Hijack.AutoConfigURL.PrxySvrRST malware

Hi there again Yilmaz! OK, so I have closed Zoek and started FRST. These are the logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016

Ran by Jacob Susanibar (administrator) on PROBOOK-HP (16-05-2016 16:46:51)

Running from C:\Users\Jacob Susanibar\Desktop

Loaded Profiles: Jacob Susanibar (Available Profiles: Jacob Susanibar)

Platform: Windows 8.1 Single Language (X64) Language: Español (España, internacional)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(The Within Network, LLC) C:\Windows\unsignedthemes.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe

(HP) C:\Windows\System32\HPSIsvc.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe

(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe

(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(SDL) C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe

(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe

(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Spotify Ltd) C:\Users\Jacob Susanibar\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

() C:\Program Files (x86)\RocketDock\RocketDock.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files (x86)\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [147160 2013-08-02] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-11-02] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2015-11-02] (Synaptics Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-10-16] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-09-26] (Hewlett-Packard)

HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [342312 2009-04-02] (Apple Inc.)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [Spotify Web Helper] => C:\Users\Jacob Susanibar\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-29] (Spotify Ltd)

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\MountPoints2: {10d374fb-7f6a-11e5-8260-acb57da46767} - "E:\OInstall.exe"

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\MountPoints2: {527aa096-819b-11e5-8262-acb57da46767} - "F:\setup.exe"

Lsa: [Notification Packages] DPPassFilter scecli

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob Susanibar\AppData\Local\MEGAsync\ShellExtX32.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)

AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac

Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146

Tcpip\..\Interfaces\{3F003178-AE9C-4845-BF61-939587982F21}: [DhcpNameServer] 200.48.225.130 200.48.225.146

Tcpip\..\Interfaces\{AF1BFFF7-DE43-4919-938C-A88E733A2CC8}: [DhcpNameServer] 200.48.225.130 200.48.225.146

ManualProxies:

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKU\S-1-5-21-2336363666-3353795640-692961026-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)

BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-26] (Hewlett-Packard)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-05-09] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-05-09] (McAfee, Inc.)

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-05-09] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-05-09] (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)

Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2016-03-30] (Microsoft Corporation)

Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2016-03-30] (Microsoft Corporation)

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File

Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-20] ()

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-20] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2009-04-02] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\new_plugin\npjp2.dll [No File]

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-10-03] (DigitalPersona, Inc.)

FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]

FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome

FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2015-03-17] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:

=======

CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=es-es

CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}

CHR DefaultSearchKeyword: Profile 2 -> bing.com

CHR DefaultSuggestURL: Profile 2 -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10

CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-11]

CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-11]

CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]

CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-11]

CHR Extension: (Google Search) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]

CHR Extension: (Google Sheets) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]

CHR Extension: (SiteAdvisor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-11]

CHR Extension: (Google Docs Offline) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-11]

CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-11-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-11]

CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-11]

CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2

CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-13]

CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]

CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]

CHR Extension: (8-Ball Pool) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-11-13]

CHR Extension: (Búsqueda de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]

CHR Extension: (TweetDeck by Twitter) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-11-13]

CHR Extension: (Email Extractor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jdianbbpnakhcmfkcckaboohfgnngfcc [2016-01-30]

CHR Extension: (TweetDeck Launcher) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2015-11-13]

CHR Extension: (Newsletter creator for Google Apps) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\naeidfheomeglnafioodanonaehnkicb [2016-02-02]

CHR Extension: (deviantART muro) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-11-13]

CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-11-13]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-13]

CHR Extension: (Scraper) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\poegfpiagjgnenagjphgdklmgcpjaofi [2016-03-13]

CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3

CHR Extension: (Presentaciones de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]

CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]

CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]

CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]

CHR Extension: (newsletter.ie) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cmbaajgphfaboknnopdocdnjafojafki [2016-02-02]

CHR Extension: (Búsqueda de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]

CHR Extension: (Hojas de cálculo de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]

CHR Extension: (SiteAdvisor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-15]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-16]

CHR Extension: (Newsletter creator for Google Apps) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\naeidfheomeglnafioodanonaehnkicb [2016-02-02]

CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-12-15]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]

CHR Extension: (Add Email Signature - WiseStamp) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2016-02-07]

CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]

CHR Profile: C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5

CHR Extension: (Presentaciones de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-02]

CHR Extension: (Google Docs) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]

CHR Extension: (Google Drive) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]

CHR Extension: (YouTube) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]

CHR Extension: (Búsqueda de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-09]

CHR Extension: (Hojas de cálculo de Google) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-02]

CHR Extension: (SiteAdvisor) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-03-02]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-09]

CHR Extension: (Yahoo Web) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-03-02]

CHR Extension: (Skype) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-02]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-09]

CHR Extension: (HP Client Security Manager) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-03-02]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-02]

CHR Extension: (Gmail) - C:\Users\Jacob Susanibar\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-11]

CHR HKU\S-1-5-21-2336363666-3353795640-692961026-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JACOBS~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-03-08]

CHR HKU\S-1-5-21-2336363666-3353795640-692961026-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-11]

CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]

CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-10-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-19] (Advanced Micro Devices, Inc.) [File not signed]

R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-26] (Apple Inc.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2015-03-17] (Broadcom Corporation.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)

R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)

R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-10-03] (DigitalPersona, Inc.)

R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-10-16] (Hewlett-Packard Company)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)

S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [372408 2013-12-10] (Hewlett-Packard Development Company, L.P.)

R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-10-21] (Hewlett-Packard Development Company)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

R3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [656168 2009-04-02] (Apple Inc.)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-05-09] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)

R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)

R3 mfevtp; C:\windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)

R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)

R2 NalServ; C:\windows\SysWOW64\nalserv.exe [147056 2013-10-02] (Nalpeiron Ltd.)

