\FARBAR
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Brand Affinity Technologies) C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
( ) C:\Windows\system32\lxeacoms.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [lxeamon.exe] - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
MountPoints2: J - J:\Install.exe
MountPoints2: K - K:\autorun.exe
MountPoints2: {32354e27-c719-11e2-9e96-74de2b7a5687} - L:\setup.exe
MountPoints2: {9a18b2fa-a2d1-11e1-a90d-74de2b7a5687} - L:\iStudio.exe
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HF_G_Jul] - "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction [x]
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ROC_ROC_NT] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-06-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-09-09] (Simply Super Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {12E03EE5-F282-4B7F-B3C2-A48EAA324B51} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {12E03EE5-F282-4B7F-B3C2-A48EAA324B51} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {12E03EE5-F282-4B7F-B3C2-A48EAA324B51} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (Brand Affinity Technologies)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 16 C:\Windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{50DA09CC-E4B8-4FF5-ABC0-C0DFC6E2C7FC}: [NameServer]192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\JAVIER\AppData\Roaming\Mozilla\Firefox\Profiles\c08231r1.default
FF Homepage: www.youtube.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google) - C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\akadbbccfpogllggihohbkgjmgpdhdia\2012.12.3.13680_0
CHR Extension: (YouTube) - C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (RealDownloader) - C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Fantapper) - C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\2.0.7_0
CHR Extension: (Gmail) - C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\JAVIER\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\Fantapper.crx
 
==================== Services (Whitelisted) =================
 
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 FTSvc; C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [16896 2013-01-23] (Brand Affinity Technologies)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c0937947-e64a-12c8-7d5a-2a697c3e5680}\   \...\???\{c0937947-e64a-12c8-7d5a-2a697c3e5680}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 XFDriver64; \??\C:\Program Files\Xfire2\XFDriver64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-09 10:37 - 2013-09-09 10:37 - 00000000 ____D C:\FRST
2013-09-09 10:36 - 2013-09-09 10:37 - 00000000 ____D C:\Users\JAVIER\Desktop\FARBAR
2013-09-09 08:15 - 2013-09-09 08:15 - 00013301 _____ C:\Users\JAVIER\Desktop\Windows Firewall - Shortcut.lnk
2013-09-09 08:12 - 2013-09-09 08:12 - 00002119 _____ C:\Users\JAVIER\Desktop\Microsoft Security Essentials.lnk
2013-09-09 08:12 - 2013-09-09 08:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-09 08:12 - 2013-09-09 08:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-09 07:53 - 2013-09-09 07:53 - 00001115 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-09-09 07:53 - 2013-09-09 07:53 - 00000000 ____D C:\Users\JAVIER\Documents\Simply Super Software
2013-09-09 07:53 - 2003-02-02 20:06 - 00153088 _____ C:\Windows\SysWOW64\UNRAR3.dll
2013-09-09 07:53 - 2002-03-06 01:00 - 00075264 _____ C:\Windows\SysWOW64\unacev2.dll
2013-09-09 07:52 - 2013-09-09 07:53 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-09-09 07:52 - 2013-09-09 07:52 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\Simply Super Software
2013-09-09 07:52 - 2013-09-09 07:52 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-09 07:47 - 2013-09-09 07:49 - 00001598 _____ C:\Users\JAVIER\Desktop\mbam - Shortcut.lnk
2013-09-08 03:44 - 2013-09-08 03:44 - 00000000 ____D C:\Windows\TempDB643C1A-4021-0CD0-495A-B8F2B57A44D7-Signatures
2013-09-05 17:26 - 2013-09-08 03:49 - 00000000 ____D C:\ProgramData\dXiVpDns
2013-08-26 09:13 - 2013-09-02 09:13 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\Canon
2013-08-25 10:15 - 2013-08-25 10:15 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2013-08-25 10:15 - 2013-08-25 10:15 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-08-25 10:14 - 2013-09-09 09:07 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-25 10:14 - 2013-08-25 10:15 - 00000000 ____D C:\Users\Yendi\AppData\Roaming\canon
2013-08-25 10:13 - 2013-08-25 10:13 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-08-25 10:13 - 2013-08-25 10:13 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-08-25 10:13 - 2012-02-08 16:34 - 00320000 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_B6L.dll
2013-08-25 10:13 - 2012-01-24 16:09 - 00077568 _____ C:\Windows\SysWOW64\CNC1760D.TBL
2013-08-25 10:13 - 2012-01-16 14:21 - 00103424 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_B6U.dll
2013-08-25 10:13 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-08-25 10:09 - 2013-08-25 10:09 - 00000000 ____D C:\Program Files\Canon
2013-08-25 10:08 - 2013-08-25 10:08 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-08-25 10:07 - 2013-08-25 10:07 - 00000000 ___HD C:\Program Files\CanonBJ
2013-08-25 10:06 - 2013-08-25 10:06 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-08-25 10:06 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL
2013-08-25 10:05 - 2013-08-25 10:14 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-25 10:05 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll
2013-08-25 10:05 - 2012-01-24 16:09 - 00077568 _____ C:\Windows\system32\CNC1760D.TBL
2013-08-25 10:05 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll
2013-08-25 10:05 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll
2013-08-25 10:05 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2013-08-14 10:00 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 10:00 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 10:00 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 10:00 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 10:00 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 10:00 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 10:00 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 10:00 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 10:00 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 10:00 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 10:00 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 10:00 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 10:00 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 10:00 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 09:53 - 2013-08-14 09:56 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 05:24 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 05:24 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 05:24 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 05:24 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 05:24 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 05:24 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 05:24 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 05:24 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 05:24 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 05:24 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 05:24 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 05:24 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 05:24 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 05:24 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 05:24 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 05:24 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 05:24 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 05:24 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 05:24 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 05:24 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 05:24 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 05:24 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 05:24 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 05:24 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 05:24 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 05:24 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 05:24 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 
==================== One Month Modified Files and Folders =======
 
