Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack.AutoConfigURL.PrxySvrRST malware


  • Please log in to reply
4 replies to this topic

#1 Jacobsusanibar

Jacobsusanibar

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 16 May 2016 - 01:57 PM

Hello everyone!

I have recently run MBAM because Google Chrome started acting weird, because it had different fonts and evrry single time I logged to my Google account, it automatically logged off. MBAM found two malwares named Hijack.AutoConfigURL.PrxySvrRST. I did a cleaning with MBAM and restarted and it was doing fine but it came back. I NEED HELP PLEASE! I don't know much about malwares and cleaning and I'd like someone to guide me. Thank you!

BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 16 May 2016 - 02:59 PM

Hello Jacobsusanibar and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
Thanks
 
Please do the following.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Sincerely . :hello:

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Jacobsusanibar

Jacobsusanibar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 16 May 2016 - 03:23 PM

Ho Yılmaz! Thanks for the help! I read other related posts and run RogueKiller and Zoek. Zoek is still running. Do you want me to cancel the scanning or let it finnish and then run FRST? Thanks once again!

#4 Jacobsusanibar

Jacobsusanibar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 16 May 2016 - 04:54 PM

Hi there again Yilmaz! OK, so I have closed Zoek and started FRST. These are the logs:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Ran by Jacob Susanibar (administrator) on PROBOOK-HP (16-05-2016 16:46:51)
Running from C:\Users\Jacob Susanibar\Desktop
Loaded Profiles: Jacob Susanibar (Available Profiles: Jacob Susanibar)
Platform: Windows 8.1 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(The Within Network, LLC) C:\Windows\unsignedthemes.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(SDL) C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Jacob Susanibar\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [147160 2013-08-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-11-02] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2015-11-02] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-09-26] (Hewlett-Packard)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [342312 2009-04-02] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [Spotify Web Helper] => C:\Users\Jacob Susanibar\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-29] (Spotify Ltd)
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\MountPoints2: {10d374fb-7f6a-11e5-8260-acb57da46767} - "E:\OInstall.exe" 
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\MountPoints2: {527aa096-819b-11e5-8262-acb57da46767} - "F:\setup.exe" 
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX32.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac
Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{3F003178-AE9C-4845-BF61-939587982F21}: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{AF1BFFF7-DE43-4919-938C-A88E733A2CC8}: [DhcpNameServer] 200.48.225.130 200.48.225.146
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2336363666-3353795640-692961026-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-26] (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2016-03-30] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2016-03-30] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-20] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2009-04-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-10-03] (DigitalPersona, Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2015-03-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
 