R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)

R2 Sdl.ProductTelemetrics.v1; C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12288 2015-06-17] (SDL) [File not signed]

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2015-11-02] (IDT, Inc.) [File not signed]

R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-03-28] (Stardock Software, Inc)

R2 UnsignedThemes; C:\windows\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed]

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

S2 fpCsEvtSvc; %SystemRoot%\system32\fpCSEvtSvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2016-02-01] (Advanced Micro Devices)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-03-17] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7524016 2015-11-02] (Broadcom Corporation)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)

R2 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-02] (Disc Soft Ltd)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-04] ()

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [28376 2014-05-15] (Hewlett-Packard Company)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)

R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2014-12-05] (WinMagic Inc.)

S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2015-11-02] (Realsil Semiconductor Corporation)

S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)

R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-12-05] (WinMagic Inc.)

R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2014-12-05] (WinMagic Inc.)

R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2015-11-02] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-26] (Synaptics Incorporated)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-15] ()

R2 uxstyle; C:\windows\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

S3 X6va060; \??\C:\windows\SysWOW64\Drivers\X6va060 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-16 16:46 - 2016-05-16 16:47 - 00038555 _____ C:\Users\Jacob Susanibar\Desktop\FRST.txt

2016-05-16 16:44 - 2016-05-16 16:44 - 02382336 _____ (Farbar) C:\Users\Jacob Susanibar\Desktop\FRST64.exe

2016-05-16 16:40 - 2016-05-16 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2016-05-16 16:34 - 2016-05-16 16:36 - 00001078 _____ C:\windows\system32dbgraw.bmp

2016-05-16 15:25 - 2016-05-16 15:25 - 00000000 ____D C:\zoek

2016-05-16 15:17 - 2016-05-16 16:34 - 00000394 _____ C:\windows\Tasks\HPCeeScheduleForJacob Susanibar.job

2016-05-16 15:17 - 2016-05-16 15:17 - 00003228 _____ C:\windows\System32\Tasks\HPCeeScheduleForJacob Susanibar

2016-05-16 14:55 - 2016-05-16 15:32 - 00003148 _____ C:\runcheck.txt

2016-05-16 14:55 - 2016-05-16 15:32 - 00000000 ____D C:\zoek_backup

2016-05-16 13:34 - 2016-05-16 13:34 - 01309184 _____ C:\Users\Jacob Susanibar\Downloads\zoek.exe

2016-05-16 13:29 - 2016-05-16 13:30 - 24085576 _____ C:\Users\Jacob Susanibar\Downloads\RogueKillerX64.exe

2016-05-16 13:29 - 2016-05-16 13:29 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Persuasión

2016-05-15 22:30 - 2016-05-15 22:30 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\CrashDumps

2016-05-15 22:27 - 2016-05-15 22:30 - 00000000 ____D C:\ProgramData\RogueKiller

2016-05-15 22:27 - 2016-05-15 22:27 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys

2016-05-15 22:06 - 2016-05-16 16:01 - 00003846 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse

2016-05-15 19:27 - 2016-05-15 19:27 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Jacob Susanibar\Downloads\SpyHunter-Installer.exe

2016-05-15 18:49 - 2016-05-15 18:50 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Thank You for Arguing What Aristotle, Lincoln, and Homer Simpson Can Teach Us About the Art of Persuasion-Mantesh

2016-05-15 18:45 - 2016-05-15 18:45 - 00248164 _____ C:\Users\Jacob Susanibar\Downloads\Banned Mind Control Techniques Unleashed - Daniel SMith.azw3

2016-05-15 18:45 - 2016-05-15 18:45 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Verbal Judo (George J. Thompson, Ph.D. and Jerry B. Jenkins) Retail azw3 epub [Itzy]

2016-05-15 18:40 - 2016-05-15 18:40 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Persuasion IQ - The 10 Skills You Need to Get Exactly What You Want by Kurt W. Mortensen (Audiobook)

2016-05-15 18:40 - 2016-05-15 18:40 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Influence (7Summits)

2016-05-15 18:14 - 2016-05-16 14:21 - 00004020 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse

2016-05-14 15:31 - 2016-05-14 15:31 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Custom Office Templates

2016-05-14 15:06 - 2016-05-14 15:06 - 00001105 _____ C:\Users\Jacob Susanibar\Desktop\JRT.txt

2016-05-14 14:57 - 2016-05-14 15:06 - 00000000 ____D C:\AdwCleaner

2016-05-14 14:52 - 2016-05-16 01:31 - 00001648 _____ C:\Users\Jacob Susanibar\Desktop\Rkill.txt

2016-05-14 14:34 - 2016-05-15 19:46 - 00003120 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2336363666-3353795640-692961026-1002

2016-05-14 14:34 - 2016-05-14 14:34 - 00000000 ____D C:\ProgramData\Microsoft OneDrive

2016-05-11 09:33 - 2016-05-11 09:33 - 00000000 __RHD C:\MSOCache

2016-05-10 23:57 - 2016-05-16 16:36 - 00001062 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-10 23:57 - 2016-05-16 16:02 - 00001066 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-10 23:57 - 2016-05-10 23:57 - 00004038 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-05-10 23:57 - 2016-05-10 23:57 - 00003802 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-05-09 23:01 - 2016-05-09 23:01 - 00011039 _____ C:\Users\Jacob Susanibar\Documents\precios.xlsx

2016-05-07 20:07 - 2016-05-16 16:40 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2336363666-3353795640-692961026-1002

2016-05-07 19:26 - 2016-05-07 19:28 - 00000000 ____D C:\Users\Jacob Susanibar\Desktop\Adobe Acrobat

2016-05-07 19:25 - 2016-05-07 19:25 - 00003454 _____ C:\windows\System32\Tasks\InstallShield® Update Service Scheduler