2013-09-09 10:37 - 2013-09-09 10:37 - 00000000 ____D C:\FRST
2013-09-09 10:37 - 2013-09-09 10:36 - 00000000 ____D C:\Users\JAVIER\Desktop\FARBAR
2013-09-09 10:37 - 2012-05-12 11:43 - 01226742 _____ C:\Windows\WindowsUpdate.log
2013-09-09 10:35 - 2012-12-02 22:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 10:34 - 2012-02-25 14:40 - 00000000 ____D C:\ProgramData\PDFC
2013-09-09 10:33 - 2013-06-21 05:16 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-09-09 10:33 - 2012-12-31 15:12 - 00003366 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1000
2013-09-09 10:33 - 2012-12-31 15:12 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1000
2013-09-09 10:33 - 2012-12-02 22:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 10:33 - 2012-11-22 04:50 - 00050440 _____ C:\ProgramData\lxeascan.log
2013-09-09 10:33 - 2012-05-11 20:11 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-09 10:33 - 2012-05-11 20:10 - 00000000 ____D C:\ProgramData\MFAData
2013-09-09 10:33 - 2010-11-20 22:47 - 00635694 _____ C:\Windows\PFRO.log
2013-09-09 10:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 10:33 - 2009-07-13 23:51 - 00102089 _____ C:\Windows\setupact.log
2013-09-09 09:25 - 2012-08-27 18:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 09:16 - 2013-06-21 05:04 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2013-09-09 09:15 - 2012-02-25 14:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-09 09:07 - 2013-08-25 10:14 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-09 08:53 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 08:53 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 08:51 - 2009-07-14 00:13 - 00779534 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 08:15 - 2013-09-09 08:15 - 00013301 _____ C:\Users\JAVIER\Desktop\Windows Firewall - Shortcut.lnk
2013-09-09 08:12 - 2013-09-09 08:12 - 00002119 _____ C:\Users\JAVIER\Desktop\Microsoft Security Essentials.lnk
2013-09-09 08:12 - 2013-09-09 08:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-09 08:12 - 2013-09-09 08:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-09 08:12 - 2013-04-13 22:31 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-09 08:05 - 2012-05-11 20:06 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C3844E4-C146-4CEE-A7E0-C6E1F47AE8F1}
2013-09-09 08:01 - 2013-05-15 06:59 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1000
2013-09-09 08:01 - 2012-12-22 16:54 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1000
2013-09-09 07:53 - 2013-09-09 07:53 - 00001115 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-09-09 07:53 - 2013-09-09 07:53 - 00000000 ____D C:\Users\JAVIER\Documents\Simply Super Software
2013-09-09 07:53 - 2013-09-09 07:52 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-09-09 07:52 - 2013-09-09 07:52 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\Simply Super Software
2013-09-09 07:52 - 2013-09-09 07:52 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-09-09 07:49 - 2013-09-09 07:47 - 00001598 _____ C:\Users\JAVIER\Desktop\mbam - Shortcut.lnk
2013-09-08 03:49 - 2013-09-05 17:26 - 00000000 ____D C:\ProgramData\dXiVpDns
2013-09-08 03:44 - 2013-09-08 03:44 - 00000000 ____D C:\Windows\TempDB643C1A-4021-0CD0-495A-B8F2B57A44D7-Signatures
2013-09-08 03:34 - 2012-05-25 01:56 - 00000000 ____D C:\Users\JAVIER\AppData\Local\CrashDumps
2013-09-08 03:30 - 2012-05-12 00:13 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\vlc
2013-09-08 03:25 - 2013-04-16 14:47 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\Xfire
2013-09-08 02:06 - 2012-05-19 13:15 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForJAVIER.job
2013-09-08 01:37 - 2012-05-19 13:15 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJAVIER
2013-09-08 01:36 - 2012-05-19 13:14 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-08 01:36 - 2012-05-13 01:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-08 01:36 - 2012-05-13 01:10 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\HP Support Assistant
2013-09-08 01:36 - 2012-05-13 01:04 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\HpUpdate
2013-09-08 01:33 - 2011-02-11 12:15 - 00773258 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-07 00:49 - 2013-04-16 14:47 - 00000000 ____D C:\ProgramData\Xfire
2013-09-06 10:46 - 2012-09-15 01:19 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\SoftGrid Client
2013-09-05 20:59 - 2013-05-06 11:53 - 00000491 _____ C:\ProgramData\lxea.log
2013-09-05 17:26 - 2012-12-02 22:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-05 17:26 - 2012-10-17 01:25 - 00000000 ____D C:\ProgramData\Sendori
2013-09-02 09:13 - 2013-08-26 09:13 - 00000000 ____D C:\Users\JAVIER\AppData\Roaming\Canon
2013-08-30 21:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-29 11:53 - 2012-09-15 01:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-25 10:22 - 2012-06-07 20:21 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B6650CA-FFDF-4A8F-8422-0DA39EF54851}
2013-08-25 10:18 - 2012-06-10 14:39 - 00000000 ____D C:\Users\Yendi\AppData\Local\CrashDumps
2013-08-25 10:15 - 2013-08-25 10:15 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2013-08-25 10:15 - 2013-08-25 10:15 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-08-25 10:15 - 2013-08-25 10:14 - 00000000 ____D C:\Users\Yendi\AppData\Roaming\canon
2013-08-25 10:14 - 2013-08-25 10:05 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-25 10:13 - 2013-08-25 10:13 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-08-25 10:13 - 2013-08-25 10:13 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-08-25 10:13 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-08-25 10:09 - 2013-08-25 10:09 - 00000000 ____D C:\Program Files\Canon
2013-08-25 10:08 - 2013-08-25 10:08 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-08-25 10:07 - 2013-08-25 10:07 - 00000000 ___HD C:\Program Files\CanonBJ
2013-08-25 10:06 - 2013-08-25 10:06 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-08-25 09:34 - 2013-03-27 17:49 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1003
2013-08-25 09:34 - 2013-03-27 17:49 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1003
2013-08-21 15:28 - 2012-06-02 18:24 - 00000000 ____D C:\Users\JAVIER\Documents\GTA San Andreas User Files
2013-08-21 12:25 - 2012-12-12 10:25 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-21 12:25 - 2012-08-27 18:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 12:25 - 2012-08-27 18:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 12:25 - 2012-07-09 00:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-17 22:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 09:56 - 2013-08-14 09:53 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:53 - 2012-05-11 21:18 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 23:23 - 2012-11-25 13:48 - 00000000 ____D C:\Users\Yendi\AppData\Roaming\vlc
2013-08-12 17:23 - 2013-03-27 17:48 - 00003364 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1003
2013-08-12 17:23 - 2013-03-27 17:48 - 00003230 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1003
 
