Jump to content

The parameter is incorrect!!!


Recommended Posts

Hi, I really need your help!!! Whenever i install Malwarebytes or CCleaner then i try to run it, it says The parameter is incorrect!! i have no idea what this means but i told my friend and he said the best thing to do is format the Hard Drive which i don't want that and i was wondering if  there's another way of fixing this error without having to format the Hard Drive? Please respond as soon as possible i really want to fix this issue! Thanks!

Link to post
Share on other sites

Hello BryanPerez09 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Next,

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image

Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Ok this is what i got:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by alejandro (administrator) on ALEJANDRO (18-03-2017 12:17:15)
Running from C:\Users\alejandro\Desktop
Loaded Profiles: alejandro (Available Profiles:  & alejandro)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Windows\Temp\20170220\ct.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(© 2015 Microsoft Corporation) C:\Users\alejandro\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\cpx\cpx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\cpx\cpx.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2015-03-04] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [965632 2017-02-15] ()
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [649216 2017-01-05] () <===== ATTENTION
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\Run: [ares] => C:\Users\alejandro\Desktop\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\Run: [BingSvc] => C:\Users\alejandro\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\CurrentVersion\Windows: [Load] C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\ScreenToGif\xxbxzxiz.exe <===== ATTENTION
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {20f577d0-ef12-11e5-bedc-082e5f7a785b} - "F:\iLinker.exe" 
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {4646b80b-08fe-11e6-bee2-082e5f7a785b} - "F:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {bc60f2ed-a76f-11e4-be8f-082e5f7a785b} - "F:\HPLauncher.exe" 
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 
Tcpip\Parameters: [NameServer] 
Tcpip\..\Interfaces\{9564830E-D317-42A6-A2C1-0C226C877B7A}: [NameServer] 
Tcpip\..\Interfaces\{9564830E-D317-42A6-A2C1-0C226C877B7A}: [DhcpNameServer] 
Tcpip\..\Interfaces\{A66FC120-4B59-4ABA-A50D-275EF46A6B6B}: [NameServer] 
Tcpip\..\Interfaces\{A66FC120-4B59-4ABA-A50D-275EF46A6B6B}: [DhcpNameServer]
Tcpip\..\Interfaces\{B6B30453-BF90-482F-A920-B156BBF1BCE6}: [NameServer] 
Tcpip\..\Interfaces\{B6B30453-BF90-482F-A920-B156BBF1BCE6}: [DhcpNameServer]

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130888094153886606&GUID=1EFA15A3-E7F2-418D-ABC6-9EAA5D06F006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130888094153912703&GUID=1EFA15A3-E7F2-418D-ABC6-9EAA5D06F006
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.google.com
hxxp://yahoo.com/
URLSearchHook: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {29A5E9B6-F722-440C-9FFA-22A924EA2469} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {29A5E9B6-F722-440C-9FFA-22A924EA2469} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {0CAD826E-920E-4084-B570-AB9288FBF1DB} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H26ztrmbl10AU,e0b81bd6-6b59-448d-8381-a5a085c7a882,
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {65DA4D22-1201-4BE2-9044-E968775FA0BE} URL = hxxp://www.teoma.com/web?tpid=ATU3-TMG&o=APN11203&pf=V7&p2=^CHX^YYYYYY^CA^US&gct=&itbv=12.40.1.3844&apn_uid=E72701F8-7C8F-4837-8775-8E0D903668C3&apn_ptnrs=^CHX&apn_dtid=^YYYYYY^CA^US&apn_dbr=iexplore.exe_6_11.0.9600.18123&doi=2016-03-28&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {830319C7-1356-402E-8451-C94E62121262} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {8361D426-EDDF-42F3-8A8C-7BAEF6E3647D} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {90210F00-78C9-40EE-981E-466E97AD0C0C} URL = hxxps://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=6D6B4065-DDB2-493E-B811-7DA09EFD51AF&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-09-19] (Yahoo! Inc.)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=435371&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=435371&fr=yo-yhp-ch"
CHR Profile: C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default [2017-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR Profile: C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-29] (Digital Wave Ltd.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-30] (RaMMicHaeL)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 windowsmanagementservice; C:\WINDOWS\TEMP\20170220\ct.exe [722432 2017-02-19] (ct Corp.) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [53832 2012-01-31] () [File not signed] <==== ATTENTION
S3 ghsandroid; C:\WINDOWS\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-03-22] (LogMeIn Inc.)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2015-05-09] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2015-05-09] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
U2 clr_optimization_v4.0.30319_64; no ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160105.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160105.021\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-18 12:17 - 2017-03-18 12:22 - 00021755 _____ C:\Users\alejandro\Desktop\FRST.txt
2017-03-18 12:15 - 2017-03-18 12:17 - 00000000 ____D C:\FRST
2017-03-18 12:14 - 2017-03-18 12:15 - 02424832 _____ (Farbar) C:\Users\alejandro\Desktop\FRST64.exe
2017-03-18 00:06 - 2017-03-18 00:13 - 00003664 _____ C:\Users\alejandro\Desktop\Rkill.txt
2017-03-18 00:05 - 2017-03-18 00:05 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\alejandro\Downloads\rkill.exe
2017-03-17 21:19 - 2017-03-17 21:19 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-17 21:19 - 2017-03-17 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-17 21:19 - 2017-03-17 21:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-17 21:19 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 57131432 _____ (Malwarebytes ) C:\Users\alejandro\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-17 20:52 - 2017-03-17 20:52 - 00000000 ____D C:\Users\alejandro\AppData\Roaming\TotalAV
2017-03-17 20:51 - 2017-03-17 20:51 - 09943712 _____ C:\Users\alejandro\Downloads\TotalAV.exe
2017-03-17 17:56 - 2017-03-17 17:58 - 00229286 _____ C:\TDSSKiller.3.1.0.12_17.03.2017_17.56.59_log.txt
2017-03-17 17:33 - 2017-03-18 11:47 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-03-16 21:56 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-16 21:56 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-16 21:56 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-16 21:56 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-03-16 21:56 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-16 21:56 - 2017-03-04 00:05 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-16 21:56 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-03-16 21:56 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-16 21:56 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-16 21:56 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-16 21:56 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-16 21:56 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-16 21:56 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-16 21:56 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-03-16 21:56 - 2017-03-02 10:25 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-16 21:56 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-16 21:56 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-03-16 21:56 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-16 21:56 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-16 21:56 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-16 21:56 - 2017-02-10 22:12 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-03-16 21:56 - 2017-02-10 22:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-03-16 21:56 - 2017-02-10 22:00 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-03-16 21:56 - 2017-02-10 21:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-03-16 21:56 - 2017-02-10 21:56 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-16 21:56 - 2017-02-10 12:09 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-03-16 21:56 - 2017-02-09 22:10 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-03-16 21:56 - 2017-02-09 22:09 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-03-16 21:56 - 2017-02-09 22:08 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-03-16 21:56 - 2017-02-09 22:01 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-03-16 21:56 - 2017-02-09 22:00 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-03-16 21:56 - 2017-02-09 21:59 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-16 21:56 - 2017-02-04 13:32 - 07444832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-16 21:55 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-03-16 21:55 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-03-16 21:55 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-03-16 21:55 - 2017-02-11 12:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-16 21:55 - 2017-02-09 22:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-03-16 21:55 - 2017-02-09 18:31 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-16 21:55 - 2017-02-09 17:12 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-03-16 21:55 - 2017-02-09 08:28 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-16 21:55 - 2017-02-09 08:19 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-16 21:55 - 2017-02-09 08:16 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-16 21:55 - 2017-02-09 08:16 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-03-16 21:55 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-16 21:55 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-16 21:55 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-16 21:55 - 2017-02-04 13:30 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-16 21:55 - 2017-02-04 13:30 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-16 21:55 - 2017-02-04 13:30 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-16 21:55 - 2017-02-04 13:30 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-16 21:55 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-03-16 21:55 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-03-16 21:55 - 2017-02-04 11:14 - 01001472 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-16 21:55 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-16 21:55 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-16 21:55 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-03-16 21:55 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-16 21:55 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-16 21:55 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-16 21:55 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-16 21:55 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-03-16 21:55 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-03-16 21:55 - 2017-01-21 12:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-16 21:55 - 2017-01-21 12:20 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-16 21:55 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-03-16 21:55 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-03-16 21:55 - 2017-01-21 11:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-03-16 21:55 - 2017-01-21 10:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-03-16 21:55 - 2017-01-21 10:48 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-16 21:55 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-03-16 21:55 - 2017-01-11 12:37 - 02345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-16 21:55 - 2017-01-10 12:08 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-16 21:55 - 2017-01-05 11:20 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-16 21:55 - 2017-01-05 11:09 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-03-16 21:55 - 2017-01-05 10:36 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-16 21:55 - 2017-01-05 10:29 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-03-16 21:55 - 2017-01-05 10:13 - 07796224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-03-16 21:55 - 2017-01-05 09:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-16 21:55 - 2016-11-09 12:22 - 00681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-03-16 21:17 - 2017-03-16 21:17 - 00000000 ___HD C:\$SysReset
2017-03-15 17:56 - 2017-03-16 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-03-15 16:57 - 2017-02-23 07:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-15 16:57 - 2017-02-22 07:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-15 16:57 - 2016-06-03 10:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-03-08 20:04 - 2017-03-08 20:05 - 00000000 ____D C:\Users\alejandro\AppData\Local\MegaDownloader
2017-03-08 16:17 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\{0b2b4fc9-412c-0}
2017-03-08 16:17 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\{0AB269BD-BD19-DE16-6983-75DDF6D8A735}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{FA660A4E-4DCD-BDE5-A9ED-66741E598596}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{AC4DB197-1BE6-063C-33BF-30FA460DBE87}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{A60C3FE6-11A7-884D-9C89-426B8878E3BB}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{82313D8C-359A-8A27-9AEA-40FFA4FE7B43}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{8023CAA4-3788-7D0F-DE32-8CE5A1972D8B}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{60B469F9-D71F-DE52-DFF2-B9A7CE4A3269}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{417317df-212c-0}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{2B0F0045-9CA4-B7EE-7F56-4C185A9C27E5}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{23A0759A-940B-C231-F2DE-0BEA83D900A5}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{1487C7EE-A32C-7045-163A-B48477A23872}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{0E701967-B9DB-AECC-52FC-BD66F0909A99}
2017-03-06 23:44 - 2017-03-06 23:48 - 00000000 ____D C:\Users\alejandro\Documents\HelloWorld
2017-03-06 23:41 - 2017-03-06 23:41 - 00000000 ____D C:\Users\alejandro\.oracle_jre_usage
2017-02-27 16:11 - 2017-03-12 13:42 - 00000000 ____D C:\ProgramData\5c43154b
2017-02-27 16:11 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\77fb5b5d-7cd1-0
2017-02-27 16:11 - 2017-02-27 16:11 - 00000000 ____D C:\ProgramData\{B5FB732E-0250-C485-ED96-4D9EA8DA0809}
2017-02-27 16:11 - 2017-02-27 16:11 - 00000000 ____D C:\ProgramData\{802632CD-378D-8566-628B-46B1F82743AE}
2017-02-27 16:10 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\{27555696-512c-0}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{3b8206a8-712c-1}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{19be766b-212c-0}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{0b3e08c7-112c-1}
2017-02-26 21:32 - 2017-02-26 21:32 - 00305034 _____ C:\Users\alejandro\Desktop\Groundwater.pdf
2017-02-26 15:43 - 2017-03-17 21:00 - 00891098 _____ C:\WINDOWS\ntbtlog.txt
2017-02-26 15:32 - 2017-03-17 20:34 - 00000000 ____D C:\WINDOWS\pss
2017-02-26 14:23 - 2017-02-26 14:23 - 853940287 _____ C:\WINDOWS\MEMORY.DMP
2017-02-26 14:07 - 2017-02-26 14:08 - 00000000 ____D C:\Users\alejandro\Desktop\SMS
2017-02-26 13:04 - 2017-02-26 13:05 - 00000000 ____D C:\Users\alejandro\.gradle
2017-02-26 12:50 - 2017-02-26 12:55 - 00000000 ____D C:\Users\alejandro\eclipse
2017-02-26 12:47 - 2017-02-26 12:50 - 00000000 ____D C:\Users\alejandro\.eclipse
2017-02-26 12:40 - 2017-02-26 12:40 - 00000000 ____D C:\Users\alejandro\AppData\Roaming\Adobe
2017-02-25 23:47 - 2017-02-25 23:47 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-19 20:52 - 2017-02-19 20:52 - 00000000 ____D C:\Program Files (x86)\qdcomsvc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-18 12:07 - 2017-02-05 23:18 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-03-18 12:06 - 2016-01-29 17:22 - 00000000 ____D C:\Users\alejandro\AppData\Local\CrashDumps
2017-03-18 11:43 - 2015-01-23 14:17 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1758070284-1970931268-1006762314-1002
2017-03-18 11:38 - 2015-01-27 07:20 - 00000000 ___RD C:\Users\alejandro\OneDrive
2017-03-18 11:38 - 2015-01-23 14:05 - 00000000 ____D C:\Users\alejandro\AppData\LocalLow\AuthenTec
2017-03-18 00:00 - 2015-01-23 14:09 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6FA2B183-C842-48DB-961C-CE419A9AB08F}
2017-03-17 21:19 - 2015-08-18 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 21:13 - 2016-04-12 00:11 - 00000437 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-03-17 21:12 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-17 20:51 - 2015-01-27 00:10 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-17 20:45 - 2015-12-15 23:46 - 00000000 ____D C:\Users\alejandro\AppData\Local\ElevatedDiagnostics
2017-03-17 20:33 - 2017-02-06 01:20 - 00000000 ____D C:\Users\alejandro\AppData\Local\cpx
2017-03-17 20:12 - 2016-03-23 19:39 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-03-17 20:07 - 2015-09-19 12:37 - 00000000 ____D C:\Program Files\Java
2017-03-17 19:59 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-17 19:59 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-17 19:53 - 2017-02-03 23:43 - 00000000 ____D C:\Program Files\paint.net
2017-03-17 19:50 - 2017-02-02 18:07 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-03-17 19:50 - 2017-01-28 18:14 - 00000601 _____ C:\WINDOWS\SysWOW64\nativelog.txt
2017-03-17 17:42 - 2013-08-22 07:44 - 00353960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-17 17:35 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-17 17:35 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-17 15:56 - 2017-02-05 22:51 - 00000000 ____D C:\Users\alejandro\AppData\Local\Adobe
2017-03-16 21:48 - 2015-09-26 14:38 - 00000000 ____D C:\ProgramData\Unchecky
2017-03-16 21:47 - 2015-01-23 18:08 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-03-16 20:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-16 19:20 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-16 00:54 - 2016-05-17 22:33 - 00768000 ___SH C:\Users\alejandro\Downloads\Thumbs.db
2017-03-15 23:42 - 2017-01-25 22:36 - 00019456 ___SH C:\Users\alejandro\Thumbs.db
2017-03-15 17:21 - 2015-01-25 20:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-15 17:02 - 2015-01-24 17:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 16:55 - 2015-01-24 17:57 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-15 16:32 - 2014-11-21 01:44 - 01049188 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-13 19:04 - 2016-07-01 00:04 - 01247232 ___SH C:\Users\alejandro\Desktop\Thumbs.db
2017-03-12 19:19 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-12 13:47 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-12 13:25 - 2015-10-24 00:11 - 00000000 ____D C:\Users\alejandro\AppData\Local\pangu
2017-03-11 22:46 - 2017-02-06 19:25 - 01851904 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe
2017-03-09 21:34 - 2016-12-19 16:33 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-09 21:34 - 2016-12-19 16:33 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-06 23:42 - 2017-01-20 17:57 - 00000000 ____D C:\Users\alejandro\Documents\Space Shooter
2017-03-06 23:41 - 2015-01-27 00:21 - 00000000 ____D C:\Users\alejandro
2017-03-02 19:27 - 2015-01-23 14:21 - 00000000 ____D C:\Users\alejandro\Desktop\My Shared Folder
2017-03-01 00:34 - 2016-12-29 01:00 - 00000000 ____D C:\Users\alejandro\Documents\LeaningJava
2017-02-27 16:11 - 2017-02-05 23:19 - 00000000 ____D C:\ProgramData\03f6d56d-7a81-1
2017-02-27 16:11 - 2017-02-05 23:19 - 00000000 ____D C:\ProgramData\03f6d56d-2131-0
2017-02-26 14:23 - 2015-08-15 12:52 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-26 14:22 - 2015-08-18 13:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-26 14:11 - 2016-09-01 20:41 - 00000000 ____D C:\Users\alejandro\.p2
2017-02-26 10:36 - 2016-09-01 20:49 - 00000000 ____D C:\Users\alejandro\AppData\Local\Eclipse
2017-02-20 23:14 - 2017-02-06 01:19 - 00000000 ____D C:\Program Files (x86)\cpx
2017-02-19 20:53 - 2012-11-07 08:25 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2017-02-19 20:51 - 2017-02-05 23:18 - 00006549 _____ C:\WINDOWS\TEMPcoral.vbs
2017-02-18 18:20 - 2017-02-05 23:41 - 00000000 ____D C:\Users\alejandro\AppData\Local\AdvinstAnalytics