Chrome: 
=======
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=es-es
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR DefaultSuggestURL: Profile 2 -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-11]
CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-11]
CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-11]
CHR Extension: (Google Search) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Google Sheets) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]
CHR Extension: (SiteAdvisor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-11]
CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-11]
CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-11]
CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-13]
CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
CHR Extension: (8-Ball Pool) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-11-13]
CHR Extension: (Búsqueda de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-11-13]
CHR Extension: (Email Extractor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jdianbbpnakhcmfkcckaboohfgnngfcc [2016-01-30]
CHR Extension: (TweetDeck Launcher) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2015-11-13]
CHR Extension: (Newsletter creator for Google Apps) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\naeidfheomeglnafioodanonaehnkicb [2016-02-02]
CHR Extension: (deviantART muro) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-11-13]
CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-11-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-13]
CHR Extension: (Scraper) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\poegfpiagjgnenagjphgdklmgcpjaofi [2016-03-13]
CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Presentaciones de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]
CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]
CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
CHR Extension: (newsletter.ie) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cmbaajgphfaboknnopdocdnjafojafki [2016-02-02]
CHR Extension: (Búsqueda de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-15]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-16]
CHR Extension: (Newsletter creator for Google Apps) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\naeidfheomeglnafioodanonaehnkicb [2016-02-02]
CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-12-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR Extension: (Add Email Signature - WiseStamp) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2016-02-07]
CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]
CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Presentaciones de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-02]
CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Búsqueda de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-09]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-02]
CHR Extension: (SiteAdvisor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-03-02]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-09]
CHR Extension: (Yahoo Web) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-03-02]
CHR Extension: (Skype) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-09]
CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-03-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-02]
CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-11]
CHR HKU\S-1-5-21-2336363666-3353795640-692961026-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JACOBS~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-03-08]
CHR HKU\S-1-5-21-2336363666-3353795640-692961026-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-11]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-10-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-26] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2015-03-17] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-10-03] (DigitalPersona, Inc.)
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-10-16] (Hewlett-Packard Company)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [372408 2013-12-10] (Hewlett-Packard Development Company, L.P.)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-10-21] (Hewlett-Packard Development Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [656168 2009-04-02] (Apple Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-05-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 NalServ; C:\windows\SysWOW64\nalserv.exe [147056 2013-10-02] (Nalpeiron Ltd.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
R2 Sdl.ProductTelemetrics.v1; C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12288 2015-06-17] (SDL) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2015-11-02] (IDT, Inc.) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-03-28] (Stardock Software, Inc)
R2 UnsignedThemes; C:\windows\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 fpCsEvtSvc; %SystemRoot%\system32\fpCSEvtSvc.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2016-02-01] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-03-17] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7524016 2015-11-02] (Broadcom Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R2 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-02] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-04] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [28376 2014-05-15] (Hewlett-Packard Company)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2014-12-05] (WinMagic Inc.)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2015-11-02] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-12-05] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2014-12-05] (WinMagic Inc.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2015-11-02] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-26] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-15] ()