2016-05-06 16:49 - 2016-05-06 16:49 - 00000108 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2016-05-06 16:48 - 2016-05-06 16:48 - 00000000 ____D C:\ProgramData\Isolated Storage

2016-05-02 21:18 - 2016-05-02 21:18 - 00000000 ____D C:\ProgramData\Samsung

2016-05-02 21:17 - 2016-05-02 21:18 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\mgyun

2016-05-02 17:05 - 2016-05-02 17:13 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Thunderbird

2016-05-02 17:05 - 2016-05-02 17:05 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Thunderbird

2016-05-02 17:05 - 2016-05-02 17:05 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Mozilla

2016-04-29 19:15 - 2016-04-29 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock

2016-04-29 19:15 - 2016-04-29 19:27 - 00000000 ____D C:\Program Files (x86)\RocketDock

2016-04-29 19:15 - 2016-04-29 19:22 - 46837530 _____ C:\Users\Jacob Susanibar\Downloads\dots_by_dradis75-d7n2hpn.zip

2016-04-29 18:22 - 2016-02-08 12:12 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll

2016-04-29 18:22 - 2016-02-08 11:58 - 00336384 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll

2016-04-29 18:22 - 2014-10-28 23:09 - 01239576 _____ (Microsoft Corporation) C:\windows\system32\taskmgr.exe

2016-04-29 18:21 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe

2016-04-29 18:21 - 2014-10-28 21:45 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\oobefldr.dll

2016-04-29 18:21 - 2014-10-28 21:19 - 00155648 _____ (Microsoft Corporation) C:\windows\system32\mydocs.dll

2016-04-29 18:21 - 2014-10-28 21:16 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\msconfig.exe

2016-04-29 18:21 - 2014-10-28 21:11 - 00475648 _____ (Microsoft Corporation) C:\windows\system32\snippingtool.exe

2016-04-29 18:21 - 2014-10-28 21:07 - 06692352 _____ (Microsoft Corporation) C:\windows\system32\mspaint.exe

2016-04-29 18:21 - 2014-10-28 20:49 - 00273920 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2016-04-29 18:21 - 2014-10-28 19:35 - 00234496 _____ (Microsoft Corporation) C:\windows\system32\sndvolsso.dll

2016-04-29 18:21 - 2013-08-22 06:45 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\imagesp1.dll

2016-04-29 18:20 - 2016-04-29 19:00 - 00000000 ____D C:\windows\UXBackup

2016-04-29 18:20 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\windows\system32\calc.exe

2016-04-29 18:20 - 2014-10-28 21:44 - 02022912 _____ (Microsoft Corporation) C:\windows\system32\batmeter.dll

2016-04-29 18:20 - 2014-10-28 21:29 - 00165376 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2016-04-29 18:20 - 2014-10-28 21:19 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\control.exe

2016-04-29 18:20 - 2014-10-28 21:18 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\dpiscaling.exe

2016-04-29 18:20 - 2014-10-28 21:04 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe

2016-04-29 18:20 - 2014-10-28 20:58 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\actioncenter.dll

2016-04-29 18:20 - 2014-10-28 20:34 - 00134144 _____ (Microsoft Corporation) C:\windows\regedit.exe

2016-04-29 18:20 - 2014-10-28 20:28 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\cmd.exe

2016-04-29 18:20 - 2014-10-28 20:18 - 00184832 _____ (Microsoft Corp.) C:\windows\system32\defrag.exe

2016-04-29 18:20 - 2013-08-22 06:44 - 48847872 _____ (Microsoft Corporation) C:\windows\system32\imageres.dll

2016-04-29 18:19 - 2016-04-29 19:00 - 00000000 ____D C:\Program Files (x86)\UX Pack

2016-04-29 18:19 - 2011-08-11 12:47 - 00076288 _____ C:\windows\SysWOW64\moveex.exe

2016-04-29 18:19 - 2003-08-19 01:44 - 00118845 _____ (Matt Ginzton) C:\windows\Flurry.scr

2016-04-29 17:22 - 2016-04-29 17:33 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\MetroSidebar

2016-04-27 11:50 - 2016-04-27 11:50 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2016-04-26 12:45 - 2016-04-26 12:45 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Applite

2016-04-26 12:37 - 2016-04-26 12:37 - 00000000 ____D C:\Program Files (x86)\Loquendo

2016-04-25 21:11 - 2016-04-26 17:46 - 00000000 ____D C:\Users\Jacob Susanibar\Desktop\Negocio gorda

2016-04-25 20:13 - 2016-04-29 17:42 - 00000000 ____D C:\SkinPack

2016-04-25 13:16 - 2016-04-25 13:23 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Jarvis Custom Commands

2016-04-25 13:16 - 2016-04-25 13:16 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\MichaelC

2016-04-25 12:10 - 2016-04-25 12:10 - 00000000 ____D C:\Users\Jacob Susanibar\Desktop\Music Sort

2016-04-25 12:09 - 2016-04-25 12:09 - 00000003 _____ C:\windows\SysWOW64\HRUPPROG.EXIT

2016-04-25 12:08 - 2016-04-25 12:09 - 00000002 _____ C:\windows\SysWOW64\HRUPPROG.TXT

2016-04-25 11:44 - 2016-04-25 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-04-25 11:44 - 2016-04-25 11:44 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Apple Computer

2016-04-25 11:44 - 2016-04-25 11:44 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Apple Computer

2016-04-25 11:44 - 2009-03-19 16:34 - 00029544 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys

2016-04-25 11:44 - 2008-04-17 12:12 - 00126312 _____ (GEAR Software Inc.) C:\windows\system32\GEARAspi64.dll

2016-04-25 11:44 - 2008-04-17 12:12 - 00107368 _____ (GEAR Software Inc.) C:\windows\SysWOW64\GEARAspi.dll