==================== Files in the root of some directories =======

2016-08-25 13:44 - 2016-08-25 14:09 - 0000551 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-ActiualSolution.dsln
2016-08-21 11:20 - 2016-08-21 11:21 - 0000228 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-Cetd.cedtx
2016-08-21 10:52 - 2016-08-21 10:52 - 0000310 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-Clip-Extractor-ProActivation.info
2016-08-21 10:54 - 2016-10-24 22:28 - 0000598 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-Clip-Extractor-ProFlvConverterDefaultSettings.xml
2016-08-21 10:53 - 2016-08-21 10:53 - 0000025 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
2016-08-25 13:43 - 2016-08-25 14:20 - 0000596 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
2015-09-26 15:42 - 2015-09-28 23:42 - 0000099 _____ () C:\Users\alejandro\AppData\Roaming\WB.CFG
2016-04-30 23:27 - 2016-04-30 23:27 - 20982175 _____ () C:\Users\alejandro\AppData\Roaming\xulrunner.zip
2015-04-04 18:14 - 2017-01-31 22:43 - 0003584 _____ () C:\Users\alejandro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-05 23:16 - 2017-02-05 23:16 - 0002048 _____ () C:\Users\alejandro\AppData\Local\uninstallro.exe
2016-05-14 00:11 - 2016-05-14 00:11 - 0002560 _____ () C:\Users\alejandro\AppData\Local\uninstallssl.exe
2016-02-05 23:03 - 2016-02-05 23:04 - 0000000 _____ () C:\Users\alejandro\AppData\Local\{620FFD5B-9C81-4E95-938C-A243083B44BA}
2017-02-05 23:22 - 2017-02-05 23:22 - 0326144 _____ () C:\ProgramData\smp2.exe
2015-01-23 15:48 - 2015-01-23 15:48 - 0000036 _____ () C:\ProgramData\suguid.txt
2015-01-23 17:49 - 2015-01-23 17:58 - 0001580 _____ () C:\ProgramData\tempimage.bmp

Files to move or delete:
====================
C:\Program Files (x86)\cpx\cpx.exe
C:\ProgramData\smp2.exe