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{c0937947-e64a-12c8-7d5a-2a697c3e5680}
C:\Users\JAVIER\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\JAVIER\AppData\Local\Temp\CH.dll
C:\Users\JAVIER\AppData\Local\Temp\hac.dll
C:\Users\Yendi\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Yendi\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Yendi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Yendi\AppData\Local\Temp\sp58915.exe
C:\Users\Yendi\AppData\Local\Temp\UninstallHPSA.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-01 03:44
 
==================== End Of Log ============================
Link to post
Share on other sites

And the Addition.txt is the following:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013
Ran by JAVIER at 2013-09-09 10:38:53
Running from C:\Users\JAVIER\Desktop\FARBAR
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
AMD APP SDK Runtime (Version: 2.5.732.1)
AMD Catalyst Install Manager (Version: 3.0.842.0)
AMD Media Foundation Decoders (Version: 1.0.60914.1136)
AMD Steady Video Plug-In  (Version: 1.00.0000)
AMD VISION Engine Control Center (x32 Version: 2011.0908.1355.23115)
Bandicam (x32)
Bandisoft MPEG-1 Decoder (x32)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.8188)
Bluetooth by hp (Version: 6.3.0.8200)
Bubble Wrap (x32 Version: 1.0.0.0)
Call of Duty Game of the Year Edition (x32)
CameraHelperMsi (x32 Version: 13.50.854.0)
Canon Easy-WebPrint EX (x32 Version: 1.3.5.0)
Canon IJ Scan Utility (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MG2200 series MP Drivers (Version: 1.00)
Canon MG2200 series On-screen Manual (x32 Version: 7.5.0)
Canon MG2200 series User Registration (x32)
Canon My Image Garden (x32 Version: 1.0.0)
Canon My Image Garden Design Files (x32 Version: 1.0.0)
Canon My Printer (x32 Version: 3.0.0)
Canon Quick Menu (x32 Version: 2.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0908.1355.23115)
Catalyst Control Center InstallProxy (x32 Version: 2011.0908.1355.23115)
Catalyst Control Center Localization All (x32 Version: 2011.0908.1355.23115)
CCC Help Chinese Standard (x32 Version: 2011.0908.1354.23115)
CCC Help Chinese Traditional (x32 Version: 2011.0908.1354.23115)
CCC Help Czech (x32 Version: 2011.0908.1354.23115)
CCC Help Danish (x32 Version: 2011.0908.1354.23115)
CCC Help Dutch (x32 Version: 2011.0908.1354.23115)
CCC Help English (x32 Version: 2011.0908.1354.23115)
CCC Help Finnish (x32 Version: 2011.0908.1354.23115)
CCC Help French (x32 Version: 2011.0908.1354.23115)
CCC Help German (x32 Version: 2011.0908.1354.23115)
CCC Help Greek (x32 Version: 2011.0908.1354.23115)
CCC Help Hungarian (x32 Version: 2011.0908.1354.23115)
CCC Help Italian (x32 Version: 2011.0908.1354.23115)
CCC Help Japanese (x32 Version: 2011.0908.1354.23115)
CCC Help Korean (x32 Version: 2011.0908.1354.23115)
CCC Help Norwegian (x32 Version: 2011.0908.1354.23115)
CCC Help Polish (x32 Version: 2011.0908.1354.23115)
CCC Help Portuguese (x32 Version: 2011.0908.1354.23115)
CCC Help Russian (x32 Version: 2011.0908.1354.23115)
CCC Help Spanish (x32 Version: 2011.0908.1354.23115)
CCC Help Swedish (x32 Version: 2011.0908.1354.23115)
CCC Help Thai (x32 Version: 2011.0908.1354.23115)
CCC Help Turkish (x32 Version: 2011.0908.1354.23115)
ccc-utility64 (Version: 2011.0908.1355.23115)
CDBurnerXP (x32 Version: 4.5.2.4214)
Cheat Engine 6.2 (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dora's World Adventure (x32 Version: 2.2.0.95)
DVD Shrink 3.2 (x32)
erLT (x32 Version: 1.20.138.34)
Facebook (x32 Version: 1.1.0004)
Fantapper Player (x32 Version: 2.0.3)
Fantapper Updater (x32 Version: 2.0.2)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
GameSpy Arcade (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GTA San Andreas (x32 Version: 1.00.00001)
HAC 2 Release v1.0 (x32 Version: v1.0)
Halo Chat v2 (x32 Version: v2)
Halo Multihack (x32 Version: 1.00.0000)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP Application Assistant (Version: 1.0.393.3870)
HP Auto (Version: 1.0.12935.3667)
HP Calendar (x32 Version: 5.1.4245.23508)
HP Client Services (Version: 1.1.12938.3539)
HP Clock (x32 Version: 5.1.4244.16367)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.029)
HP Magic Canvas (x32 Version: 5.1.15.0)
HP Magic Canvas Tutorials (x32 Version: 5.0.0.3)