R2 uxstyle; C:\windows\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 X6va060; \??\C:\windows\SysWOW64\Drivers\X6va060 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 16:46 - 2016-05-16 16:47 - 00038555 _____ C:\Users\Jacob Susanibar\Desktop\FRST.txt
2016-05-16 16:44 - 2016-05-16 16:44 - 02382336 _____ (Farbar) C:\Users\Jacob Susanibar\Desktop\FRST64.exe
2016-05-16 16:40 - 2016-05-16 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-05-16 16:34 - 2016-05-16 16:36 - 00001078 _____ C:\windows\system32dbgraw.bmp
2016-05-16 15:25 - 2016-05-16 15:25 - 00000000 ____D C:\zoek
2016-05-16 15:17 - 2016-05-16 16:34 - 00000394 _____ C:\windows\Tasks\HPCeeScheduleForJacob Susanibar.job
2016-05-16 15:17 - 2016-05-16 15:17 - 00003228 _____ C:\windows\System32\Tasks\HPCeeScheduleForJacob Susanibar
2016-05-16 14:55 - 2016-05-16 15:32 - 00003148 _____ C:\runcheck.txt
2016-05-16 14:55 - 2016-05-16 15:32 - 00000000 ____D C:\zoek_backup
2016-05-16 13:34 - 2016-05-16 13:34 - 01309184 _____ C:\Users\Jacob Susanibar\Downloads\zoek.exe
2016-05-16 13:29 - 2016-05-16 13:30 - 24085576 _____ C:\Users\Jacob Susanibar\Downloads\RogueKillerX64.exe
2016-05-16 13:29 - 2016-05-16 13:29 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Persuasión
2016-05-15 22:30 - 2016-05-15 22:30 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\CrashDumps
2016-05-15 22:27 - 2016-05-15 22:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-15 22:27 - 2016-05-15 22:27 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-05-15 22:06 - 2016-05-16 16:01 - 00003846 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-05-15 19:27 - 2016-05-15 19:27 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Jacob Susanibar\Downloads\SpyHunter-Installer.exe
2016-05-15 18:49 - 2016-05-15 18:50 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Thank You for Arguing What Aristotle, Lincoln, and Homer Simpson Can Teach Us About the Art of Persuasion-Mantesh
2016-05-15 18:45 - 2016-05-15 18:45 - 00248164 _____ C:\Users\Jacob Susanibar\Downloads\Banned Mind Control Techniques Unleashed - Daniel SMith.azw3
2016-05-15 18:45 - 2016-05-15 18:45 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Verbal Judo (George J. Thompson, Ph.D. and Jerry B. Jenkins) Retail azw3 epub [Itzy]
2016-05-15 18:40 - 2016-05-15 18:40 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Persuasion IQ - The 10 Skills You Need to Get Exactly What You Want by Kurt W. Mortensen (Audiobook)
2016-05-15 18:40 - 2016-05-15 18:40 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Influence (7Summits)
2016-05-15 18:14 - 2016-05-16 14:21 - 00004020 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-05-14 15:31 - 2016-05-14 15:31 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Custom Office Templates
2016-05-14 15:06 - 2016-05-14 15:06 - 00001105 _____ C:\Users\Jacob Susanibar\Desktop\JRT.txt
2016-05-14 14:57 - 2016-05-14 15:06 - 00000000 ____D C:\AdwCleaner
2016-05-14 14:52 - 2016-05-16 01:31 - 00001648 _____ C:\Users\Jacob Susanibar\Desktop\Rkill.txt
2016-05-14 14:34 - 2016-05-15 19:46 - 00003120 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2336363666-3353795640-692961026-1002
2016-05-14 14:34 - 2016-05-14 14:34 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-05-11 09:33 - 2016-05-11 09:33 - 00000000 __RHD C:\MSOCache
2016-05-10 23:57 - 2016-05-16 16:36 - 00001062 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-10 23:57 - 2016-05-16 16:02 - 00001066 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-10 23:57 - 2016-05-10 23:57 - 00004038 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:57 - 2016-05-10 23:57 - 00003802 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-09 23:01 - 2016-05-09 23:01 - 00011039 _____ C:\Users\Jacob Susanibar\Documents\precios.xlsx
2016-05-07 20:07 - 2016-05-16 16:40 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2336363666-3353795640-692961026-1002
2016-05-07 19:26 - 2016-05-07 19:28 - 00000000 ____D C:\Users\Jacob Susanibar\Desktop\Adobe Acrobat
2016-05-07 19:25 - 2016-05-07 19:25 - 00003454 _____ C:\windows\System32\Tasks\InstallShield® Update Service Scheduler
2016-05-06 16:49 - 2016-05-06 16:49 - 00000108 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-05-06 16:48 - 2016-05-06 16:48 - 00000000 ____D C:\ProgramData\Isolated Storage
2016-05-02 21:18 - 2016-05-02 21:18 - 00000000 ____D C:\ProgramData\Samsung
2016-05-02 21:17 - 2016-05-02 21:18 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\mgyun
2016-05-02 17:05 - 2016-05-02 17:13 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Thunderbird
2016-05-02 17:05 - 2016-05-02 17:05 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Thunderbird
2016-05-02 17:05 - 2016-05-02 17:05 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Mozilla
2016-04-29 19:15 - 2016-04-29 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
2016-04-29 19:15 - 2016-04-29 19:27 - 00000000 ____D C:\Program Files (x86)\RocketDock
2016-04-29 19:15 - 2016-04-29 19:22 - 46837530 _____ C:\Users\Jacob Susanibar\Downloads\dots_by_dradis75-d7n2hpn.zip
2016-04-29 18:22 - 2016-02-08 12:12 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-04-29 18:22 - 2016-02-08 11:58 - 00336384 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2016-04-29 18:22 - 2014-10-28 23:09 - 01239576 _____ (Microsoft Corporation) C:\windows\system32\taskmgr.exe
2016-04-29 18:21 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2016-04-29 18:21 - 2014-10-28 21:45 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\oobefldr.dll
2016-04-29 18:21 - 2014-10-28 21:19 - 00155648 _____ (Microsoft Corporation) C:\windows\system32\mydocs.dll
2016-04-29 18:21 - 2014-10-28 21:16 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\msconfig.exe
2016-04-29 18:21 - 2014-10-28 21:11 - 00475648 _____ (Microsoft Corporation) C:\windows\system32\snippingtool.exe