Some files in TEMP:
====================
2017-02-27 16:11 - 2017-02-27 16:11 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\114035687.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\118514742.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\125503804.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\38533483.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\40161043.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\41975647.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\62170671.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\66058942.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\72910214.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\81637302.t.exe
2017-03-08 07:39 - 2017-03-08 07:39 - 1626624 _____ () C:\Users\alejandro\AppData\Local\Temp\8975385.t.exe
2017-02-26 00:05 - 2017-02-26 00:05 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-1979071278114952529.dll
2017-02-26 00:08 - 2017-02-26 00:08 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-2123917920411596591.dll
2017-02-25 23:35 - 2017-02-25 23:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-2646082122144093610.dll
2017-02-25 23:36 - 2017-02-25 23:36 - 0019968 ____N (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-3199068588989016574.dll
2017-02-25 23:27 - 2017-02-25 23:27 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-3336104741064300204.dll
2017-02-25 22:55 - 2017-02-25 22:55 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-4992993986075665439.dll
2017-02-25 22:55 - 2017-02-25 22:55 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-5070657674745942605.dll
2017-02-25 23:43 - 2017-02-25 23:43 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-5974366847768913890.dll
2017-02-25 23:55 - 2017-02-25 23:55 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-8298955674949756940.dll
2017-02-26 00:09 - 2017-02-26 00:09 - 0019968 _____ (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-8640305298841368242.dll
2017-03-17 20:51 - 2017-03-17 20:51 - 6503984 _____ (Microsoft Corporation) C:\Users\alejandro\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-17 17:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by alejandro (18-03-2017 12:27:02)
Running from C:\Users\alejandro\Desktop
Windows 8.1 (Update) (X64) (2015-01-27 14:14:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1758070284-1970931268-1006762314-500 - Administrator - Disabled)
alejandro (S-1-5-21-1758070284-1970931268-1006762314-1002 - Administrator - Enabled) => C:\Users\alejandro
Guest (S-1-5-21-1758070284-1970931268-1006762314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1758070284-1970931268-1006762314-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ares 2.1.7 (HKLM-x32\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
Ares 3.1.8.4045 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.8.4045 - Ares)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.78.328 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.76.317 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo Inc.)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B04 - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E32D9A-FB05-4F24-9F8D-02C8ACE6CB22} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {05F2609E-FA2B-4696-B5C6-6CCCF1498CD6} - \brbrw_1502 -> No File <==== ATTENTION
Task: {116B7D36-E03C-4685-BEEF-5D7B5E9DA94F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {119D7559-FC93-4F01-9F67-3C21EB060DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe 
Task: {252D0189-8DB2-4D82-BBA6-239576F9A80F} - System32\Tasks\Foaamwite => C:\ProgramData\Foaamwite\1.0.6.1\eoavukse.exe 
Task: {2578F12B-1CF0-4438-8DB2-7B2D2A436209} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2AB829F0-6774-48C4-A059-EA0109B90955} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4E401F11-C2BC-46F7-AA53-C2A5AAB9328C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {53E8E419-4388-49C1-A809-E12865ED6A39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {54EAA32B-B46E-4416-B0D3-59025AB5B775} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {552CA472-9DEA-4E00-9B9F-D8C9FE07A2F1} - System32\Tasks\{237C4E54-A2D1-43A3-9F62-B7B95F4430CF} => pcalua.exe -a "c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Task: {5C0B2FCF-21F9-40B6-9996-DFCFBD890060} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-apbalderrama@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {624F5A80-42EF-4D1B-BE9C-35EFCC25C407} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-02-05] () <==== ATTENTION
Task: {7B44429F-37E1-40F2-8B74-62108E379121} - \trivia_games_updating_service -> No File <==== ATTENTION
Task: {7D591718-1C0E-4986-BB6F-DDF145F2CE70} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe 
Task: {87766D12-8F5B-44C7-9A06-E32C3EF5AD46} - System32\Tasks\updateTask => c:/task.vbs 
Task: {895F0176-89D6-4CD2-82CC-59CC00805A9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {8C8E6644-5124-49D0-8333-499ACE036CD2} - \BBQLeads -> No File <==== ATTENTION
Task: {982594D1-B1D5-46BC-ACC1-6B25C040377D} - System32\Tasks\Reimage Reminder => C:\Program Files\eFix\eFix Pro\ReimageReminder.exe  <==== ATTENTION
Task: {9875CC5B-9FF1-484A-B740-5BDF8DC21A31} - System32\Tasks\{3A935546-C9DB-4E51-AE8E-A115B39DF9DF} => pcalua.exe -a C:\Users\alejandro\AppData\Local\{709D46C1-5435-2A79-39AD-0F911DC5F309}\uninst.exe -c -FN=""-P=/Uninstall /s /noun /DelSelfDir
Task: {A87940FE-296A-4168-B208-703818F7A059} - System32\Tasks\AGProxyCheck => C:\Program 
Task: {AB14EEE9-9CFA-48AC-90E3-9543D7E31CAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {AF08E671-0CD0-4796-A9CD-408D5B54ED12} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe 
Task: {C1304E0D-19A0-4789-9130-D6C858DB4835} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {C656AD9D-FB5A-4E24-BF61-B91E3C78FB52} - System32\Tasks\Popzijn => C:\Program Files\shopperz051020150419\Wojtitv.bat  <==== ATTENTION
Task: {C96EFD3B-BB17-4539-96B5-A1940C7A56F0} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CCBD6F81-B7BD-490A-9C7F-0AA8824D2447} - \trivia_games_notification_service -> No File <==== ATTENTION
Task: {DA4FFBFA-9D37-44E1-9563-6D15C90CBBAC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E45DB40B-CC3F-40D7-A3E4-E482E5537B5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {ECCCAB3F-DFA5-485A-95F0-C199E501E2A1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-09] (Synaptics Incorporated)
Task: {FD9B7722-B385-4FEC-B6F0-D2BEF9A158FF} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe 
Task: {FE5F3CBB-FAD2-412A-9963-96DD25F51A52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FFDC50B0-E362-445E-9808-AAC0D7F57B83} - System32\Tasks\runTask => %TEMP%/Updater.exe 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForalejandro.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QPGCOYJUVOSLNAGI.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt-Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt-Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()

ShortcutWithArgument: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Сhrоmе Аpp Lаunсhеr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --show-app-list <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-05 18:36 - 2017-01-05 18:36 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2017-01-05 12:00 - 2017-01-05 12:00 - 00649216 _____ () C:\Program Files (x86)\cpx\cpx.exe
2017-02-15 17:03 - 2017-02-15 17:03 - 00965632 _____ () C:\Program Files (x86)\svcvmx\svcvmx.exe
2017-02-15 14:55 - 2017-02-15 14:55 - 01563136 _____ () C:\Program Files (x86)\svcvmx\vmxclient.exe
2016-09-22 00:32 - 2016-09-22 00:32 - 00224768 _____ () C:\Program Files (x86)\dataup\help_dll.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2016-11-13 19:17 - 2016-11-13 19:17 - 45076480 _____ () C:\Program Files (x86)\cpx\libcef.dll
2016-03-24 12:30 - 2016-03-24 12:30 - 00933376 _____ () C:\Program Files (x86)\cpx\core.dll
2016-11-13 19:01 - 2016-11-13 19:01 - 01643008 _____ () C:\Program Files (x86)\cpx\libglesv2.dll
2016-11-13 19:01 - 2016-11-13 19:01 - 00074752 _____ () C:\Program Files (x86)\cpx\libegl.dll
2017-01-31 03:40 - 2017-01-31 03:40 - 74675200 _____ () C:\Program Files (x86)\svcvmx\libcef.dll
2017-02-08 22:54 - 2017-02-08 22:54 - 00446464 _____ () C:\Program Files (x86)\svcvmx\ipc_service.dll
2017-01-30 23:57 - 2017-01-30 23:57 - 02153984 _____ () C:\Program Files (x86)\svcvmx\libglesv2.dll
2017-01-30 23:57 - 2017-01-30 23:57 - 00246784 _____ () C:\Program Files (x86)\svcvmx\libegl.dll
2017-02-02 18:14 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 18:14 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-10-20 23:08 - 2015-10-20 23:08 - 16493384 _____ () C:\Program Files (x86)\cpx\PepperFlash\pepflashplayer.dll
2017-01-21 18:23 - 2017-01-21 18:23 - 17599640 _____ () C:\Program Files (x86)\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73149165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73149165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Vuidqotg => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\amazon.com -> www.amazon.com
IE trusted site: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-03-17 21:13 - 00001347 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 5 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\alejandro\Downloads\limegreen.jpg
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Dataup => 
MSCONFIG\Services: qdcomsvc => 
MSCONFIG\Services: windowsmanagementservice => 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QHSafeTray"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "svcvmx"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "wyipyt"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FF225E08-8264-4876-ABD5-E9334314123F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E4D396C3-3DAD-481F-8EF2-944008957F8C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3FE5C9C0-0863-476A-87A8-4F750E523429}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D36FD1D2-EAAB-47E3-9A66-A2B71864ED6F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4774E5A0-3377-491B-80FD-B0460D71E18D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{131B3621-D227-4A18-9A2B-9C858EEE7527}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6C223ECA-53B5-449F-9F08-790EDCDBB806}] => (Allow) LPort=1900
FirewallRules: [{F15DE162-7FC0-400C-900A-A55034F8700F}] => (Allow) LPort=2869
FirewallRules: [{C2E3CB1D-B01E-486C-A839-70C842691A90}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D11C6CB0-F961-466B-971A-CAEACA38A4CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44EF627F-E770-4B76-ABFF-5F198121D8A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CC7920D-F7CC-4BE9-8D77-1F5ED2F4E662}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81759887-10DB-4D7F-9230-942DDAB77326}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2BD4E17-C3EE-4850-8702-533BBF90A2E1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{87309788-3691-4542-AA1B-467D9DE03B5F}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{C6A03C05-214C-412A-90CD-DA5B95A6412E}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮⹟硥e
FirewallRules: [{07AA480F-73E7-4802-A563-EFF1C30F0048}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{D058B536-C980-4C26-B746-8D979310F834}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩瑳条履楷獮慴敧攮數
FirewallRules: [{B7D13505-279E-4871-8153-93D09346BC8D}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩瑳条履楷獮慴敧⹟硥e
FirewallRules: [{EBA4199D-6C50-48B6-8AE7-FAA7BB9482D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{1F344802-2011-4BEF-AF7D-792FB4612F0C}C:\users\alejandro\desktop\ares.exe] => (Allow) C:\users\alejandro\desktop\ares.exe
FirewallRules: [UDP Query User{769360D9-6E40-42D9-942F-123A83E81480}C:\users\alejandro\desktop\ares.exe] => (Allow) C:\users\alejandro\desktop\ares.exe
FirewallRules: [TCP Query User{9A2E302C-1174-4519-AB97-B42DBD3819E1}C:\users\alejandro\desktop\ares.exe] => (Block) C:\users\alejandro\desktop\ares.exe
FirewallRules: [UDP Query User{E46DE6BD-580D-4408-AA92-EB13ED03A1C4}C:\users\alejandro\desktop\ares.exe] => (Block) C:\users\alejandro\desktop\ares.exe
FirewallRules: [{9557BFEF-0A0A-4E88-8DED-19B12357AA36}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8256444-1CE7-467E-AA9C-3CF6C848E6AA}] => (Allow) C:\WINDOWS\system32\rundll32.exe

==================== Restore Points =========================

22-02-2017 18:29:29 Windows Update
25-02-2017 22:14:03 Windows Update
26-02-2017 10:39:52 Revo Uninstaller Pro's restore point - Java 8 Update 101
26-02-2017 10:42:45 Removed Java 8 Update 101
26-02-2017 10:45:00 Removed Java 8 Update 112 (64-bit)
26-02-2017 10:47:19 Removed Java 8 Update 121 (64-bit)
26-02-2017 10:49:41 Removed Java SE Development Kit 8 Update 101
26-02-2017 10:53:35 Removed Java SE Development Kit 8 Update 112 (64-bit)
26-02-2017 11:00:42 Removed Java SE Development Kit 8 Update 121 (64-bit)
26-02-2017 12:17:01 Installed Java SE Development Kit 8 Update 121 (64-bit)
15-03-2017 16:52:31 Windows Update
17-03-2017 19:38:56 Removed Greenfoot
17-03-2017 19:49:33 Removed Minecraft
17-03-2017 19:51:09 Removed paint.net
17-03-2017 19:54:51 Removed BlueJ
17-03-2017 20:00:27 Revo Uninstaller Pro's restore point - Java 8 Update 121 (64-bit)
17-03-2017 20:01:32 Removed Java 8 Update 121 (64-bit)
17-03-2017 20:04:15 Removed Java SE Development Kit 8 Update 121 (64-bit)
17-03-2017 20:08:22 Removed Amazon Assistant