2016-04-25 11:43 - 2016-04-25 11:44 - 00000000 ____D C:\Program Files\iTunes

2016-04-25 11:43 - 2016-04-25 11:44 - 00000000 ____D C:\Program Files (x86)\iTunes

2016-04-25 11:43 - 2016-04-25 11:43 - 00000000 ____D C:\Program Files (x86)\iPod

2016-04-25 11:42 - 2016-04-25 11:43 - 00000000 ____D C:\ProgramData\Apple Computer

2016-04-25 11:42 - 2016-04-25 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2016-04-25 11:42 - 2016-04-25 11:42 - 00000000 ____D C:\Program Files (x86)\QuickTime

2016-04-25 11:41 - 2016-04-25 11:41 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-04-25 11:41 - 2016-04-25 11:41 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Apple

2016-04-25 11:41 - 2016-04-25 11:41 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-04-25 11:41 - 2016-04-25 11:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-04-25 11:40 - 2016-04-25 11:40 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\LocalLow\Apple Computer

2016-04-25 11:40 - 2016-04-25 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone

2016-04-25 11:39 - 2016-04-25 11:40 - 00000000 ____D C:\Program Files (x86)\Windows Phone

2016-04-25 11:37 - 2016-04-25 11:37 - 00000000 ____D C:\ProgramData\Applications

2016-04-23 01:51 - 2016-04-23 01:51 - 00635040 _____ (Microsoft Corporation) C:\windows\system32\msvcp140.dll

2016-04-23 01:51 - 2016-04-23 01:51 - 00439608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp140.dll

2016-04-23 01:51 - 2016-04-23 01:51 - 00390320 _____ (Microsoft Corporation) C:\windows\system32\vccorlib140.dll

2016-04-23 01:51 - 2016-04-23 01:51 - 00332968 _____ (Microsoft Corporation) C:\windows\system32\concrt140.dll

2016-04-23 01:51 - 2016-04-23 01:51 - 00266928 _____ (Microsoft Corporation) C:\windows\SysWOW64\vccorlib140.dll

2016-04-23 01:51 - 2016-04-23 01:51 - 00243520 _____ (Microsoft Corporation) C:\windows\SysWOW64\concrt140.dll

2016-04-23 01:51 - 2016-04-23 01:51 - 00088752 _____ (Microsoft Corporation) C:\windows\system32\vcruntime140.dll

2016-04-23 01:51 - 2016-04-23 01:51 - 00085328 _____ (Microsoft Corporation) C:\windows\SysWOW64\vcruntime140.dll

2016-04-22 12:12 - 2016-03-10 01:32 - 00002481 _____ C:\Users\Jacob Susanibar\Documents\Adobe Reader XI.lnk

2016-04-21 18:03 - 2016-04-21 19:34 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Musica2

2016-04-21 17:37 - 2016-04-21 17:37 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\YouTubeToMp3

2016-04-21 17:37 - 2016-04-21 17:37 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\MediaHuman

2016-04-21 17:35 - 2016-04-21 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman

2016-04-21 17:35 - 2016-04-21 17:35 - 00000000 ____D C:\Program Files (x86)\MediaHuman

2016-04-21 17:08 - 2016-04-21 17:08 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\4kdownload.com

2016-04-21 01:36 - 2016-04-21 01:36 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\chc

2016-04-20 01:14 - 2016-04-20 01:29 - 46398995 _____ C:\Users\Jacob Susanibar\Downloads\PSDKEYS_ResumeCV_Sawyer_213836.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-16 16:46 - 2016-04-04 00:39 - 00000000 ____D C:\FRST

2016-05-16 16:40 - 2016-04-04 04:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2016-05-16 16:37 - 2016-03-08 15:45 - 00000000 ___RD C:\Users\Jacob Susanibar\Google Drive

2016-05-16 16:37 - 2015-11-14 19:15 - 00000000 ____D C:\Users\Jacob Susanibar\OneDrive

2016-05-16 16:34 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT

2016-05-16 16:33 - 2013-08-22 08:25 - 00524288 ___SH C:\windows\system32\config\BBI

2016-05-16 16:32 - 2016-02-02 18:27 - 00065536 _____ C:\windows\system32\spu_storage.bin

2016-05-16 16:01 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Inf

2016-05-16 15:28 - 2015-10-30 18:12 - 00000000 ___RD C:\Users\Jacob Susanibar

2016-05-15 22:30 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-05-15 22:30 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-05-15 22:21 - 2015-10-30 21:32 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\uTorrent

2016-05-15 21:07 - 2015-10-30 17:28 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Skype

2016-05-14 15:18 - 2015-11-02 18:42 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Instaladores

2016-05-14 15:08 - 2013-08-22 09:44 - 05208184 _____ C:\windows\system32\FNTCACHE.DAT

2016-05-14 14:49 - 2015-10-30 17:34 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\AIMP3

2016-05-14 13:26 - 2015-11-02 03:06 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\DAEMON Tools Lite

2016-05-14 13:22 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF

2016-05-13 15:01 - 2014-03-18 04:38 - 00000000 ____D C:\windows\ShellNew

2016-05-13 14:56 - 2013-08-22 08:25 - 00000076 _____ C:\windows\win.ini

2016-05-13 12:53 - 2015-10-30 17:28 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-05-13 11:46 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\ELAM

2016-05-12 03:59 - 2015-11-02 22:00 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Biblioteca

2016-05-12 03:56 - 2016-03-16 19:05 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Biblioteca de calibre

2016-05-12 01:15 - 2016-03-09 14:09 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Libros

2016-05-11 22:46 - 2015-10-30 17:35 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\vlc

2016-05-11 22:09 - 2016-03-29 23:16 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Spotify

2016-05-11 22:09 - 2016-03-29 23:15 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Roaming\Spotify

2016-05-11 20:25 - 2015-10-30 18:12 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Packages

2016-05-11 19:51 - 2015-10-30 17:19 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Microsoft Help