HP MovieStore (x32 Version: 2.1.091)
HP MovieStore (x32 Version: 2.1.21091.0)
HP Notes (x32 Version: 5.1.4274.30382)
HP Odometer (x32 Version: 2.10.0000)
HP Product Detection (x32 Version: 11.14.0001)
HP RSS (x32 Version: 5.1.4301.21494)
HP Setup (x32 Version: 9.0.15130.3904)
HP Setup Manager (x32 Version: 1.2.15145.3905)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 11.00.0001)
HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730)
HP Update (x32 Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.12.1.0)
HP Weather (x32 Version: 5.1.4295.16450)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kobo (x32 Version: 2.0.3)
LabelPrint (x32 Version: 2.5.4507)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Lexmark Printable Web (x32 Version: 1.0.0.0)
Logitech Webcam Software (x32 Version: 2.0)
Luxor HD (x32 Version: 2.2.0.98)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.50.854.0)
LWS Help_main (x32 Version: 13.50.862.0)
LWS Launcher (x32 Version: 13.50.859.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.50.861.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
mark S300-S400 Series
Mesh Runtime (x32 Version: 15.4.5722.2)
Metric Converter (x32 Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Halo (x32)
Microsoft Halo Custom Edition (x32)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Monopoly 1.00 (x32 Version: 1.00)
Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 20.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
opensource (x32 Version: 1.0.14960.3876)
PCSX2 - Playstation 2 Emulator (x32)
PDF Complete Special Edition (x32 Version: 4.0.65)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Power2Go (x32 Version: 6.1.5706)
PowerISO (x32 Version: 4.8)
PressReader (x32 Version: 5.11.0721.0)
Project64 1.6 (x32 Version: 1.6)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6387)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recovery Manager (x32 Version: 5.5.0.4424)
Remote Graphics Receiver (x32 Version: 5.4.5)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
RollerCoaster Tycoon Deluxe (x32)
SDFormatter (x32)
Sendori (x32 Version: 2.0.15)
Skype™ 6.0 (x32 Version: 6.0.126)
Spot (x32 Version: 1.0.0.0)
Steam (x32 Version: 1.0.0.0)
Tap Tap Bear (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 8 (x32 Version: 8.0.16642)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
The Walking Dead Survival Instinct © Activision version 1 (x32 Version: 1)
Torchlight (x32 Version: 2.2.0.98)
Trojan Remover 6.8.8 (x32 Version: 6.8.8)
TSHostedAppLauncher (x32 Version: 5.1.15.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.2 (x32 Version: 2.0.2)
WBFS Manager 3.0 (x32 Version: 3.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 beta 1 (64-bit) (Version: 4.20.1)
Xfire (x32)
Youtube Video Downloader version 1.0 (x32 Version: 1.0)
Zinio Reader 4 (x32 Version: 4.2.4164)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
25-08-2013 14:44:16 Windows Update
29-08-2013 15:27:07 Windows Update
29-08-2013 16:52:35 Windows Update
02-09-2013 12:42:45 Windows Update
08-09-2013 06:29:58 Windows Update
08-09-2013 08:47:41 Installed AVG 2014
08-09-2013 08:48:12 Installed AVG 2014
09-09-2013 14:15:08 Removed Assassin's Creed
09-09-2013 14:34:33 Removed AVG 2014
09-09-2013 14:40:33 Removed AVG 2014
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0564368C-9643-479E-BEE2-B1C0FEBDF4C1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {0F266C68-5592-49D3-9B03-14AF67371397} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {2844EEF0-E706-4796-8652-67D7E4C9C8CF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {2C81393E-DED8-401C-9C71-651230EC036C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {31CA67DD-732F-4118-9739-AFC9DACA2F34} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {33C9B831-75C3-4DDF-9C34-3D05931822AD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {35539E66-D4ED-49B9-A758-08F417D34092} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {37AD58C2-0798-4610-940C-6A220A998A37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {38829713-4ED1-4A0E-8453-0582625C4F33} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {48D5082E-C799-4AF7-A4A4-85E6FCCBEFC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4D71D2FC-F377-484C-B208-1C2E9599946D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {4D8C57AF-5BDF-4161-8189-28A27A366DF9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {4F40F9EA-D090-4A62-852F-986AD8F0DB02} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {50259DAE-C3B1-4F15-BFD4-FB3AB7EFE31A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {53D1BB66-E077-4628-9DEC-FE046DFE1A29} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {681E6528-458C-47CC-905A-8CBF993B83BD} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {864757A9-BC7D-4A6F-8590-9ACAF7F4CCAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {87A460E3-65B7-421B-8985-42C427F555E4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {8A654164-DD38-42C8-A267-7E17F39F6355} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {957B2520-9E40-4F2C-B27B-40BDACD57BD7} - System32\Tasks\{A2DA3713-ED29-45A1-B31D-B00967DA09A7} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsPlugin
Task: {A954CAEC-7AEA-4422-BF6F-589FFE5AC752} - System32\Tasks\HPCeeScheduleForJAVIER => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {AFFD4696-5F45-416C-BD42-6CD2E4BC37F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {B07D92E2-18D2-46F6-9DFF-3C378598994F} - System32\Tasks\User_Feed_Synchronization-{3C3844E4-C146-4CEE-A7E0-C6E1F47AE8F1} => C:\Windows\system32\msfeedssync.exe [2013-03-28] (Microsoft Corporation)
Task: {B7CC1DED-990F-409F-9127-0B252D70EF2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2013-08-20] (Hewlett-Packard)
Task: {C064F89D-95FC-4177-A1A1-22C8BF0E76E0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C826EEC6-46CA-4143-8BC1-C6948265A2C1} - System32\Tasks\User_Feed_Synchronization-{8B6650CA-FFDF-4A8F-8422-0DA39EF54851} => C:\Windows\system32\msfeedssync.exe [2013-03-28] (Microsoft Corporation)
Task: {CDC2A62E-F9BB-421E-8AC9-47AB4B9E30AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2100056231-3060334693-1365756280-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CE59B262-90EC-49EC-A141-67AA79A10725} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2013-08-20] (Hewlett-Packard)
Task: {DBA9268A-5A2E-42CD-B64C-2650A111FEFB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E975A30E-AD22-407A-9926-42C039350756} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {F1C17300-92DF-46EA-BE72-2A16AA901C32} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2100056231-3060334693-1365756280-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJAVIER.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-25 20:19 - 2011-03-25 20:19 - 00560416 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
2012-05-11 20:35 - 2012-05-11 18:08 - 00194048 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2011-09-08 16:49 - 2011-09-08 16:49 - 00837632 _____ (Advanced Micro Devices, Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2011-09-08 16:49 - 2011-09-08 16:49 - 00004608 _____ (Advanced Micro Devices, Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2009-07-13 19:09 - 2009-07-13 20:38 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\irprops.cpl
2013-08-25 10:06 - 2012-03-26 05:00 - 03784704 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIB6.DLL
2011-03-25 20:19 - 2011-03-25 20:19 - 00352544 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btosif.dll
2011-03-25 20:19 - 2011-03-25 20:19 - 00301856 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtAudioHelper.dll
2011-03-25 20:19 - 2011-03-25 20:19 - 00582944 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btosif_ol.dll
2011-03-25 20:19 - 2011-03-25 20:19 - 00390944 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btosif_olx.dll
2011-03-25 20:19 - 2011-03-25 20:19 - 00510240 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btosif_notes.dll
2011-03-25 20:19 - 2011-03-25 20:19 - 24032544 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll
2011-09-08 16:51 - 2011-09-08 16:51 - 00095744 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2011-09-08 16:50 - 2011-09-08 16:50 - 00026112 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2011-09-08 16:50 - 2011-09-08 16:50 - 00024576 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2011-09-08 16:51 - 2011-09-08 16:51 - 00047104 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2011-09-08 16:50 - 2011-09-08 16:50 - 00005632 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2011-09-08 16:50 - 2011-09-08 16:50 - 00020480 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2011-09-08 16:51 - 2011-09-08 16:51 - 00021504 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2011-09-08 16:50 - 2011-09-08 16:50 - 00015360 _____ (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2011-09-08 16:50 - 2011-09-08 16:50 - 00294912 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-09-08 16:50 - 2011-09-08 16:50 - 00180224 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 16:51 - 2009-01-20 16:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-09-08 16:54 - 2011-09-08 16:54 - 00027648 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-09-08 16:53 - 2011-09-08 16:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-02 15:41 - 2011-08-02 15:41 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-22 04:48 - 2009-11-26 03:52 - 00086186 _____ (Lexmark International) C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacfg.dll
2012-11-22 04:49 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2012-11-22 04:48 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2012-11-22 04:49 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2012-11-22 04:49 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2012-11-22 04:49 - 2009-03-05 12:55 - 00059904 _____ (Lexmark International Inc.) C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacnv4.dll
2012-11-22 04:49 - 2009-03-10 00:41 - 00962560 _____ (Corp.) C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamonr.dll
2012-11-22 04:49 - 2009-12-09 14:35 - 00802816 _____ ( ) C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacomc.dll
2012-11-22 04:47 - 2009-02-20 03:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2012-11-22 04:47 - 2009-02-20 03:48 - 00023552 _____ () C:\Windows\system32\lxeasmr.dll
2012-11-22 04:48 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2012-11-22 04:48 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2012-11-22 04:48 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2012-11-22 04:48 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2012-11-22 04:48 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2012-11-22 04:49 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2012-11-22 04:48 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2012-11-22 04:48 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2012-11-22 04:48 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2012-11-22 04:49 - 2010-04-01 12:18 - 00548864 _____ (PDFlib GmbH) C:\Program Files (x86)\Lexmark S300-S400 Series\PdfLib.dll
2012-11-22 04:49 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-07-01 14:28 - 2013-07-01 14:28 - 00275744 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\DynLib.dll
2013-04-16 03:12 - 2013-04-16 03:12 - 00052824 _____ (RealNetworks, Inc.) C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlchrome10browserrecordhelper.dll
2011-03-25 19:26 - 2011-03-25 19:26 - 00226592 _____ (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV
2013-09-05 21:02 - 2013-09-02 15:35 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\icudt.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 21:02 - 2013-09-02 15:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-05 21:02 - 2013-09-02 15:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-05 21:02 - 2013-09-02 15:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-05 21:02 - 2013-09-02 15:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-05 21:02 - 2013-09-02 15:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-04-16 03:11 - 2013-04-16 03:11 - 00148480 _____ (RealNetworks, Inc.) C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
2013-04-16 03:10 - 2013-04-16 03:10 - 00507536 _____ (RealDownloader) C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Common\rndlmainbrowserrecordplugin.dll
2013-04-16 03:12 - 2013-04-16 03:12 - 00060928 _____ () C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll
2013-09-05 21:02 - 2013-09-02 15:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
2013-04-16 03:11 - 2013-04-16 03:11 - 00016384 _____ (RealNetworks, Inc.) C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2013 09:05:16 AM) (Source: Application Hang) (User: )
Description: The program lxeaPSWX.EXE version 3.677.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c40
 