2016-04-29 18:21 - 2014-10-28 21:07 - 06692352 _____ (Microsoft Corporation) C:\windows\system32\mspaint.exe
2016-04-29 18:21 - 2014-10-28 20:49 - 00273920 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-04-29 18:21 - 2014-10-28 19:35 - 00234496 _____ (Microsoft Corporation) C:\windows\system32\sndvolsso.dll
2016-04-29 18:21 - 2013-08-22 06:45 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\imagesp1.dll
2016-04-29 18:20 - 2016-04-29 19:00 - 00000000 ____D C:\windows\UXBackup
2016-04-29 18:20 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\windows\system32\calc.exe
2016-04-29 18:20 - 2014-10-28 21:44 - 02022912 _____ (Microsoft Corporation) C:\windows\system32\batmeter.dll
2016-04-29 18:20 - 2014-10-28 21:29 - 00165376 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2016-04-29 18:20 - 2014-10-28 21:19 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\control.exe
2016-04-29 18:20 - 2014-10-28 21:18 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\dpiscaling.exe
2016-04-29 18:20 - 2014-10-28 21:04 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe
2016-04-29 18:20 - 2014-10-28 20:58 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\actioncenter.dll
2016-04-29 18:20 - 2014-10-28 20:34 - 00134144 _____ (Microsoft Corporation) C:\windows\regedit.exe
2016-04-29 18:20 - 2014-10-28 20:28 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\cmd.exe
2016-04-29 18:20 - 2014-10-28 20:18 - 00184832 _____ (Microsoft Corp.) C:\windows\system32\defrag.exe
2016-04-29 18:20 - 2013-08-22 06:44 - 48847872 _____ (Microsoft Corporation) C:\windows\system32\imageres.dll
2016-04-29 18:19 - 2016-04-29 19:00 - 00000000 ____D C:\Program Files (x86)\UX Pack
2016-04-29 18:19 - 2011-08-11 12:47 - 00076288 _____ C:\windows\SysWOW64\moveex.exe
2016-04-29 18:19 - 2003-08-19 01:44 - 00118845 _____ (Matt Ginzton) C:\windows\Flurry.scr
2016-04-29 17:22 - 2016-04-29 17:33 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\MetroSidebar
2016-04-27 11:50 - 2016-04-27 11:50 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-04-26 12:45 - 2016-04-26 12:45 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Applite
2016-04-26 12:37 - 2016-04-26 12:37 - 00000000 ____D C:\Program Files (x86)\Loquendo
2016-04-25 21:11 - 2016-04-26 17:46 - 00000000 ____D C:\Users\Jacob Susanibar\Desktop\Negocio gorda
2016-04-25 20:13 - 2016-04-29 17:42 - 00000000 ____D C:\SkinPack
2016-04-25 13:16 - 2016-04-25 13:23 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Jarvis Custom Commands
2016-04-25 13:16 - 2016-04-25 13:16 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\MichaelC
2016-04-25 12:10 - 2016-04-25 12:10 - 00000000 ____D C:\Users\Jacob Susanibar\Desktop\Music Sort
2016-04-25 12:09 - 2016-04-25 12:09 - 00000003 _____ C:\windows\SysWOW64\HRUPPROG.EXIT
2016-04-25 12:08 - 2016-04-25 12:09 - 00000002 _____ C:\windows\SysWOW64\HRUPPROG.TXT
2016-04-25 11:44 - 2016-04-25 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-25 11:44 - 2016-04-25 11:44 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Apple Computer
2016-04-25 11:44 - 2016-04-25 11:44 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Apple Computer
2016-04-25 11:44 - 2009-03-19 16:34 - 00029544 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2016-04-25 11:44 - 2008-04-17 12:12 - 00126312 _____ (GEAR Software Inc.) C:\windows\system32\GEARAspi64.dll
2016-04-25 11:44 - 2008-04-17 12:12 - 00107368 _____ (GEAR Software Inc.) C:\windows\SysWOW64\GEARAspi.dll
2016-04-25 11:43 - 2016-04-25 11:44 - 00000000 ____D C:\Program Files\iTunes
2016-04-25 11:43 - 2016-04-25 11:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-25 11:43 - 2016-04-25 11:43 - 00000000 ____D C:\Program Files (x86)\iPod
2016-04-25 11:42 - 2016-04-25 11:43 - 00000000 ____D C:\ProgramData\Apple Computer
2016-04-25 11:42 - 2016-04-25 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-25 11:42 - 2016-04-25 11:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-25 11:41 - 2016-04-25 11:41 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-25 11:41 - 2016-04-25 11:41 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Apple
2016-04-25 11:41 - 2016-04-25 11:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-25 11:41 - 2016-04-25 11:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-25 11:40 - 2016-04-25 11:40 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\LocalLow\Apple Computer
2016-04-25 11:40 - 2016-04-25 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2016-04-25 11:39 - 2016-04-25 11:40 - 00000000 ____D C:\Program Files (x86)\Windows Phone
2016-04-25 11:37 - 2016-04-25 11:37 - 00000000 ____D C:\ProgramData\Applications
2016-04-23 01:51 - 2016-04-23 01:51 - 00635040 _____ (Microsoft Corporation) C:\windows\system32\msvcp140.dll
2016-04-23 01:51 - 2016-04-23 01:51 - 00439608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp140.dll
2016-04-23 01:51 - 2016-04-23 01:51 - 00390320 _____ (Microsoft Corporation) C:\windows\system32\vccorlib140.dll
2016-04-23 01:51 - 2016-04-23 01:51 - 00332968 _____ (Microsoft Corporation) C:\windows\system32\concrt140.dll
2016-04-23 01:51 - 2016-04-23 01:51 - 00266928 _____ (Microsoft Corporation) C:\windows\SysWOW64\vccorlib140.dll
2016-04-23 01:51 - 2016-04-23 01:51 - 00243520 _____ (Microsoft Corporation) C:\windows\SysWOW64\concrt140.dll
2016-04-23 01:51 - 2016-04-23 01:51 - 00088752 _____ (Microsoft Corporation) C:\windows\system32\vcruntime140.dll
2016-04-23 01:51 - 2016-04-23 01:51 - 00085328 _____ (Microsoft Corporation) C:\windows\SysWOW64\vcruntime140.dll
2016-04-22 12:12 - 2016-03-10 01:32 - 00002481 _____ C:\Users\Jacob Susanibar\Documents\Adobe Reader XI.lnk
2016-04-21 18:03 - 2016-04-21 19:34 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Musica2
2016-04-21 17:37 - 2016-04-21 17:37 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\YouTubeToMp3
2016-04-21 17:37 - 2016-04-21 17:37 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\MediaHuman