==================== Faulty Device Manager Devices =============

Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2017 12:06:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58a3ed37
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x5736541b
Exception code: 0xe0000008
Fault offset: 0x00014878
Faulting process id: 0x1aa0
Faulting application start time: 0x01d2a01814908c6b
Faulting application path: C:\Program Files (x86)\svcvmx\vmxclient.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: f12a3770-0c0d-11e7-bf60-082e5f7a785b
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/18/2017 12:01:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58a3ed37
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18340, time stamp: 0x5736541b
Exception code: 0xe0000008
Fault offset: 0x00014878
Faulting process id: 0x15f8
Faulting application start time: 0x01d2a0181a86deff
Faulting application path: C:\Program Files (x86)\svcvmx\vmxclient.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 3ef62286-0c0d-11e7-bf60-082e5f7a785b
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/18/2017 11:33:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\DCEXEC.EXE".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 11:33:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 11:33:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\cyberlink\powerdirector10\UACAgent.exe".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 11:33:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\cyberlink\powerdirector10\PDHanumanSvr.exe.Manifest".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="X86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 11:32:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\dtutil.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 11:32:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\Tools\Binn\SQLCMD.EXE".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 11:32:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\dtshost.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/18/2017 11:32:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\DTExec.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/18/2017 12:29:07 PM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 12:29:07 PM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 12:28:27 PM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 12:28:27 PM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 12:02:18 PM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 12:02:18 PM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 11:59:42 AM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 11:59:41 AM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (03/18/2017 11:51:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/18/2017 11:42:14 AM) (Source: DCOM) (EventID: 10001) (User: ALEJANDRO)
Description: Unable to start a DCOM Server: {D63B10C5-BB46-4990-A94F-E40B9D520160} as Unavailable/Unavailable. The error:
"87"
Happened while starting this command:
C:\Windows\System32\RuntimeBroker.exe -Embedding


CodeIntegrity:
===================================
  Date: 2017-03-18 12:28:33.765
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-18 12:28:32.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 19:08:59.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 19:08:58.749
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-25 19:51:47.347
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-25 19:51:46.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-02 15:42:40.614
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-02 15:42:39.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-01 20:56:20.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-01 20:56:19.658
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 38%
Total physical RAM: 5596.26 MB
Available physical RAM: 3450.88 MB
Total Virtual: 12821.76 MB
Available Virtual: 9803.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:670.83 GB) (Free:366.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.59 GB) (Free:3.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Apr 07 2016) (CDROM) (Total:4.27 GB) (Free:4.26 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

 

RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : alejandro [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/18/2017 12:38:04 (Duration : 07:08:07)

¤¤¤ Processes : 1 ¤¤¤
[VT.Trojan.Clicker] splsrv.exe(5496) -- C:\Windows\SysWOW64\splsrv.exe[-] -> Found

¤¤¤ Registry : 83 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD} -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Found
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\eFix -> Found
[PUP.OnlineIO] (X64) HKEY_LOCAL_MACHINE\Software\Microleaves -> Found
[PUP.ScreenshotPro] (X64) HKEY_LOCAL_MACHINE\Software\Screenshot Pro -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\ShopperPro -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\WebBar -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\WebDiscoverBrowser -> Found
[PUP.Ask|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Crashhd -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\GlobalUpdate -> Found
[PUP.OnlineIO] (X86) HKEY_LOCAL_MACHINE\Software\Microleaves -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\NetTcpHandler -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\NpApp -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\NtSvcHandler -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{12A61307-94CD-4F8E-94BC-918E511FAA81} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AnyProtect -> Found
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\Browser -> Found
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AnyProtect -> Found
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\Browser -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-19\Software\Browser -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-19\Software\Browser -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-20\Software\Browser -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-20\Software\Browser -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Browser -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Cain -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\csastats -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\DarwenDLM -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\eFix -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\globalUpdate -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\IM -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\One System Care -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\ProductSetup -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\ShopperPro -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\tstamptoken -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\WebDiscoverBrowser -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\__SP__browser_name__SP__ -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Browser -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Cain -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\csastats -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\DarwenDLM -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\eFix -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\globalUpdate -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\IM -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\One System Care -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\ProductSetup -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\ShopperPro -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\tstamptoken -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\WebDiscoverBrowser -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\__SP__browser_name__SP__ -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AnyProtect -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\Browser -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AnyProtect -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\Browser -> Found
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SU -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUP.Gen0] (X64) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} :   -> Found
[PUP.Gen0] (X86) HKEY_USERS\S-1-5-21-1758070284-1970931268-1006762314-1002\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} :   -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | cpx : "C:\Program Files (x86)\cpx\cpx.exe" -starup [-] -> Found
[PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dataup (C:\Program Files (x86)\dataup\dataup.exe) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DigitalWave.Update.Service ("C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe") -> Found
[PUP.Gen0|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\windowsmanagementservice (C:\WINDOWS\TEMP\20170220\ct.exe) -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | NameServer : 82.163.143.176 82.163.142.178 ([GB][-])  -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9564830E-D317-42A6-A2C1-0C226C877B7A} | NameServer : 82.163.143.176 82.163.142.178 ([GB][-])  -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A66FC120-4B59-4ABA-A50D-275EF46A6B6B} | NameServer : 82.163.143.176 82.163.142.178 ([GB][-])  -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A66FC120-4B59-4ABA-A50D-275EF46A6B6B} | DHCPNameServer : 82.163.143.176 ([GB])  -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B6B30453-BF90-482F-A920-B156BBF1BCE6} | NameServer : 82.163.143.176 82.163.142.178 ([GB][-])  -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B6B30453-BF90-482F-A920-B156BBF1BCE6} | DHCPNameServer : 82.163.143.176 ([GB])  -> Found

¤¤¤ Tasks : 7 ¤¤¤
[PUP.Gen0|Adw.Optimizer|PUP.Gen1] %WINDIR%\Tasks\One System CarePeriod.job -- C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe (-scan) -> Found
[Suspicious.Path|PUP.Gen0] %WINDIR%\Tasks\QPGCOYJUVOSLNAGI.job -- C:\ProgramData\Service1291\Service1291.exe -> Found
[Suspicious.Path|PUP.Gen0] \Foaamwite -- "C:\ProgramData\Foaamwite\1.0.6.1\eoavukse.exe" ("/e=L3A9MjQ2NzAxXi91PWQ1MDk4ZDJlOWY2MzQ5M2E4OTA4ZGE1N2RhYWUwNGI1Xi9kPWRvd25sb2FkdHZ0aW1lLmNvbV4vbj1UVlRNXi9hPVRWVGltZV4vdA==") -> Found
[PUP.Gen0] \Popzijn -- "C:\Program Files\shopperz051020150419\Wojtitv.bat" -> Found
[PUP.Gen1] \Reimage Reminder -- "C:\Program Files\eFix\eFix Pro\ReimageReminder.exe" -> Found
[Suspicious.Path] \runTask -- %TEMP%/Updater.exe (/install) -> Found
[Suspicious.Path|VT.Trojan.Win32.Generic!BT] \SMW_P -- C:\ProgramData\smp2.exe (install1 "http://www%2dsearching.com/?prd=set_epf&s=h26ztrmbl10au,e0b81bd6-6b59-448d-8381-a5a085c7a882," Search) -> Found