Start Time: 01cead657f4731a0
 
Termination Time: 6
 
Application Path: C:\Windows\system32\spool\DRIVERS\x64\3\lxeaPSWX.EXE
 
Report Id: d71e06ae-1958-11e3-8650-74de2b7a5687
 
Error: (09/09/2013 07:53:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (09/09/2013 07:51:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (09/09/2013 07:51:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (09/09/2013 07:51:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (09/09/2013 03:00:06 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/09/2013 02:51:29 AM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/09/2013 01:10:06 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/09/2013 01:01:31 AM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/08/2013 05:04:42 AM) (Source: Microsoft Security Client Setup) (User: JAVIER-HP)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
 
System errors:
=============
Error: (09/09/2013 10:34:30 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/09/2013 10:33:36 AM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (09/09/2013 10:33:36 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
 
Error: (09/09/2013 08:47:14 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/09/2013 08:46:14 AM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (09/09/2013 08:46:14 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
 
Error: (09/09/2013 08:04:14 AM) (Source: Microsoft Antimalware) (User: )
Description: %JAVIER-HP60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %JAVIER-HP51
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %JAVIER-HP602
 
Update Type: %JAVIER-HP604
 
User: JAVIER-HP\JAVIER
 
Current Engine Version: %JAVIER-HP605
 
Previous Engine Version: %JAVIER-HP606
 
Error code: %JAVIER-HP607
 
Error description: %JAVIER-HP608
 
Error: (09/09/2013 08:04:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %JAVIER-HP60 has encountered an error trying to update the engine.
 