2016-04-21 17:35 - 2016-04-21 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2016-04-21 17:35 - 2016-04-21 17:35 - 00000000 ____D C:\Program Files (x86)\MediaHuman
2016-04-21 17:08 - 2016-04-21 17:08 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\4kdownload.com
2016-04-21 01:36 - 2016-04-21 01:36 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\chc
2016-04-20 01:14 - 2016-04-20 01:29 - 46398995 _____ C:\Users\Jacob Susanibar\Downloads\PSDKEYS_ResumeCV_Sawyer_213836.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 16:46 - 2016-04-04 00:39 - 00000000 ____D C:\FRST
2016-05-16 16:40 - 2016-04-04 04:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-16 16:37 - 2016-03-08 15:45 - 00000000 ___RD C:\Users\Jacob Susanibar\Google Drive
2016-05-16 16:37 - 2015-11-14 19:15 - 00000000 ____D C:\Users\Jacob Susanibar\OneDrive
2016-05-16 16:34 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-16 16:33 - 2013-08-22 08:25 - 00524288 ___SH C:\windows\system32\config\BBI
2016-05-16 16:32 - 2016-02-02 18:27 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-05-16 16:01 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Inf
2016-05-16 15:28 - 2015-10-30 18:12 - 00000000 ___RD C:\Users\Jacob Susanibar
2016-05-15 22:30 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-15 22:30 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-15 22:21 - 2015-10-30 21:32 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\uTorrent
2016-05-15 21:07 - 2015-10-30 17:28 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Skype
2016-05-14 15:18 - 2015-11-02 18:42 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Instaladores
2016-05-14 15:08 - 2013-08-22 09:44 - 05208184 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-14 14:49 - 2015-10-30 17:34 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\AIMP3
2016-05-14 13:26 - 2015-11-02 03:06 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\DAEMON Tools Lite
2016-05-14 13:22 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2016-05-13 15:01 - 2014-03-18 04:38 - 00000000 ____D C:\windows\ShellNew
2016-05-13 14:56 - 2013-08-22 08:25 - 00000076 _____ C:\windows\win.ini
2016-05-13 12:53 - 2015-10-30 17:28 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 11:46 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-05-12 03:59 - 2015-11-02 22:00 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Biblioteca
2016-05-12 03:56 - 2016-03-16 19:05 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Biblioteca de calibre
2016-05-12 01:15 - 2016-03-09 14:09 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Libros
2016-05-11 22:46 - 2015-10-30 17:35 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\vlc
2016-05-11 22:09 - 2016-03-29 23:16 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Spotify
2016-05-11 22:09 - 2016-03-29 23:15 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Spotify
2016-05-11 20:25 - 2015-10-30 18:12 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Packages
2016-05-11 19:51 - 2015-10-30 17:19 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Microsoft Help
2016-05-11 10:00 - 2015-03-17 19:27 - 00000000 ____D C:\ProgramData\Temp
2016-05-10 23:53 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore
2016-05-09 13:26 - 2015-11-02 21:16 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Camera Roll
2016-05-07 19:47 - 2015-10-30 17:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-07 19:47 - 2015-10-30 17:30 - 00000000 ____D C:\ProgramData\Adobe
2016-05-07 11:41 - 2015-10-30 17:31 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Adobe
2016-05-07 00:35 - 2015-10-30 17:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-06 16:57 - 2015-10-31 16:57 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\_.xlsx
2016-05-06 15:25 - 2016-03-08 15:16 - 25920403 _____ C:\Users\Jacob Susanibar\Downloads\recuerdosdenuestroprimerviaje3.zip
2016-05-06 15:24 - 2016-03-08 15:24 - 15210242 _____ C:\Users\Jacob Susanibar\Downloads\Gmail.zip
2016-05-03 00:19 - 2016-03-23 15:40 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Learn in your car
2016-05-02 16:33 - 2015-10-30 17:28 - 00000000 ____D C:\ProgramData\Skype
2016-04-30 09:47 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-30 09:47 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2016-04-29 18:19 - 2013-08-22 10:36 - 00000000 __RSD C:\windows\Media
2016-04-29 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\windows\Cursors
2016-04-27 11:52 - 2016-03-08 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-26 21:55 - 2015-11-02 15:11 - 00004026 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DD1CCAE8-4714-4108-B6C1-343A1D9B6613}
2016-04-25 21:13 - 2015-11-02 18:18 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Studio 2015
2016-04-25 12:40 - 2015-11-02 19:06 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\ElevatedDiagnostics
2016-04-24 13:53 - 2016-02-10 12:06 - 00000000 ____D C:\windows\system32\appraiser
2016-04-24 13:53 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2016-04-21 17:44 - 2015-03-17 19:46 - 00826854 _____ C:\windows\system32\perfh00A.dat
2016-04-21 17:44 - 2015-03-17 19:46 - 00194378 _____ C:\windows\system32\perfc00A.dat
2016-04-21 17:44 - 2014-03-18 04:53 - 01906666 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-20 16:40 - 2015-11-06 14:59 - 00000000 ____D C:\ProgramData\Oracle
2016-04-20 15:11 - 2015-11-02 16:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-20 14:55 - 2016-03-23 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-20 14:55 - 2015-11-06 15:00 - 00000000 ____D C:\Users\Jacob Susanibar\.oracle_jre_usage
2016-04-20 14:54 - 2016-03-23 13:31 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-20 14:54 - 2015-11-02 16:52 - 00268352 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2016-04-17 15:30 - 2016-03-23 15:05 - 00000000 ____D C:\Minecraft
 