¤¤¤ Files : 73 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\APN -> Found
[PUP.Gen1][Folder] C:\ProgramData\Auto Updater -> Found
[PUP.OnlineIO|PUP.Gen0][Folder] C:\ProgramData\Microleaves -> Found
[PUP.Gen1][Folder] C:\ProgramData\Yahoo! Companion -> Found
[Tr.Gen1][File] C:\ProgramData\{0AB269BD-BD19-DE16-6983-75DDF6D8A735}\EF5BB424-58F0-038F-7B70-DF702E8D1E97.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{0E701967-B9DB-AECC-52FC-BD66F0909A99}\EB4797A6-5CEC-200D-E5E4-9EAA936E8E66.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{1487C7EE-A32C-7045-163A-B48477A23872}\E83F7923-5F94-CE88-570E-9331074D2D52.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{23A0759A-940B-C231-F2DE-0BEA83D900A5}\5DB0FF2B-EA1B-4880-10B8-2FCC6F0B3017.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{2B0F0045-9CA4-B7EE-7F56-4C185A9C27E5}\031F39E0-B4B4-8E4B-FB22-C3C104363D52.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{60B469F9-D71F-DE52-DFF2-B9A7CE4A3269}\C6B1222F-711A-9584-5A22-F94A9F7CF79A.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{8023CAA4-3788-7D0F-DE32-8CE5A1972D8B}\215697F1-96FD-205A-7E9D-7B0629E6DE19.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{802632CD-378D-8566-628B-46B1F82743AE}\EA606F5C-5DCB-D8F7-EE70-A082788C8CC1.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{82313D8C-359A-8A27-9AEA-40FFA4FE7B43}\42F40190-F55F-B63B-288D-2C348B35E5BB.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{A60C3FE6-11A7-884D-9C89-426B8878E3BB}\63BE25A3-D415-9208-1AAD-7410BD42800C.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{AC4DB197-1BE6-063C-33BF-30FA460DBE87}\2C797B8A-9BD2-CC21-7427-9837F0A38E3E.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{B5FB732E-0250-C485-ED96-4D9EA8DA0809}\7FEF857E-C844-32D5-6B40-3A5F9465E531.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{FA660A4E-4DCD-BDE5-A9ED-66741E598596}\D02BCB3E-6780-7C95-FE87-B7DB814636FE.exe -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater -> Found
[PUP.Gen0][File] C:\Windows\Reimage.ini -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\AGData -> Found
[PUP.CompuClever][Folder] C:\Users\alejandro\AppData\Roaming\CompuClever -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\RPEng -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\shortCutStore -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\Store -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\Tencent -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Local\AnonymizerLauncher -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Local\cpx -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Local\globalUpdate -> Found
[PUP.WikiThemes][Folder] C:\Users\alejandro\AppData\Local\WikiThemes -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Local\YSearchUtil -> Found
[PUP.Gen1][Folder] C:\ProgramData\APN -> Found
[PUP.Gen1][Folder] C:\ProgramData\Auto Updater -> Found
[PUP.OnlineIO|PUP.Gen0][Folder] C:\ProgramData\Microleaves -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\bin\DVSSYS~1.EXE -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\PREMIU~1.EXE -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\UNINST~1.EXE -> Found
[PUP.Gen1][Folder] C:\ProgramData\Yahoo! Companion -> Found
[Tr.Gen1][File] C:\ProgramData\{0AB269BD-BD19-DE16-6983-75DDF6D8A735}\EF5BB424-58F0-038F-7B70-DF702E8D1E97.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{0E701967-B9DB-AECC-52FC-BD66F0909A99}\EB4797A6-5CEC-200D-E5E4-9EAA936E8E66.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{1487C7EE-A32C-7045-163A-B48477A23872}\E83F7923-5F94-CE88-570E-9331074D2D52.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{23A0759A-940B-C231-F2DE-0BEA83D900A5}\5DB0FF2B-EA1B-4880-10B8-2FCC6F0B3017.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{2B0F0045-9CA4-B7EE-7F56-4C185A9C27E5}\031F39E0-B4B4-8E4B-FB22-C3C104363D52.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{60B469F9-D71F-DE52-DFF2-B9A7CE4A3269}\C6B1222F-711A-9584-5A22-F94A9F7CF79A.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{8023CAA4-3788-7D0F-DE32-8CE5A1972D8B}\215697F1-96FD-205A-7E9D-7B0629E6DE19.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{802632CD-378D-8566-628B-46B1F82743AE}\EA606F5C-5DCB-D8F7-EE70-A082788C8CC1.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{82313D8C-359A-8A27-9AEA-40FFA4FE7B43}\42F40190-F55F-B63B-288D-2C348B35E5BB.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{A60C3FE6-11A7-884D-9C89-426B8878E3BB}\63BE25A3-D415-9208-1AAD-7410BD42800C.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{AC4DB197-1BE6-063C-33BF-30FA460DBE87}\2C797B8A-9BD2-CC21-7427-9837F0A38E3E.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{B5FB732E-0250-C485-ED96-4D9EA8DA0809}\7FEF857E-C844-32D5-6B40-3A5F9465E531.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{FA660A4E-4DCD-BDE5-A9ED-66741E598596}\D02BCB3E-6780-7C95-FE87-B7DB814636FE.exe -> Found
[PUP.SearchModule][Folder] C:\Program Files\Common Files\Noobzo -> Found
[PUP.Gen1][Folder] C:\Program Files\Reimage -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\AnonymizerGadget -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Auto Updater -> Found
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\cpx -> Found
[PUP.Gen0|PUP.Gen1][Folder] C:\Program Files (x86)\dataup -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Exploremedia -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\globalUpdate -> Found
[PUP.Filefinder][Folder] C:\Program Files (x86)\Pluto TV -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\predm -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\regtool -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\SeekerProc -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget -> Found
[PUP.Gen1][Folder] C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 686935 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1408458752 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1409380352 | Size: 27230 MB
User = LL1 ... OK
User = LL2 ... OK

 

There, this is all i got! i Really hope i can fix this issue.Thanks!

Link to post
Share on other sites

Yes is nasty infection with a protective rootkit, continue with the following:

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

user posted image

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

user posted image

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

user posted image

7. The following image opens, select Update

user posted image

8. When the update completes select Next.

user posted image

9. In the following window ensure "Targets" are ticked. Then select "Scan"

user posted image

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

user posted image

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:

user posted image

13. Verify that your system is now running normally, making sure that the following items are functional:
 
  • Internet access
  • Windows Update
  • Windows Firewall


14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs....

Thanks,

Kevin...
Link to post
Share on other sites

Ok this is what i got and yes everything seems to be working again and it is much faster!!!! Thank you so much i really appreciate it!!! i will totally donate when i get some money thank you so much!!!!!!

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 5868101632, free: 3253325824

Downloaded database version: v2017.03.19.06
Downloaded database version: v2017.03.11.01
Downloaded database version: v2017.03.14.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/19/2017 17:47:18
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\drmkpro64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athwbx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUSB.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\DRIVERS\RMCAST.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\umpass.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.19.06
  rootkit: v2017.03.11.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00059522060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000595236d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00059522060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00059523040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe000593db290, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xffffe000593e2060, DeviceName: \Device\0000002d\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\drmkpro64.sys --> [Rootkit.Agent.PUA]
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A50E1C7D

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3855396834
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34  LastUsableLba 1465149134
    GPT Header Guid 57955dac-1203-4dae-9254-9ab0a7c63eff
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3855396834
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134
    Backup GPT header Guid 57955dac-1203-4dae-9254-9ab0a7c63eff
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID dbd9106-514c-4c04-bcb0-41705fe8864
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID b4626074-1d8-4276-b2a0-bb863a20b968
    FirstLBA 821248  Last LBA 1353727
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8fd9aafb-20a1-4ddb-8971-32fd6d7f56c0
    FirstLBA 1353728  Last LBA 1615871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 33ce9737-b147-46ac-9c84-1b62aca7745e
    FirstLBA 1615872  Last LBA 1408458751
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID b8eabd98-77db-44a7-9764-167f7258c76
    FirstLBA 1408458752  Last LBA 1409380351
    Attributes 1
    Partition Name                                     

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 73f7a2ed-6fab-409d-b847-5d3f259cc68
    FirstLBA 1409380352  Last LBA 1465147391
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\dataup\dataup.exe --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qdcomsvc --> [Adware.Yelloader]
Infected: C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe --> [Adware.Yelloader]
Infected: C:\Windows\SysWOW64\splsrv.exe --> [Trojan.Clicker]
Infected: C:\Windows\SysWOW64\splsrv.exe --> [Trojan.Clicker]
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
Infected: C:\Users\alejandro\AppData\Local\Temp\62170671.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\66058942.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\81637302.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\8975385.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\38533483.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\40161043.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\41975647.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\drmkpro64.sys.dmp --> [Rootkit.Agent.PUA]
Infected: C:\Users\alejandro\AppData\Local\Temp\114035687.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\118514742.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\125503804.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Users\alejandro\AppData\Local\Temp\72910214.t.exe --> [Adware.DNSUnlocker]
Infected: C:\Windows\Temp\omgrm.exe --> [Adware.Yelloader]
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BB93E44A35890E927122526FC4D14C15D0F1CAE3.bin.83" is compressed (flags = 1)
Infected: C:\ProgramData\{0AB269BD-BD19-DE16-6983-75DDF6D8A735}\EF5BB424-58F0-038F-7B70-DF702E8D1E97.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{0E701967-B9DB-AECC-52FC-BD66F0909A99}\EB4797A6-5CEC-200D-E5E4-9EAA936E8E66.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{1487C7EE-A32C-7045-163A-B48477A23872}\E83F7923-5F94-CE88-570E-9331074D2D52.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{23A0759A-940B-C231-F2DE-0BEA83D900A5}\5DB0FF2B-EA1B-4880-10B8-2FCC6F0B3017.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{2B0F0045-9CA4-B7EE-7F56-4C185A9C27E5}\031F39E0-B4B4-8E4B-FB22-C3C104363D52.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{60B469F9-D71F-DE52-DFF2-B9A7CE4A3269}\C6B1222F-711A-9584-5A22-F94A9F7CF79A.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{8023CAA4-3788-7D0F-DE32-8CE5A1972D8B}\215697F1-96FD-205A-7E9D-7B0629E6DE19.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{802632CD-378D-8566-628B-46B1F82743AE}\EA606F5C-5DCB-D8F7-EE70-A082788C8CC1.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{82313D8C-359A-8A27-9AEA-40FFA4FE7B43}\42F40190-F55F-B63B-288D-2C348B35E5BB.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{A60C3FE6-11A7-884D-9C89-426B8878E3BB}\63BE25A3-D415-9208-1AAD-7410BD42800C.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{AC4DB197-1BE6-063C-33BF-30FA460DBE87}\2C797B8A-9BD2-CC21-7427-9837F0A38E3E.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{B5FB732E-0250-C485-ED96-4D9EA8DA0809}\7FEF857E-C844-32D5-6B40-3A5F9465E531.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{FA660A4E-4DCD-BDE5-A9ED-66741E598596}\D02BCB3E-6780-7C95-FE87-B7DB814636FE.exe --> [Adware.DNSUnlocker]
Infected: C:\Program Files (x86)\svcvmx\icudtl.dat --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef_100_percent.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef_200_percent.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\cef_extensions.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\chrome_elf.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\chrome_elf.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\chrome_elf.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\chrome_elf.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\chrome_elf.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\chrome_elf.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\dbghelp.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\debug.log --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\ipc.log --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\ipc_service.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\ipc_service.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\ipc_service.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\ipc_service.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\ipc_service.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\ipc_service.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libcef.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libEGL.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\libGLESv2.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\natives_blob.bin --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\pepflashplayer.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\snapshot_blob.bin --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Trojan.Clicker.E.Generic]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\svcvmx.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\svcvmx.log --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\vmxclient.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\widevinecdm.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\hi.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\am.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ar.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\bg.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\bn.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ca.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\cs.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\da.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\de.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\el.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\en-GB.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\en-US.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\es-419.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\es.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\et.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\fa.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\fi.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\fil.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\fr.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\gu.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\he.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\hr.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\hu.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\id.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\it.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ja.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\kn.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ko.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\lt.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\lv.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ml.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\mr.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ms.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\nb.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\nl.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\pl.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\pt-BR.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\pt-PT.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ro.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ru.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\sk.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\sl.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\sr.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\sv.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\sw.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\ta.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\te.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\th.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\tr.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\uk.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\vi.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\svcvmx\locales\zh-TW.pak --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\winscr\winscr.exe --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\winscr --> [Trojan.Clicker.E.Generic]
Infected: C:\Program Files (x86)\dataup\dataup.ini --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\dataup\NTSVC.ocx --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: C:\Windows\Temp\20170220\ct.zip --> [Trojan.Clicker]
Infected: C:\Windows\Temp\20170220 --> [Trojan.Clicker]
Infected: C:\Windows\Temp\20170220\ct.exe --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice --> [Trojan.Clicker]
Infected: C:\Windows\Temp\20170220\ct.exe --> [Trojan.Clicker]
Infected: C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat --> [Adware.ChinAd]
Infected: C:\ProgramData\Thunder Network\DownloadLib --> [Adware.ChinAd]
Infected: C:\ProgramData\Thunder Network --> [Adware.ChinAd]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{9564830E-D317-42A6-A2C1-0C226C877B7A}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{A66FC120-4B59-4ABA-A50D-275EF46A6B6B}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{B6B30453-BF90-482F-A920-B156BBF1BCE6}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker]
Infected: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Backdoor.Agent.PDL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: C:\Windows\TEMPcoral.vbs --> [Trojan.SpamBot]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action reg.exe...
Success!
Queuing an action reg.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9600 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 5868101632, free: 3450699776