New Engine Version: 
 
Previous Engine Version: 
 
Engine Type: %JAVIER-HP604
 
User: JAVIER-HP\JAVIER
 
Error Code: %JAVIER-HP601
 
Error description: %JAVIER-HP602
 
Error: (09/09/2013 08:04:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %JAVIER-HP60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %JAVIER-HP15
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %JAVIER-HP602
 
Update Type: %JAVIER-HP604
 
User: JAVIER-HP\JAVIER
 
Current Engine Version: %JAVIER-HP605
 
Previous Engine Version: %JAVIER-HP606
 
Error code: %JAVIER-HP607
 
Error description: %JAVIER-HP608
 
Error: (09/09/2013 08:02:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2013 09:05:16 AM) (Source: Application Hang)(User: )
Description: lxeaPSWX.EXE3.677.0.0c4001cead657f4731a06C:\Windows\system32\spool\DRIVERS\x64\3\lxeaPSWX.EXEd71e06ae-1958-11e3-8650-74de2b7a5687
 
Error: (09/09/2013 07:53:03 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\JAVIER\Desktop\SoftonicDownloader_for_trojan-remover.exe
 
Error: (09/09/2013 07:51:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\JAVIER\Desktop\SoftonicDownloader_for_trojan-remover.exe
 
Error: (09/09/2013 07:51:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\JAVIER\Desktop\SoftonicDownloader_for_trojan-remover.exe
 
Error: (09/09/2013 07:51:18 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\JAVIER\Desktop\SoftonicDownloader_for_trojan-remover.exe
 
Error: (09/09/2013 03:00:06 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/09/2013 02:51:29 AM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/09/2013 01:10:06 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/09/2013 01:01:31 AM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/08/2013 05:04:42 AM) (Source: Microsoft Security Client Setup)(User: JAVIER-HP)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 7666.85 MB
Available physical RAM: 5222 MB
Total Pagefile: 15331.88 MB
Available Pagefile: 12489.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:914.58 GB) (Free:843.5 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.83 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 610E6AED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{c0937947-e64a-12c8-7d5a-2a697c3e5680}\???\???\???ﯹ๛\{c0937947-e64a-12c8-7d5a-2a697c3e5680}\GoogleUpdate.exe" >) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{c0937947-e64a-12c8-7d5a-2a697c3e5680}\???\???\???ﯹ๛\{c0937947-e64a-12c8-7d5a-2a697c3e5680}\GoogleUpdate.exe" >) -> FOUND

Now click Delete on the right hand column under Options

-------------

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Looks Good.....

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Here's the log for AdwCleaner[s0]:

 

# AdwCleaner v3.003 - Report created 11/09/2013 at 07:39:07
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : JAVIER - JAVIER-HP
# Running from : C:\Users\JAVIER\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\JAVIER\AppData\Local\apn
Folder Deleted : C:\Users\JAVIER\AppData\Local\Conduit
Folder Deleted : C:\Users\JAVIER\AppData\Local\cre
Folder Deleted : C:\Users\JAVIER\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
[ File : C:\Users\JAVIER\AppData\Roaming\Mozilla\Firefox\Profiles\c08231r1.default\prefs.js ]
 
 
[ File : C:\Users\Yendi\AppData\Roaming\Mozilla\Firefox\Profiles\evexvvrd.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\JAVIER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [5796 octets] - [11/09/2013 07:37:37]
AdwCleaner[s0].txt - [5202 octets] - [11/09/2013 07:39:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5262 octets] ##########
Link to post
Share on other sites

OK, run Malwarebytes and then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

And this is the Malwarebytes log after updating and scanning:

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.11.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
JAVIER :: JAVIER-HP [administrator]
 
Protection: Enabled
 
9/11/2013 8:08:35 AM
mbam-log-2013-09-11 (08-08-35).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252923
Time elapsed: 4 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

And this is the checkup.txt log:

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Mozilla Firefox 20.0.1 Firefox out of Date!  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Java 7 Update 25 <----please update, should be Update 40

Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

---------------------------------

Mozilla Firefox 20.0.1 Firefox out of Date! <-----please check for an update if available.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.