2016-05-11 10:00 - 2015-03-17 19:27 - 00000000 ____D C:\ProgramData\Temp

2016-05-10 23:53 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore

2016-05-09 13:26 - 2015-11-02 21:16 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Camera Roll

2016-05-07 19:47 - 2015-10-30 17:31 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-05-07 19:47 - 2015-10-30 17:30 - 00000000 ____D C:\ProgramData\Adobe

2016-05-07 11:41 - 2015-10-30 17:31 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\Adobe

2016-05-07 00:35 - 2015-10-30 17:28 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-05-06 16:57 - 2015-10-31 16:57 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\_.xlsx

2016-05-06 15:25 - 2016-03-08 15:16 - 25920403 _____ C:\Users\Jacob Susanibar\Downloads\recuerdosdenuestroprimerviaje3.zip

2016-05-06 15:24 - 2016-03-08 15:24 - 15210242 _____ C:\Users\Jacob Susanibar\Downloads\Gmail.zip

2016-05-03 00:19 - 2016-03-23 15:40 - 00000000 ____D C:\Users\Jacob Susanibar\Downloads\Learn in your car

2016-05-02 16:33 - 2015-10-30 17:28 - 00000000 ____D C:\ProgramData\Skype

2016-04-30 09:47 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-04-30 09:47 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness

2016-04-29 18:19 - 2013-08-22 10:36 - 00000000 __RSD C:\windows\Media

2016-04-29 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\windows\Cursors

2016-04-27 11:52 - 2016-03-08 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2016-04-26 21:55 - 2015-11-02 15:11 - 00004026 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DD1CCAE8-4714-4108-B6C1-343A1D9B6613}

2016-04-25 21:13 - 2015-11-02 18:18 - 00000000 ____D C:\Users\Jacob Susanibar\Documents\Studio 2015

2016-04-25 12:40 - 2015-11-02 19:06 - 00000000 ____D C:\Users\Jacob Susanibar\AppData\Local\ElevatedDiagnostics

2016-04-24 13:53 - 2016-02-10 12:06 - 00000000 ____D C:\windows\system32\appraiser

2016-04-24 13:53 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData

2016-04-21 17:44 - 2015-03-17 19:46 - 00826854 _____ C:\windows\system32\perfh00A.dat

2016-04-21 17:44 - 2015-03-17 19:46 - 00194378 _____ C:\windows\system32\perfc00A.dat

2016-04-21 17:44 - 2014-03-18 04:53 - 01906666 _____ C:\windows\system32\PerfStringBackup.INI

2016-04-20 16:40 - 2015-11-06 14:59 - 00000000 ____D C:\ProgramData\Oracle

2016-04-20 15:11 - 2015-11-02 16:52 - 00000000 ____D C:\Program Files (x86)\Java

2016-04-20 14:55 - 2016-03-23 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-04-20 14:55 - 2015-11-06 15:00 - 00000000 ____D C:\Users\Jacob Susanibar\.oracle_jre_usage

2016-04-20 14:54 - 2016-03-23 13:31 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2016-04-20 14:54 - 2015-11-02 16:52 - 00268352 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2016-04-17 15:30 - 2016-03-23 15:05 - 00000000 ____D C:\Minecraft

==================== Files in the root of some directories =======

2016-02-06 21:48 - 2016-02-06 22:31 - 0000132 _____ () C:\Users\Jacob Susanibar\AppData\Roaming\Adobe BMP Format CS6 Prefs

2015-11-02 01:56 - 2016-02-07 23:34 - 0001759 _____ () C:\Users\Jacob Susanibar\AppData\Roaming\SAS7_000.DAT

2016-05-06 16:49 - 2016-05-06 16:49 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2015-11-02 20:40 - 2015-11-02 20:41 - 1671260 _____ () C:\ProgramData\SynFPRmsiLogs.log

Some files in TEMP:

====================

C:\Users\Jacob Susanibar\AppData\Local\Temp\7za.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\DaS_21.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Jacob Susanibar\AppData\Local\Temp\hijackthis.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\jre-8u91-windows-au.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\NirCmd.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\PEVZ.EXE

C:\Users\Jacob Susanibar\AppData\Local\Temp\remove.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\sed.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\shortcut.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\swreg.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\swxcacls.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\wget.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\zoek-delete.exe

C:\Users\Jacob Susanibar\AppData\Local\Temp\_setup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\explorer.exe => File is digitally signed

C:\windows\SysWOW64\explorer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-16 13:19

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016

Ran by Jacob Susanibar (2016-05-16 16:48:27)

Running from C:\Users\Jacob Susanibar\Desktop

Windows 8.1 Single Language (X64) (2015-10-30 23:12:02)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-2336363666-3353795640-692961026-500 - Administrator - Disabled)

Invitado (S-1-5-21-2336363666-3353795640-692961026-501 - Limited - Disabled)

Jacob Susanibar (S-1-5-21-2336363666-3353795640-692961026-1002 - Administrator - Enabled) => C:\Users\Jacob Susanibar

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee Anti-Virus y Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus y Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)

Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.42.0 - Alcor Micro Corp.)

Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.42.0 - Alcor Micro Corp.) Hidden

AMD Catalyst Install Manager (HKLM\...\{5094145C-9F17-8099-7F4F-E5AADD5E4065}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Apple Mobile Device Support (HKLM\...\{BA1035C7-14DE-4857-8285-4ACFC74172EC}) (Version: 2.4.1.7 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation)

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)

calibre (HKLM-x32\...\{93283071-208F-4A58-B7B4-CAD34FC55E88}) (Version: 2.53.0 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3318 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)

Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.0.200 - Nuance Communications Inc.)