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 5868101632, free: 2425139200

Downloaded database version: v2017.03.20.01
Downloaded database version: v2017.03.20.02
Downloaded database version: v2017.03.20.03
Downloaded database version: v2017.03.20.04
Downloaded database version: v2017.03.20.05
Downloaded database version: v2017.03.20.06
Downloaded database version: v2017.03.20.07
Downloaded database version: v2017.03.20.08
=======================================
Initializing...
------------ Kernel report ------------
     03/20/2017 15:38:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athwbx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUSB.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\DRIVERS\RMCAST.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\WINDOWS\system32\drivers\farflt.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.20.08
  rootkit: v2017.03.11.01

<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A50E1C7D

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3855396834
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34  LastUsableLba 1465149134
    GPT Header Guid 57955dac-1203-4dae-9254-9ab0a7c63eff
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3855396834
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134
    Backup GPT header Guid 57955dac-1203-4dae-9254-9ab0a7c63eff
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID dbd9106-514c-4c04-bcb0-41705fe8864
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID b4626074-1d8-4276-b2a0-bb863a20b968
    FirstLBA 821248  Last LBA 1353727
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8fd9aafb-20a1-4ddb-8971-32fd6d7f56c0
    FirstLBA 1353728  Last LBA 1615871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 33ce9737-b147-46ac-9c84-1b62aca7745e
    FirstLBA 1615872  Last LBA 1408458751
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID b8eabd98-77db-44a7-9764-167f7258c76
    FirstLBA 1408458752  Last LBA 1409380351
    Attributes 1
    Partition Name                                     

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 73f7a2ed-6fab-409d-b847-5d3f259cc68
    FirstLBA 1409380352  Last LBA 1465147391
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-53B9C206448CE7283B5A641E73E5F5096F82DC87.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.20.08
  rootkit: v2017.03.11.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18618
alejandro :: ALEJANDRO [administrator]

3/20/2017 3:39:59 PM
mbar-log-2017-03-20 (15-39-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 360061
Time elapsed: 3 hour(s), 59 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by alejandro (administrator) on ALEJANDRO (20-03-2017 19:50:41)
Running from C:\Users\alejandro\Desktop
Loaded Profiles: alejandro (Available Profiles:  & alejandro)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
() C:\Windows\System32\valWBFPolicyService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(© 2015 Microsoft Corporation) C:\Users\alejandro\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\cpx\cpx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\cpx\cpx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\cpx\cpx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\cpx\cpx.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2015-03-04] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [649216 2017-01-05] () <===== ATTENTION
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\Run: [ares] => C:\Users\alejandro\Desktop\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\Run: [BingSvc] => C:\Users\alejandro\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {20f577d0-ef12-11e5-bedc-082e5f7a785b} - "F:\iLinker.exe" 
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {4646b80b-08fe-11e6-bee2-082e5f7a785b} - "F:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {bc60f2ed-a76f-11e4-be8f-082e5f7a785b} - "F:\HPLauncher.exe" 
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 
Tcpip\Parameters: [NameServer]
Tcpip\..\Interfaces\{9564830E-D317-42A6-A2C1-0C226C877B7A}: [DhcpNameServer] 
Tcpip\..\Interfaces\{A66FC120-4B59-4ABA-A50D-275EF46A6B6B}: [DhcpNameServer] 
Tcpip\..\Interfaces\{B6B30453-BF90-482F-A920-B156BBF1BCE6}: [DhcpNameServer] 