==================== Files in the root of some directories =======
 
2016-02-06 21:48 - 2016-02-06 22:31 - 0000132 _____ () C:\Users\Jacob Susanibar\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-11-02 01:56 - 2016-02-07 23:34 - 0001759 _____ () C:\Users\Jacob Susanibar\AppData\Roaming\SAS7_000.DAT
2016-05-06 16:49 - 2016-05-06 16:49 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-11-02 20:40 - 2015-11-02 20:41 - 1671260 _____ () C:\ProgramData\SynFPRmsiLogs.log
 
Some files in TEMP:
====================
C:\Users\Jacob Susanibar\AppData\Local\Temp\7za.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\DaS_21.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jacob Susanibar\AppData\Local\Temp\hijackthis.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\NirCmd.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\PEVZ.EXE
C:\Users\Jacob Susanibar\AppData\Local\Temp\remove.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\sed.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\shortcut.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\swreg.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\swxcacls.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\wget.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\zoek-delete.exe
C:\Users\Jacob Susanibar\AppData\Local\Temp\_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-16 13:19
 

 

==================== End of FRST.txt ============================

 

Addition.txt
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by Jacob Susanibar (2016-05-16 16:48:27)
Running from C:\Users\Jacob Susanibar\Desktop
Windows 8.1 Single Language (X64) (2015-10-30 23:12:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2336363666-3353795640-692961026-500 - Administrator - Disabled)
Invitado (S-1-5-21-2336363666-3353795640-692961026-501 - Limited - Disabled)
Jacob Susanibar (S-1-5-21-2336363666-3353795640-692961026-1002 - Administrator - Enabled) => C:\Users\Jacob Susanibar
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus y Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus y Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.42.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.42.0 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5094145C-9F17-8099-7F4F-E5AADD5E4065}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{BA1035C7-14DE-4857-8285-4ACFC74172EC}) (Version: 2.4.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version:  - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
calibre (HKLM-x32\...\{93283071-208F-4A58-B7B4-CAD34FC55E88}) (Version: 2.53.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3318 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.0.200 - Nuance Communications Inc.)
Easy Duplicate Finder v. 1.4.3.0 (HKLM-x32\...\Easy Duplicate Finder_is1) (Version:  - EasyDuplicateFinder.com)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
e-Sword (HKLM-x32\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{84663FDA-1374-4048-9869-DD4A8784785A}) (Version: 6.0.16.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.1.1713 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{8CD3FDC6-5591-44A8-840E-1096601D8CED}) (Version: 8.3.1.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{85134964-69F0-4F55-9B77-F84E1BC48301}) (Version: 1.1.2.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.11.10 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{8694492B-C69F-4204-A8BA-15BE0D9BAFCA}) (Version: 1.1.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.14.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.2.8.25 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{21925AE1-929D-4222-B38B-80BC30BBE09C}) (Version: 12.4.18.7 - HP)
HP System Default Settings (HKLM-x32\...\{29641907-0BBA-4832-B6DE-349DAA655883}) (Version: 2.1.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.3.0.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Hotspot (HKLM-x32\...\{563ADFC1-38E6-4EF0-8763-7CDA8289944B}) (Version: 1.0.25.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
iTunes (HKLM\...\{AE303591-1BFC-48B3-881B-655298C4EDE0}) (Version: 8.1.1.10 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.190 - McAfee, Inc.)
MediaHuman YouTube to MP3 Converter versión 3.9.5 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.5 - )
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{29F5A1C9-0BC3-16E6-9384-3BC5D1CB7ACE}) (Version: 1.00.0000 - Nombre de su organización)
OmegaT version 3.1.9_04 (HKLM-x32\...\OmegaT 3.1.9_04_is1) (Version:  - OmegaT)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{74BBCD30-EB17-4909-B59F-65E0DD2B7E95}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Compressor 3.0 (HKLM-x32\...\PDFCompressor_is1) (Version:  - PDF Compressor)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
SDL MultiTerm 2011 SP2 - Remove suite of products (HKLM-x32\...\Multiterm2011) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Administrator (HKLM-x32\...\{4F798133-01F8-47AF-AE9A-B0A15FEF1DDB}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Convert (HKLM-x32\...\{212062FE-9FEF-457F-980F-6B25270CC99D}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Core (HKLM-x32\...\{6664CA13-C9B1-4488-881E-4AC14CE0F260}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Desktop (HKLM-x32\...\{777BE1C2-F665-42E2-90DD-157A67715710}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Extract (HKLM-x32\...\{7071528D-59E2-412D-8EA4-272C87F7027C}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Widget (HKLM-x32\...\{D03F5196-A70A-43EC-8566-16BCBFE24FD7}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Word Integration (HKLM-x32\...\{7C21542D-7618-42D4-990D-9B458DCDE71E}) (Version: 9.2.361 - SDL)
SDL Nalpeiron Service Installer (HKLM-x32\...\{A3426877-4F23-4CF2-B473-0DC8630DE8EF}) (Version: 1.2.0 - SDL)
SDL Passolo 2011 (HKLM-x32\...\SDL Passolo 2011) (Version: SDL Passolo 2011 SP9 - SDL Passolo GmbH)
SDL Trados 2015 - Remove suite of products (HKLM-x32\...\TranslationStudio2015) (Version: 4.0.4809 - SDL)
SDL Trados Legacy Compatibility Module (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
SDL Trados Studio 2015  (HKLM-x32\...\{27FA26BF-7D3F-458F-A4FF-3F972177B1DC}) (Version: 4.0.4809 - SDL)
SDL WorldServer Components (HKLM-x32\...\{CF32FB2A-0B13-4D6F-AB9F-9687D855C069}) (Version: 1.0.4809 - SDL)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.40.1 - Stardock Software, Inc.)
Super Mario World (HKLM-x32\...\Super Mario World_is1) (Version:  - GameFabrique)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{B0CB33D8-1426-4D61-A4F6-BDFD7407AE92}) (Version: 4.5.307.0 - Synaptics)
UxStyle (HKLM-x32\...\{05560347-3a9b-4644-a8ed-8b64cc947189}) (Version: 0.2.3.0 - The Within Network, LLC)
UxStyle (Version: 0.2.3.0 - The Within Network, LLC) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (08/30/2013 12.0.0.7820) (HKLM\...\387B04B8E8D5C129D6C12DFF084F1554A3AC3D58) (Version: 08/30/2013 12.0.0.7820 - Broadcom Corporation)
Windows Phone app for desktop (HKLM-x32\...\{3549ACF5-2BE0-4FCC-8D3A-15B4342DE901}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wondershare PDF Editor(Build 3.7.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.7.0.12 - Wondershare Software Co.,Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00CC5F7D-DE65-4B2B-B981-D8717DAE3318} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {00CD06B2-5303-49E7-98E9-1B17B0570CCF} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe [2016-04-20] (InstallShield®)
Task: {1FFF1302-8249-476D-8D35-C23E088839A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {25D04C20-3BDC-4181-8AE9-5AD0EB2659C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {4C85A8C0-B27F-461F-983F-A412CFC93CE6} - System32\Tasks\HPCeeScheduleForJacob Susanibar => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5353125F-6F5D-4784-BDE8-1ADF9FD95943} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {539F59E1-C340-4BEF-B9D9-80DB5B932021} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {5660E2DF-004B-4D11-BC7D-6F65C894ABCC} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {5C0FF596-818B-4920-8C77-C39A7C2DD10B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {62272B1A-BEA8-4C19-8534-BBD35A6B67A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {6F29B308-83D8-4824-98A0-77C0017CA55F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2336363666-3353795640-692961026-1002 => C:\Users\Jacob Susanibar\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-15] (Microsoft Corporation)
Task: {7BD56CAA-E624-4524-A8CD-FF2708A5D665} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {853B9650-164A-4067-A208-522FF0004DCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {8E135F51-251C-4027-AAB2-0480B6B558C1} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {9B8EAE1C-C077-4DBE-94B7-FD1B492B4319} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {E060C0C1-F34B-40F8-B0AC-F49C3EE50103} - \Opera scheduled Autoupdate 1447226246 -> No File <==== ATTENTION