Easy Duplicate Finder v. 1.4.3.0 (HKLM-x32\...\Easy Duplicate Finder_is1) (Version: - EasyDuplicateFinder.com)

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

e-Sword (HKLM-x32\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)

Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)

Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

HP 3D DriveGuard (HKLM-x32\...\{84663FDA-1374-4048-9869-DD4A8784785A}) (Version: 6.0.16.1 - Hewlett-Packard Company)

HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.1.1713 - Hewlett-Packard Company)

HP Device Access Manager (HKLM\...\{8CD3FDC6-5591-44A8-840E-1096601D8CED}) (Version: 8.3.1.0 - Hewlett-Packard Company)

HP Documentation (HKLM-x32\...\{85134964-69F0-4F55-9B77-F84E1BC48301}) (Version: 1.1.2.0 - Hewlett-Packard)

HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.11.10 - Hewlett-Packard Company)

HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{8694492B-C69F-4204-A8BA-15BE0D9BAFCA}) (Version: 1.1.1 - Hewlett-Packard Company)

HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.14.1 - Hewlett-Packard Company)

HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)

HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)

HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)

HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.2.8.25 - HP)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)

HP Support Solutions Framework (HKLM-x32\...\{21925AE1-929D-4222-B38B-80BC30BBE09C}) (Version: 12.4.18.7 - HP)

HP System Default Settings (HKLM-x32\...\{29641907-0BBA-4832-B6DE-349DAA655883}) (Version: 2.1.1 - Hewlett-Packard Company)

HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.3.0.5 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

HP Wireless Hotspot (HKLM-x32\...\{563ADFC1-38E6-4EF0-8763-7CDA8289944B}) (Version: 1.0.25.1 - Hewlett-Packard Company)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)

iTunes (HKLM\...\{AE303591-1BFC-48B3-881B-655298C4EDE0}) (Version: 8.1.1.10 - Apple Inc.)

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)

Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.190 - McAfee, Inc.)

MediaHuman YouTube to MP3 Converter versión 3.9.5 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.5 - )

Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)

Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

OEM Application Profile (HKLM-x32\...\{29F5A1C9-0BC3-16E6-9384-3BC5D1CB7ACE}) (Version: 1.00.0000 - Nombre de su organización)

OmegaT version 3.1.9_04 (HKLM-x32\...\OmegaT 3.1.9_04_is1) (Version: - OmegaT)

Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)

Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)

OpenOffice 4.1.2 (HKLM-x32\...\{74BBCD30-EB17-4909-B59F-65E0DD2B7E95}) (Version: 4.12.9782 - Apache Software Foundation)

PDF Compressor 3.0 (HKLM-x32\...\PDFCompressor_is1) (Version: - PDF Compressor)

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)

Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's)

Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)

RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)

Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)

Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)

SDL MultiTerm 2011 SP2 - Remove suite of products (HKLM-x32\...\Multiterm2011) (Version: 9.2.361 - SDL)

SDL MultiTerm 2011 SP2 Administrator (HKLM-x32\...\{4F798133-01F8-47AF-AE9A-B0A15FEF1DDB}) (Version: 9.2.361 - SDL)

SDL MultiTerm 2011 SP2 Convert (HKLM-x32\...\{212062FE-9FEF-457F-980F-6B25270CC99D}) (Version: 9.2.361 - SDL)

SDL MultiTerm 2011 SP2 Core (HKLM-x32\...\{6664CA13-C9B1-4488-881E-4AC14CE0F260}) (Version: 9.2.361 - SDL)

SDL MultiTerm 2011 SP2 Desktop (HKLM-x32\...\{777BE1C2-F665-42E2-90DD-157A67715710}) (Version: 9.2.361 - SDL)

SDL MultiTerm 2011 SP2 Extract (HKLM-x32\...\{7071528D-59E2-412D-8EA4-272C87F7027C}) (Version: 9.2.361 - SDL)

SDL MultiTerm 2011 SP2 Widget (HKLM-x32\...\{D03F5196-A70A-43EC-8566-16BCBFE24FD7}) (Version: 9.2.361 - SDL)

SDL MultiTerm 2011 SP2 Word Integration (HKLM-x32\...\{7C21542D-7618-42D4-990D-9B458DCDE71E}) (Version: 9.2.361 - SDL)

SDL Nalpeiron Service Installer (HKLM-x32\...\{A3426877-4F23-4CF2-B473-0DC8630DE8EF}) (Version: 1.2.0 - SDL)

SDL Passolo 2011 (HKLM-x32\...\SDL Passolo 2011) (Version: SDL Passolo 2011 SP9 - SDL Passolo GmbH)

SDL Trados 2015 - Remove suite of products (HKLM-x32\...\TranslationStudio2015) (Version: 4.0.4809 - SDL)

SDL Trados Legacy Compatibility Module (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)

SDL Trados Studio 2015 (HKLM-x32\...\{27FA26BF-7D3F-458F-A4FF-3F972177B1DC}) (Version: 4.0.4809 - SDL)

SDL WorldServer Components (HKLM-x32\...\{CF32FB2A-0B13-4D6F-AB9F-9687D855C069}) (Version: 1.0.4809 - SDL)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)

Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)

Spotify (HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)

Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.40.1 - Stardock Software, Inc.)