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130888094153886606&GUID=1EFA15A3-E7F2-418D-ABC6-9EAA5D06F006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130888094153912703&GUID=1EFA15A3-E7F2-418D-ABC6-9EAA5D06F006
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.google.com
hxxp://yahoo.com/
URLSearchHook: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {29A5E9B6-F722-440C-9FFA-22A924EA2469} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {29A5E9B6-F722-440C-9FFA-22A924EA2469} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {0CAD826E-920E-4084-B570-AB9288FBF1DB} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H26ztrmbl10AU,e0b81bd6-6b59-448d-8381-a5a085c7a882,
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {65DA4D22-1201-4BE2-9044-E968775FA0BE} URL = hxxp://www.teoma.com/web?tpid=ATU3-TMG&o=APN11203&pf=V7&p2=^CHX^YYYYYY^CA^US&gct=&itbv=12.40.1.3844&apn_uid=E72701F8-7C8F-4837-8775-8E0D903668C3&apn_ptnrs=^CHX&apn_dtid=^YYYYYY^CA^US&apn_dbr=iexplore.exe_6_11.0.9600.18123&doi=2016-03-28&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {830319C7-1356-402E-8451-C94E62121262} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {8361D426-EDDF-42F3-8A8C-7BAEF6E3647D} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {90210F00-78C9-40EE-981E-466E97AD0C0C} URL = hxxps://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=6D6B4065-DDB2-493E-B811-7DA09EFD51AF&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-09-19] (Yahoo! Inc.)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=435371&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=435371&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=435371&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default [2017-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR Profile: C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-29] (Digital Wave Ltd.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-30] (RaMMicHaeL)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 ghsandroid; C:\WINDOWS\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-03-22] (LogMeIn Inc.)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-20] (Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2015-05-09] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2015-05-09] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
U2 clr_optimization_v4.0.30319_64; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160105.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160105.021\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-20 19:45 - 2017-03-20 19:48 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-03-20 00:45 - 2017-03-20 19:45 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-20 00:45 - 2017-03-20 19:44 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-20 00:45 - 2017-03-20 19:44 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-20 00:41 - 2017-03-20 00:41 - 57131432 _____ (Malwarebytes ) C:\Users\alejandro\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-19 22:58 - 2017-03-19 22:59 - 00000000 ____D C:\Program Files\CCleaner
2017-03-19 22:58 - 2017-03-19 22:58 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-19 22:57 - 2017-03-19 22:58 - 09274608 _____ (Piriform Ltd) C:\Users\alejandro\Desktop\ccsetup528.exe
2017-03-19 22:55 - 2017-03-19 22:55 - 00000000 ____D C:\Users\alejandro\.proxycheck
2017-03-19 22:55 - 2017-03-19 22:55 - 00000000 ____D C:\Users\alejandro\.AnonymizerLauncher
2017-03-19 17:47 - 2017-03-20 19:44 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-19 17:47 - 2017-03-20 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-19 17:45 - 2017-03-20 19:45 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-19 17:45 - 2017-03-20 19:39 - 00000000 ____D C:\Users\alejandro\Desktop\mbar
2017-03-19 17:42 - 2017-03-19 17:43 - 16563352 _____ (Malwarebytes Corp.) C:\Users\alejandro\Desktop\mbar-1.09.3.1001.exe
2017-03-19 14:18 - 2017-03-19 14:18 - 00001376 _____ C:\Users\alejandro\Documents\hosts.txt
2017-03-19 14:15 - 2017-03-20 00:45 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-19 14:15 - 2017-03-20 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-19 14:15 - 2017-03-19 14:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-19 14:15 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-19 14:14 - 2017-03-19 14:14 - 57131432 _____ (Malwarebytes ) C:\Users\alejandro\Downloads\mb3-setup-consumer-3.0.6.1469-1075 (1).exe
2017-03-19 13:44 - 2017-03-19 13:44 - 00006352 ____N C:\bootsqm.dat
2017-03-18 20:31 - 2017-03-18 20:31 - 00036766 _____ C:\Users\alejandro\Desktop\RK.txt
2017-03-18 12:38 - 2017-03-18 12:38 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-18 12:37 - 2017-03-18 20:38 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-18 12:37 - 2017-03-18 12:37 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-18 12:37 - 2017-03-18 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-18 12:36 - 2017-03-18 20:29 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-18 12:34 - 2017-03-18 12:35 - 34977008 _____ (Adlice Software ) C:\Users\alejandro\Desktop\setup.exe
2017-03-18 12:27 - 2017-03-18 12:34 - 00041688 _____ C:\Users\alejandro\Desktop\Addition.txt
2017-03-18 12:17 - 2017-03-20 19:54 - 00021747 _____ C:\Users\alejandro\Desktop\FRST.txt
2017-03-18 12:15 - 2017-03-20 19:50 - 00000000 ____D C:\FRST
2017-03-18 12:14 - 2017-03-18 12:15 - 02424832 _____ (Farbar) C:\Users\alejandro\Desktop\FRST64.exe
2017-03-18 00:06 - 2017-03-18 00:13 - 00003664 _____ C:\Users\alejandro\Desktop\Rkill.txt
2017-03-18 00:05 - 2017-03-18 00:05 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\alejandro\Downloads\rkill.exe
2017-03-17 21:17 - 2017-03-17 21:17 - 57131432 _____ (Malwarebytes ) C:\Users\alejandro\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-17 20:52 - 2017-03-17 20:52 - 00000000 ____D C:\Users\alejandro\AppData\Roaming\TotalAV
2017-03-17 20:51 - 2017-03-17 20:51 - 09943712 _____ C:\Users\alejandro\Downloads\TotalAV.exe
2017-03-17 17:56 - 2017-03-17 17:58 - 00229286 _____ C:\TDSSKiller.3.1.0.12_17.03.2017_17.56.59_log.txt
2017-03-16 21:56 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-16 21:56 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-16 21:56 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-16 21:56 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-03-16 21:56 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-16 21:56 - 2017-03-04 00:05 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-16 21:56 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-03-16 21:56 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-16 21:56 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-16 21:56 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-16 21:56 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-16 21:56 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-16 21:56 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-16 21:56 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-03-16 21:56 - 2017-03-02 10:25 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-16 21:56 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-16 21:56 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-03-16 21:56 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-16 21:56 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-16 21:56 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-16 21:56 - 2017-02-10 22:12 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-03-16 21:56 - 2017-02-10 22:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-03-16 21:56 - 2017-02-10 22:00 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-03-16 21:56 - 2017-02-10 21:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-03-16 21:56 - 2017-02-10 21:56 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-16 21:56 - 2017-02-10 12:09 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-03-16 21:56 - 2017-02-09 22:10 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-03-16 21:56 - 2017-02-09 22:09 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-03-16 21:56 - 2017-02-09 22:08 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-03-16 21:56 - 2017-02-09 22:01 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-03-16 21:56 - 2017-02-09 22:00 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-03-16 21:56 - 2017-02-09 21:59 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-16 21:56 - 2017-02-04 13:32 - 07444832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-16 21:55 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-03-16 21:55 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-03-16 21:55 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-03-16 21:55 - 2017-02-11 12:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-16 21:55 - 2017-02-09 22:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-03-16 21:55 - 2017-02-09 18:31 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-16 21:55 - 2017-02-09 17:12 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-03-16 21:55 - 2017-02-09 08:28 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-16 21:55 - 2017-02-09 08:19 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-16 21:55 - 2017-02-09 08:16 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-16 21:55 - 2017-02-09 08:16 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-03-16 21:55 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-16 21:55 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-16 21:55 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-16 21:55 - 2017-02-04 13:30 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-16 21:55 - 2017-02-04 13:30 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-16 21:55 - 2017-02-04 13:30 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-16 21:55 - 2017-02-04 13:30 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-16 21:55 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-03-16 21:55 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-03-16 21:55 - 2017-02-04 11:14 - 01001472 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-16 21:55 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-16 21:55 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-16 21:55 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-03-16 21:55 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-16 21:55 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-16 21:55 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-16 21:55 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-16 21:55 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-03-16 21:55 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-03-16 21:55 - 2017-01-21 12:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-16 21:55 - 2017-01-21 12:20 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-16 21:55 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-03-16 21:55 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-03-16 21:55 - 2017-01-21 11:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-03-16 21:55 - 2017-01-21 10:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-03-16 21:55 - 2017-01-21 10:48 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-16 21:55 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-03-16 21:55 - 2017-01-11 12:37 - 02345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-16 21:55 - 2017-01-10 12:08 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-16 21:55 - 2017-01-05 11:20 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-16 21:55 - 2017-01-05 11:09 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-03-16 21:55 - 2017-01-05 10:36 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-16 21:55 - 2017-01-05 10:29 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-03-16 21:55 - 2017-01-05 10:13 - 07796224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-03-16 21:55 - 2017-01-05 09:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-16 21:55 - 2016-11-09 12:22 - 00681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-03-16 21:17 - 2017-03-16 21:17 - 00000000 ___HD C:\$SysReset
2017-03-15 17:56 - 2017-03-16 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-03-15 16:57 - 2017-02-23 07:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-15 16:57 - 2017-02-22 07:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-15 16:57 - 2017-02-22 07:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-15 16:57 - 2016-06-03 10:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-03-08 20:04 - 2017-03-08 20:05 - 00000000 ____D C:\Users\alejandro\AppData\Local\MegaDownloader
2017-03-08 16:17 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{0AB269BD-BD19-DE16-6983-75DDF6D8A735}
2017-03-08 16:17 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\{0b2b4fc9-412c-0}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{FA660A4E-4DCD-BDE5-A9ED-66741E598596}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{AC4DB197-1BE6-063C-33BF-30FA460DBE87}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{A60C3FE6-11A7-884D-9C89-426B8878E3BB}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{82313D8C-359A-8A27-9AEA-40FFA4FE7B43}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{8023CAA4-3788-7D0F-DE32-8CE5A1972D8B}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{60B469F9-D71F-DE52-DFF2-B9A7CE4A3269}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{2B0F0045-9CA4-B7EE-7F56-4C185A9C27E5}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{23A0759A-940B-C231-F2DE-0BEA83D900A5}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{1487C7EE-A32C-7045-163A-B48477A23872}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{0E701967-B9DB-AECC-52FC-BD66F0909A99}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{417317df-212c-0}
2017-03-06 23:44 - 2017-03-06 23:48 - 00000000 ____D C:\Users\alejandro\Documents\HelloWorld
2017-03-06 23:41 - 2017-03-06 23:41 - 00000000 ____D C:\Users\alejandro\.oracle_jre_usage
2017-02-27 16:11 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{B5FB732E-0250-C485-ED96-4D9EA8DA0809}
2017-02-27 16:11 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{802632CD-378D-8566-628B-46B1F82743AE}
2017-02-27 16:11 - 2017-03-12 13:42 - 00000000 ____D C:\ProgramData\5c43154b
2017-02-27 16:11 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\77fb5b5d-7cd1-0
2017-02-27 16:10 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\{27555696-512c-0}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{3b8206a8-712c-1}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{19be766b-212c-0}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{0b3e08c7-112c-1}
2017-02-26 21:32 - 2017-02-26 21:32 - 00305034 _____ C:\Users\alejandro\Desktop\Groundwater.pdf
2017-02-26 15:32 - 2017-03-17 20:34 - 00000000 ____D C:\WINDOWS\pss
2017-02-26 14:07 - 2017-02-26 14:08 - 00000000 ____D C:\Users\alejandro\Desktop\SMS
2017-02-26 13:04 - 2017-02-26 13:05 - 00000000 ____D C:\Users\alejandro\.gradle
2017-02-26 12:50 - 2017-02-26 12:55 - 00000000 ____D C:\Users\alejandro\eclipse
2017-02-26 12:47 - 2017-02-26 12:50 - 00000000 ____D C:\Users\alejandro\.eclipse
2017-02-26 12:40 - 2017-02-26 12:40 - 00000000 ____D C:\Users\alejandro\AppData\Roaming\Adobe
2017-02-25 23:47 - 2017-02-25 23:47 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-19 20:52 - 2017-03-19 22:45 - 00000000 ____D C:\Program Files (x86)\qdcomsvc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-20 19:49 - 2017-02-05 22:51 - 00000000 ____D C:\Users\alejandro\AppData\Local\Adobe
2017-03-20 19:49 - 2015-01-23 14:17 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1758070284-1970931268-1006762314-1002
2017-03-20 19:49 - 2015-01-23 14:09 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6FA2B183-C842-48DB-961C-CE419A9AB08F}
2017-03-20 19:44 - 2016-04-12 00:11 - 00000437 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-03-20 19:44 - 2015-01-27 07:20 - 00000000 ___RD C:\Users\alejandro\OneDrive
2017-03-20 19:44 - 2015-01-23 14:05 - 00000000 ____D C:\Users\alejandro\AppData\LocalLow\AuthenTec
2017-03-20 19:43 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-20 19:42 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-20 00:47 - 2017-02-06 01:19 - 00000000 ____D C:\Program Files (x86)\cpx
2017-03-20 00:45 - 2016-07-01 00:04 - 01253888 ___SH C:\Users\alejandro\Desktop\Thumbs.db
2017-03-19 23:09 - 2016-01-29 17:22 - 00000000 ____D C:\Users\alejandro\AppData\Local\CrashDumps
2017-03-19 23:09 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-19 22:55 - 2015-01-27 00:21 - 00000000 ____D C:\Users\alejandro
2017-03-19 22:45 - 2013-08-22 08:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-03-19 17:47 - 2015-08-18 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-19 15:25 - 2017-02-06 01:20 - 00000000 ____D C:\Users\alejandro\AppData\Local\cpx
2017-03-18 12:35 - 2015-09-26 14:38 - 00000000 ____D C:\ProgramData\Unchecky
2017-03-17 20:51 - 2015-01-27 00:10 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-17 20:45 - 2015-12-15 23:46 - 00000000 ____D C:\Users\alejandro\AppData\Local\ElevatedDiagnostics
2017-03-17 20:12 - 2016-03-23 19:39 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-03-17 19:59 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-17 19:59 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-17 19:50 - 2017-02-02 18:07 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-03-17 19:50 - 2017-01-28 18:14 - 00000601 _____ C:\WINDOWS\SysWOW64\nativelog.txt
2017-03-17 17:42 - 2013-08-22 07:44 - 00353960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-17 17:35 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-16 21:47 - 2015-01-23 18:08 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-03-16 20:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-16 19:20 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-16 00:54 - 2016-05-17 22:33 - 00768000 ___SH C:\Users\alejandro\Downloads\Thumbs.db
2017-03-15 23:42 - 2017-01-25 22:36 - 00019456 ___SH C:\Users\alejandro\Thumbs.db
2017-03-15 17:21 - 2015-01-25 20:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-15 17:02 - 2015-01-24 17:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 16:55 - 2015-01-24 17:57 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-15 16:32 - 2014-11-21 01:44 - 01049188 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-12 19:19 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-12 13:25 - 2015-10-24 00:11 - 00000000 ____D C:\Users\alejandro\AppData\Local\pangu
2017-03-09 21:34 - 2016-12-19 16:33 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-09 21:34 - 2016-12-19 16:33 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-06 23:42 - 2017-01-20 17:57 - 00000000 ____D C:\Users\alejandro\Documents\Space Shooter
2017-03-02 19:27 - 2015-01-23 14:21 - 00000000 ____D C:\Users\alejandro\Desktop\My Shared Folder
2017-03-01 00:34 - 2016-12-29 01:00 - 00000000 ____D C:\Users\alejandro\Documents\LeaningJava
2017-02-27 16:11 - 2017-02-05 23:19 - 00000000 ____D C:\ProgramData\03f6d56d-7a81-1
2017-02-27 16:11 - 2017-02-05 23:19 - 00000000 ____D C:\ProgramData\03f6d56d-2131-0
2017-02-26 14:23 - 2015-08-15 12:52 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-26 14:22 - 2015-08-18 13:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-26 14:11 - 2016-09-01 20:41 - 00000000 ____D C:\Users\alejandro\.p2
2017-02-26 10:36 - 2016-09-01 20:49 - 00000000 ____D C:\Users\alejandro\AppData\Local\Eclipse
2017-02-19 20:53 - 2012-11-07 08:25 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2017-02-18 18:20 - 2017-02-05 23:41 - 00000000 ____D C:\Users\alejandro\AppData\Local\AdvinstAnalytics