Task: {E933A3DF-A9AC-4D15-9F68-F455BA1F8722} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {EBD88A08-1443-40FA-8B3F-84BEC0BF2650} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForJacob Susanibar.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-05-22 15:21 - 2013-05-22 15:21 - 00299832 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2015-11-25 12:10 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2015-11-25 12:10 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-08-19 13:06 - 2015-08-19 13:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-14 15:06 - 2013-08-14 15:06 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2013-09-26 16:38 - 2013-09-26 16:38 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2016-04-29 19:15 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-08-19 13:06 - 2015-08-19 13:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-04-29 19:15 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2016-05-16 16:36 - 2016-05-16 16:36 - 00098816 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32api.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00110080 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pywintypes27.dll
2016-05-16 16:36 - 2016-05-16 16:36 - 00364544 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pythoncom27.dll
2016-05-16 16:36 - 2016-05-16 16:36 - 00320512 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32com.shell.shell.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00776704 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_hashlib.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 01176576 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._core_.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00806400 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._gdi_.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00816128 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._windows_.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 01067008 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._controls_.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00733184 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._misc_.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00682496 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pysqlite2._sqlite.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00088064 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_ctypes.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00119808 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32file.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00108544 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32security.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00007168 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\hashobjs_ext.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00017920 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\thumbnails_ext.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00088064 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\usb_ext.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00167936 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32gui.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00018432 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32event.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00046080 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_socket.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 01208320 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_ssl.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00128512 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_elementtree.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00127488 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pyexpat.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00012288 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\common.time34.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00038912 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32inet.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00036864 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_psutil_windows.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00525208 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\windows._lib_cacheinvalidation.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00011264 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32crypt.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00077312 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._html2.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00027136 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_multiprocessing.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00020480 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_yappi.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00035840 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32process.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00686080 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\unicodedata.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00078848 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._animate.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00123392 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._wizard.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00024064 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32pipe.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00010240 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\select.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00025600 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32pdh.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00017408 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32profile.pyd
2016-05-16 16:36 - 2016-05-16 16:36 - 00022528 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32ts.pyd
2016-05-13 12:52 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 12:52 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [157]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2016-03-25 13:02 - 00000826 ____N C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacob Susanibar\Pictures\inspirational-books-5.jpg
DNS Servers: 200.48.225.130 - 200.48.225.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_70328CCD511864149AF4B2EE1DCFA71B"
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "BingSvc"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{ECAC93AB-D045-4FA8-8D28-48DA5357C68E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69D45350-BBF5-4B6C-9D3E-7467015A4C31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C4EDE25-511C-4DFB-B0E7-5FE7ADB39B61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8CA52716-5A29-4B8F-91BE-1157D3F727F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EFA0EC18-A6A6-4275-AB5B-34AD77A8446E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{AE7B31AB-4A9C-4E38-9211-6CC9404AFAFA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5F8770AF-C0E4-4FB5-8D77-CCF1C500641B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2AE32D3E-2C27-4439-AE69-52B0E6A61BA4}] => (Allow) LPort=51001
FirewallRules: [{E718BE54-8647-47AD-9444-6ACB9F8B6078}] => (Allow) LPort=1688
FirewallRules: [{CCA655B7-ECB1-4ED4-BF54-1F838B370415}] => (Allow) LPort=9100
FirewallRules: [{ED4A553C-6013-4AB7-829A-8B3D11C5C1F0}] => (Allow) LPort=427
FirewallRules: [{F5F95DA7-FF12-4B97-AE78-84CD27DC7EBC}] => (Allow) LPort=161
FirewallRules: [{EB859122-48A2-4BA8-94A7-497B448A2833}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{697CB4A3-69D6-4850-8A94-43740AFF6B39}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{D39C4BD3-B7AE-455D-A832-FEF4D6ADD24A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{54012D24-B5BE-49C0-8D99-E7E75334215A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{89D23CEA-4E12-4530-B0FF-75DEE9779348}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4379B513-C644-4490-B58A-E44758376DA5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{BD59D7AB-D8E0-407B-AB2E-634C23B00C00}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{04888028-0EC5-4FEC-87A4-AE1F937D4BA9}C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{11FF5E66-80EF-4A93-A43C-A9FD190E3732}C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{02FCC6D7-18E3-49AF-9498-2363BB6790D5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{83683A92-D834-4D72-85F1-2D1B43D51EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C3F6D25B-1346-4DD9-B39A-BCE01E5D6C9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-05-2016 15:11:41 Revo Uninstaller Pro's restore point - iRoot
13-05-2016 16:47:17 Revo Uninstaller Pro's restore point - Mozilla Thunderbird 45.0 (x86 en-US)
13-05-2016 19:07:45 Revo Uninstaller Pro's restore point - BPM Counter 1.7.1.0
13-05-2016 19:18:49 Revo Uninstaller Pro's restore point - beaTunes 4.6.0
13-05-2016 20:27:28 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service
13-05-2016 21:45:23 Revo Uninstaller Pro's restore point - SAMSUNG USB Driver for Mobile Phones
14-05-2016 14:55:54 JRT Pre-Junkware Removal
15-05-2016 19:24:19 Revo Uninstaller Pro's restore point - Reload Icons Cache 1.00
15-05-2016 19:25:50 Revo Uninstaller Pro's restore point - Microsoft Visio Professional 2016 - en-us
15-05-2016 19:52:35 Revo Uninstaller Pro's restore point - Microsoft Office Professional Plus 2016 - en-us
15-05-2016 22:22:43 Revo Uninstaller Pro's restore point - Microsoft Project Professional 2016 - en-us
16-05-2016 15:00:37 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2016 01:57:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PROBOOK-HP)
Description: No se pudo activar la aplicación 64885BlueEdge.OneCalendar_8kea50m9krsh2!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (05/16/2016 12:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37661484
 