Super Mario World (HKLM-x32\...\Super Mario World_is1) (Version: - GameFabrique)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)

Synaptics WBF Fingerprint Reader (HKLM\...\{B0CB33D8-1426-4D61-A4F6-BDFD7407AE92}) (Version: 4.5.307.0 - Synaptics)

UxStyle (HKLM-x32\...\{05560347-3a9b-4644-a8ed-8b64cc947189}) (Version: 0.2.3.0 - The Within Network, LLC)

UxStyle (Version: 0.2.3.0 - The Within Network, LLC) Hidden

Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (08/30/2013 12.0.0.7820) (HKLM\...\387B04B8E8D5C129D6C12DFF084F1554A3AC3D58) (Version: 08/30/2013 12.0.0.7820 - Broadcom Corporation)

Windows Phone app for desktop (HKLM-x32\...\{3549ACF5-2BE0-4FCC-8D3A-15B4342DE901}) (Version: 1.1.2726.0 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

Wondershare PDF Editor(Build 3.7.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.7.0.12 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CC5F7D-DE65-4B2B-B981-D8717DAE3318} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)

Task: {00CD06B2-5303-49E7-98E9-1B17B0570CCF} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe [2016-04-20] (InstallShield®)

Task: {1FFF1302-8249-476D-8D35-C23E088839A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {25D04C20-3BDC-4181-8AE9-5AD0EB2659C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-04-14] (Microsoft Corporation)

Task: {4C85A8C0-B27F-461F-983F-A412CFC93CE6} - System32\Tasks\HPCeeScheduleForJacob Susanibar => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {5353125F-6F5D-4784-BDE8-1ADF9FD95943} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)

Task: {539F59E1-C340-4BEF-B9D9-80DB5B932021} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

Task: {5660E2DF-004B-4D11-BC7D-6F65C894ABCC} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)

Task: {5C0FF596-818B-4920-8C77-C39A7C2DD10B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)

Task: {62272B1A-BEA8-4C19-8534-BBD35A6B67A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)

Task: {6F29B308-83D8-4824-98A0-77C0017CA55F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2336363666-3353795640-692961026-1002 => C:\Users\Jacob Susanibar\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-15] (Microsoft Corporation)

Task: {7BD56CAA-E624-4524-A8CD-FF2708A5D665} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {853B9650-164A-4067-A208-522FF0004DCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)

Task: {8E135F51-251C-4027-AAB2-0480B6B558C1} - System32\Tasks\McAfee\McAfee Idle Detection Task

Task: {9B8EAE1C-C077-4DBE-94B7-FD1B492B4319} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)

Task: {E060C0C1-F34B-40F8-B0AC-F49C3EE50103} - \Opera scheduled Autoupdate 1447226246 -> No File <==== ATTENTION

Task: {E933A3DF-A9AC-4D15-9F68-F455BA1F8722} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {EBD88A08-1443-40FA-8B3F-84BEC0BF2650} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\HPCeeScheduleForJacob Susanibar.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-05-22 15:21 - 2013-05-22 15:21 - 00299832 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll

2015-11-25 12:10 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL

2015-11-25 12:10 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2015-08-19 13:06 - 2015-08-19 13:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2013-08-14 15:06 - 2013-08-14 15:06 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe

2013-09-26 16:38 - 2013-09-26 16:38 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll

2016-04-29 19:15 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe

2015-08-19 13:06 - 2015-08-19 13:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2016-04-29 19:15 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll

2016-05-16 16:36 - 2016-05-16 16:36 - 00098816 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32api.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00110080 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pywintypes27.dll

2016-05-16 16:36 - 2016-05-16 16:36 - 00364544 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pythoncom27.dll

2016-05-16 16:36 - 2016-05-16 16:36 - 00320512 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32com.shell.shell.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00776704 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_hashlib.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 01176576 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._core_.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00806400 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._gdi_.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00816128 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._windows_.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 01067008 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._controls_.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00733184 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._misc_.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00682496 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pysqlite2._sqlite.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00088064 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_ctypes.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00119808 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32file.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00108544 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32security.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00007168 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\hashobjs_ext.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00017920 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\thumbnails_ext.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00088064 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\usb_ext.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00167936 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32gui.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00018432 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32event.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00046080 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_socket.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 01208320 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_ssl.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00128512 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_elementtree.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00127488 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\pyexpat.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00012288 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\common.time34.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00038912 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32inet.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00036864 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_psutil_windows.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00525208 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\windows._lib_cacheinvalidation.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00011264 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32crypt.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00077312 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._html2.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00027136 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_multiprocessing.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00020480 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\_yappi.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00035840 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32process.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00686080 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\unicodedata.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00078848 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._animate.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00123392 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\wx._wizard.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00024064 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32pipe.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00010240 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\select.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00025600 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32pdh.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00017408 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32profile.pyd

2016-05-16 16:36 - 2016-05-16 16:36 - 00022528 ____R () C:\Users\Jacob Susanibar\AppData\Local\Temp\_MEI13002\win32ts.pyd

2016-05-13 12:52 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll

2016-05-13 12:52 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [157]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-03-25 13:02 - 00000826 ____N C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacob Susanibar\Pictures\inspirational-books-5.jpg

DNS Servers: 200.48.225.130 - 200.48.225.146

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_70328CCD511864149AF4B2EE1DCFA71B"

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

HKU\S-1-5-21-2336363666-3353795640-692961026-1002\...\StartupApproved\Run: => "BingSvc"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{ECAC93AB-D045-4FA8-8D28-48DA5357C68E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{69D45350-BBF5-4B6C-9D3E-7467015A4C31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{9C4EDE25-511C-4DFB-B0E7-5FE7ADB39B61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8CA52716-5A29-4B8F-91BE-1157D3F727F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{EFA0EC18-A6A6-4275-AB5B-34AD77A8446E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe

FirewallRules: [{AE7B31AB-4A9C-4E38-9211-6CC9404AFAFA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe

FirewallRules: [{5F8770AF-C0E4-4FB5-8D77-CCF1C500641B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{2AE32D3E-2C27-4439-AE69-52B0E6A61BA4}] => (Allow) LPort=51001

FirewallRules: [{E718BE54-8647-47AD-9444-6ACB9F8B6078}] => (Allow) LPort=1688

FirewallRules: [{CCA655B7-ECB1-4ED4-BF54-1F838B370415}] => (Allow) LPort=9100

FirewallRules: [{ED4A553C-6013-4AB7-829A-8B3D11C5C1F0}] => (Allow) LPort=427

FirewallRules: [{F5F95DA7-FF12-4B97-AE78-84CD27DC7EBC}] => (Allow) LPort=161

FirewallRules: [{EB859122-48A2-4BA8-94A7-497B448A2833}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe

FirewallRules: [{697CB4A3-69D6-4850-8A94-43740AFF6B39}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe

FirewallRules: [{D39C4BD3-B7AE-455D-A832-FEF4D6ADD24A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

FirewallRules: [{54012D24-B5BE-49C0-8D99-E7E75334215A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

FirewallRules: [{89D23CEA-4E12-4530-B0FF-75DEE9779348}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{4379B513-C644-4490-B58A-E44758376DA5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{BD59D7AB-D8E0-407B-AB2E-634C23B00C00}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [TCP Query User{04888028-0EC5-4FEC-87A4-AE1F937D4BA9}C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [UDP Query User{11FF5E66-80EF-4A93-A43C-A9FD190E3732}C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jacob susanibar\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [{02FCC6D7-18E3-49AF-9498-2363BB6790D5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{83683A92-D834-4D72-85F1-2D1B43D51EE7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{C3F6D25B-1346-4DD9-B39A-BCE01E5D6C9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-05-2016 15:11:41 Revo Uninstaller Pro's restore point - iRoot

13-05-2016 16:47:17 Revo Uninstaller Pro's restore point - Mozilla Thunderbird 45.0 (x86 en-US)

13-05-2016 19:07:45 Revo Uninstaller Pro's restore point - BPM Counter 1.7.1.0

13-05-2016 19:18:49 Revo Uninstaller Pro's restore point - beaTunes 4.6.0

13-05-2016 20:27:28 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service

13-05-2016 21:45:23 Revo Uninstaller Pro's restore point - SAMSUNG USB Driver for Mobile Phones

14-05-2016 14:55:54 JRT Pre-Junkware Removal

15-05-2016 19:24:19 Revo Uninstaller Pro's restore point - Reload Icons Cache 1.00

15-05-2016 19:25:50 Revo Uninstaller Pro's restore point - Microsoft Visio Professional 2016 - en-us

15-05-2016 19:52:35 Revo Uninstaller Pro's restore point - Microsoft Office Professional Plus 2016 - en-us

15-05-2016 22:22:43 Revo Uninstaller Pro's restore point - Microsoft Project Professional 2016 - en-us

16-05-2016 15:00:37 zoek.exe restore point

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (05/16/2016 01:57:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PROBOOK-HP)

Description: No se pudo activar la aplicación 64885BlueEdge.OneCalendar_8kea50m9krsh2!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/16/2016 12:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 37661484

Error: (05/16/2016 12:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 37661484

Error: (05/16/2016 12:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/16/2016 01:42:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12984

Error: (05/16/2016 01:42:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12984

Error: (05/16/2016 01:42:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/16/2016 01:02:39 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: El programa backgroundTaskHost.exe, versión 6.3.9600.17415, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 2dd0

Hora de inicio: 01d1af37d1cd9fd5

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\windows\system32\backgroundTaskHost.exe

Identificador de informe: c5d0cc6e-1b2b-11e6-82a6-acb57da46767

Nombre completo de paquete con errores: 64885BlueEdge.OneCalendar_2016.324.1.1_x64__8kea50m9krsh2

Identificador de aplicación relativa del paquete con errores: App

Error: (05/16/2016 12:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )

Identificador de proceso: 2b84

Hora de inicio: 01d1af2f70e4f219

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\windows\system32\backgroundTaskHost.exe

Identificador de informe: 649dd234-1b23-11e6-82a6-acb57da46767

Nombre completo de paquete con errores: 64885BlueEdge.OneCalendar_2016.324.1.1_x64__8kea50m9krsh2

Identificador de aplicación relativa del paquete con errores: App

Error: (05/15/2016 11:01:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: El programa LiveComm.exe, versión 17.5.9600.20911, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1c34

Hora de inicio: 01d1af26ddef6cd8

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Identificador de informe: d3948c14-1b1a-11e6-82a6-acb57da46767

Nombre completo de paquete con errores: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Identificador de aplicación relativa del paquete con errores: ppleae38af2e007f4358a809ac99a64a67c1

System errors:

=============

Error: (05/16/2016 04:32:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio mccspsvc.

Error: (05/16/2016 04:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)No disponibleNo disponible

Error: (05/16/2016 03:28:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (05/16/2016 03:28:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Error: (05/16/2016 03:28:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Error: (05/16/2016 02:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Error: (05/16/2016 01:20:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: El servicio Detección de servicios interactivos se cerró con el siguiente error:

%%1

Error: (05/16/2016 12:11:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

CodeIntegrity:

===================================

Date: 2016-04-28 11:50:07.865

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\SkinPack\OldNewExplorer64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-28 10:42:39.655

Date: 2016-04-27 15:07:12.812

Date: 2016-04-26 14:32:59.442

==================== Memory info ===========================

Processor: AMD A8-5550M APU with Radeon™ HD Graphics

Percentage of memory in use: 30%

Total physical RAM: 7369.36 MB

Available physical RAM: 5089.83 MB

Total Virtual: 7769.36 MB

Available Virtual: 5355.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:447.63 GB) (Free:17.58 GB) NTFS

Drive d: (Recovery Image) (Fixed) (Total:10.36 GB) (Free:1.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 9E7594BE)

Partition: GPT.

==================== End of Addition.txt ============================

Thanks a lot, man!

#1 Jacobsusanibar

BC AdBot (Login to Remove)

#2 olgun52

#3 Jacobsusanibar

#4 Jacobsusanibar

#5 olgun52

0 user(s) are reading this topic

Hijack.AutoConfigURL.PrxySvrRST malware

#1 Jacobsusanibar

BC AdBot (Login to Remove)

#2 olgun52

#3 Jacobsusanibar

#4 Jacobsusanibar

#5 olgun52

0 user(s) are reading this topic

Sign In