Error: (05/16/2016 12:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37661484
 
Error: (05/16/2016 12:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/16/2016 01:42:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12984
 
Error: (05/16/2016 01:42:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12984
 
Error: (05/16/2016 01:42:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/16/2016 01:02:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa backgroundTaskHost.exe, versión 6.3.9600.17415, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 2dd0
 
Hora de inicio: 01d1af37d1cd9fd5
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\windows\system32\backgroundTaskHost.exe
 
Identificador de informe: c5d0cc6e-1b2b-11e6-82a6-acb57da46767
 
Nombre completo de paquete con errores: 64885BlueEdge.OneCalendar_2016.324.1.1_x64__8kea50m9krsh2
 
Identificador de aplicación relativa del paquete con errores: App
 
Error: (05/16/2016 12:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa backgroundTaskHost.exe, versión 6.3.9600.17415, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 2b84
 
Hora de inicio: 01d1af2f70e4f219
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\windows\system32\backgroundTaskHost.exe
 
Identificador de informe: 649dd234-1b23-11e6-82a6-acb57da46767
 
Nombre completo de paquete con errores: 64885BlueEdge.OneCalendar_2016.324.1.1_x64__8kea50m9krsh2
 
Identificador de aplicación relativa del paquete con errores: App
 
Error: (05/15/2016 11:01:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa LiveComm.exe, versión 17.5.9600.20911, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 1c34
 
Hora de inicio: 01d1af26ddef6cd8
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Identificador de informe: d3948c14-1b1a-11e6-82a6-acb57da46767
 
Nombre completo de paquete con errores: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Identificador de aplicación relativa del paquete con errores: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (05/16/2016 04:32:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio mccspsvc.
 
Error: (05/16/2016 04:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)No disponibleNo disponible
 
Error: (05/16/2016 03:28:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.
 
Error: (05/16/2016 03:28:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.
 
Error: (05/16/2016 03:28:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.
 
Error: (05/16/2016 03:28:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.
 
Error: (05/16/2016 03:28:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.
 
Error: (05/16/2016 02:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)No disponibleNo disponible
 
Error: (05/16/2016 01:20:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Detección de servicios interactivos se cerró con el siguiente error: 
%%1
 
Error: (05/16/2016 12:11:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)No disponibleNo disponible
 
 
CodeIntegrity:
===================================
  Date: 2016-04-28 11:50:07.865
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\SkinPack\OldNewExplorer64.dll that did not meet the Windows signing level requirements.
 
  Date: 2016-04-28 10:42:39.655
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\SkinPack\OldNewExplorer64.dll that did not meet the Windows signing level requirements.
 
  Date: 2016-04-27 15:07:12.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\SkinPack\OldNewExplorer64.dll that did not meet the Windows signing level requirements.
 
  Date: 2016-04-26 14:32:59.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\SkinPack\OldNewExplorer64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5550M APU with Radeon™ HD Graphics 
Percentage of memory in use: 30%
Total physical RAM: 7369.36 MB
Available physical RAM: 5089.83 MB
Total Virtual: 7769.36 MB
Available Virtual: 5355.77 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:447.63 GB) (Free:17.58 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:10.36 GB) (Free:1.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E7594BE)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 

Thanks a lot, man!
 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 16 May 2016 - 06:31 PM

Hi again,

McAfee Firewall (Enabled)
Windows Firewall is enabled.

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

=================================================================================

Using Programs and Features in the Control Panel; uninstall the following:

Enigma Software--SpyHunter
YouTube to MP3 Converter
Adobe Reader XI

And PC restart now.

============================================================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users