==================== Files in the root of some directories =======

2016-08-25 13:44 - 2016-08-25 14:09 - 0000551 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-ActiualSolution.dsln
2016-08-21 11:20 - 2016-08-21 11:21 - 0000228 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-Cetd.cedtx
2016-08-21 10:52 - 2016-08-21 10:52 - 0000310 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-Clip-Extractor-ProActivation.info
2016-08-21 10:54 - 2016-10-24 22:28 - 0000598 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-Clip-Extractor-ProFlvConverterDefaultSettings.xml
2016-08-21 10:53 - 2016-08-21 10:53 - 0000025 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
2016-08-25 13:43 - 2016-08-25 14:20 - 0000596 _____ () C:\Users\alejandro\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
2015-09-26 15:42 - 2015-09-28 23:42 - 0000099 _____ () C:\Users\alejandro\AppData\Roaming\WB.CFG
2016-04-30 23:27 - 2016-04-30 23:27 - 20982175 _____ () C:\Users\alejandro\AppData\Roaming\xulrunner.zip
2015-04-04 18:14 - 2017-01-31 22:43 - 0003584 _____ () C:\Users\alejandro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-05 23:16 - 2017-02-05 23:16 - 0002048 _____ () C:\Users\alejandro\AppData\Local\uninstallro.exe
2016-05-14 00:11 - 2016-05-14 00:11 - 0002560 _____ () C:\Users\alejandro\AppData\Local\uninstallssl.exe
2016-02-05 23:03 - 2016-02-05 23:04 - 0000000 _____ () C:\Users\alejandro\AppData\Local\{620FFD5B-9C81-4E95-938C-A243083B44BA}
2015-01-23 15:48 - 2015-01-23 15:48 - 0000036 _____ () C:\ProgramData\suguid.txt
2015-01-23 17:49 - 2015-01-23 17:58 - 0001580 _____ () C:\ProgramData\tempimage.bmp

Files to move or delete:
====================
C:\Program Files (x86)\cpx\cpx.exe


Some files in TEMP:
====================
2017-03-18 12:37 - 2016-08-13 00:40 - 1737080 ____N (Microsoft Corporation) C:\Users\alejandro\AppData\Local\Temp\dllnt_dump.dll
2017-02-26 00:08 - 2017-02-26 00:08 - 0019968 ____N (Red Hat®, Inc.) C:\Users\alejandro\AppData\Local\Temp\jansi-64-2123917920411596591.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-17 17:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by alejandro (20-03-2017 19:55:19)
Running from C:\Users\alejandro\Desktop
Windows 8.1 (Update) (X64) (2015-01-27 14:14:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1758070284-1970931268-1006762314-500 - Administrator - Disabled)
alejandro (S-1-5-21-1758070284-1970931268-1006762314-1002 - Administrator - Enabled) => C:\Users\alejandro
Guest (S-1-5-21-1758070284-1970931268-1006762314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1758070284-1970931268-1006762314-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ares 2.1.7 (HKLM-x32\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
Ares 3.1.8.4045 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.8.4045 - Ares)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.78.328 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.76.317 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
RogueKiller version 12.10.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.0.0 - Adlice Software)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo Inc.)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B04 - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E32D9A-FB05-4F24-9F8D-02C8ACE6CB22} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {05F2609E-FA2B-4696-B5C6-6CCCF1498CD6} - \brbrw_1502 -> No File <==== ATTENTION
Task: {116B7D36-E03C-4685-BEEF-5D7B5E9DA94F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {119D7559-FC93-4F01-9F67-3C21EB060DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {252D0189-8DB2-4D82-BBA6-239576F9A80F} - System32\Tasks\Foaamwite => C:\ProgramData\Foaamwite\1.0.6.1\eoavukse.exe 
Task: {2578F12B-1CF0-4438-8DB2-7B2D2A436209} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2AB829F0-6774-48C4-A059-EA0109B90955} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4E401F11-C2BC-46F7-AA53-C2A5AAB9328C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {53E8E419-4388-49C1-A809-E12865ED6A39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {54EAA32B-B46E-4416-B0D3-59025AB5B775} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {552CA472-9DEA-4E00-9B9F-D8C9FE07A2F1} - System32\Tasks\{237C4E54-A2D1-43A3-9F62-B7B95F4430CF} => pcalua.exe -a "c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Task: {5C0B2FCF-21F9-40B6-9996-DFCFBD890060} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-apbalderrama@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {624F5A80-42EF-4D1B-BE9C-35EFCC25C407} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe  <==== ATTENTION
Task: {7B44429F-37E1-40F2-8B74-62108E379121} - \trivia_games_updating_service -> No File <==== ATTENTION
Task: {7D591718-1C0E-4986-BB6F-DDF145F2CE70} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe 
Task: {87766D12-8F5B-44C7-9A06-E32C3EF5AD46} - System32\Tasks\updateTask => c:/task.vbs 
Task: {895F0176-89D6-4CD2-82CC-59CC00805A9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {8C8E6644-5124-49D0-8333-499ACE036CD2} - \BBQLeads -> No File <==== ATTENTION
Task: {982594D1-B1D5-46BC-ACC1-6B25C040377D} - System32\Tasks\Reimage Reminder => C:\Program Files\eFix\eFix Pro\ReimageReminder.exe  <==== ATTENTION
Task: {9875CC5B-9FF1-484A-B740-5BDF8DC21A31} - System32\Tasks\{3A935546-C9DB-4E51-AE8E-A115B39DF9DF} => pcalua.exe -a C:\Users\alejandro\AppData\Local\{709D46C1-5435-2A79-39AD-0F911DC5F309}\uninst.exe -c -FN=""-P=/Uninstall /s /noun /DelSelfDir
Task: {A87940FE-296A-4168-B208-703818F7A059} - System32\Tasks\AGProxyCheck => C:\Program 
Task: {AB14EEE9-9CFA-48AC-90E3-9543D7E31CAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {AF08E671-0CD0-4796-A9CD-408D5B54ED12} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe 
Task: {C1304E0D-19A0-4789-9130-D6C858DB4835} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {C656AD9D-FB5A-4E24-BF61-B91E3C78FB52} - System32\Tasks\Popzijn => C:\Program Files\shopperz051020150419\Wojtitv.bat  <==== ATTENTION
Task: {C96EFD3B-BB17-4539-96B5-A1940C7A56F0} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CCBD6F81-B7BD-490A-9C7F-0AA8824D2447} - \trivia_games_notification_service -> No File <==== ATTENTION
Task: {DA4FFBFA-9D37-44E1-9563-6D15C90CBBAC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E45DB40B-CC3F-40D7-A3E4-E482E5537B5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {ECCCAB3F-DFA5-485A-95F0-C199E501E2A1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-09] (Synaptics Incorporated)
Task: {FD9B7722-B385-4FEC-B6F0-D2BEF9A158FF} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe 
Task: {FE5F3CBB-FAD2-412A-9963-96DD25F51A52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FFDC50B0-E362-445E-9808-AAC0D7F57B83} - System32\Tasks\runTask => %TEMP%/Updater.exe 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForalejandro.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QPGCOYJUVOSLNAGI.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt-Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt-Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()

ShortcutWithArgument: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Сhrоmе Аpp Lаunсhеr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --show-app-list <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2017-03-19 14:15 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-19 14:15 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2017-01-05 12:00 - 2017-01-05 12:00 - 00649216 _____ () C:\Program Files (x86)\cpx\cpx.exe
2012-08-10 02:36 - 2012-08-10 02:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-06-11 13:10 - 2016-03-29 00:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-11-13 19:17 - 2016-11-13 19:17 - 45076480 _____ () C:\Program Files (x86)\cpx\libcef.dll
2016-03-24 12:30 - 2016-03-24 12:30 - 00933376 _____ () C:\Program Files (x86)\cpx\core.dll
2016-11-13 19:01 - 2016-11-13 19:01 - 01643008 _____ () C:\Program Files (x86)\cpx\libglesv2.dll
2016-11-13 19:01 - 2016-11-13 19:01 - 00074752 _____ () C:\Program Files (x86)\cpx\libegl.dll
2017-02-02 18:14 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 18:14 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73149165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73149165.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Vuidqotg => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\amazon.com -> www.amazon.com
IE trusted site: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-03-20 19:44 - 00001347 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 5 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\alejandro\Downloads\limegreen.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Dataup => 
MSCONFIG\Services: qdcomsvc => 
MSCONFIG\Services: windowsmanagementservice => 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QHSafeTray"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "svcvmx"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\StartupApproved\Run: => "wyipyt"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B7629802-C234-40B2-A0A7-462AD9209E3E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{B93B05A1-496D-472D-8E37-6E1DD844F0D5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{570EF269-3899-4BE6-93D2-3EF239CE1399}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

26-02-2017 11:00:42 Removed Java SE Development Kit 8 Update 121 (64-bit)
26-02-2017 12:17:01 Installed Java SE Development Kit 8 Update 121 (64-bit)
15-03-2017 16:52:31 Windows Update
17-03-2017 19:38:56 Removed Greenfoot
17-03-2017 19:49:33 Removed Minecraft
17-03-2017 19:51:09 Removed paint.net
17-03-2017 19:54:51 Removed BlueJ
17-03-2017 20:00:27 Revo Uninstaller Pro's restore point - Java 8 Update 121 (64-bit)
17-03-2017 20:01:32 Removed Java 8 Update 121 (64-bit)
17-03-2017 20:04:15 Removed Java SE Development Kit 8 Update 121 (64-bit)
17-03-2017 20:08:22 Removed Amazon Assistant
19-03-2017 22:39:43 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2017 07:44:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:58:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\DCEXEC.EXE".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:54:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:52:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\cyberlink\powerdirector10\UACAgent.exe".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:52:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\cyberlink\powerdirector10\PDHanumanSvr.exe.Manifest".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="X86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:46:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\dtutil.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:45:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\Tools\Binn\SQLCMD.EXE".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:45:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\dtshost.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:45:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\DTExec.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2017 05:45:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\COM\logread.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/20/2017 07:44:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (03/20/2017 07:43:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/20/2017 07:43:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AMD FUEL Service service to connect.

Error: (03/20/2017 07:43:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
A device attached to the system is not functioning.

Error: (03/20/2017 07:43:38 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (03/20/2017 07:42:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.

Error: (03/20/2017 07:41:00 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (03/19/2017 10:47:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (03/19/2017 10:47:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/19/2017 10:47:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AMD FUEL Service service to connect.


CodeIntegrity:
===================================
  Date: 2017-03-20 19:23:33.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-20 19:23:32.077
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-20 15:55:14.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-20 15:55:13.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-19 23:09:00.658
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-19 23:08:59.655
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-19 22:45:06.172
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-19 22:45:05.625
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-19 22:38:29.915
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-19 22:38:28.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 44%
Total physical RAM: 5596.26 MB
Available physical RAM: 3130.83 MB
Total Virtual: 11228.26 MB
Available Virtual: 8711.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:670.83 GB) (Free:367.37 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.59 GB) (Free:3.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Apr 07 2016) (CDROM) (Total:4.27 GB) (Free:4.26 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

 

Once again thank you so much!!!!!! I will try to donate once i get some money!!! :)

Link to post
Share on other sites

Thanks for the logs, update and kind words, unfortunately there are many remnants of the original infection. Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs, also tell me if you have any remaining issues or concerns with your PC...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Ok this is what i got!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by alejandro (21-03-2017 16:13:55) Run:1
Running from C:\Users\alejandro\Desktop
Loaded Profiles: alejandro &  (Available Profiles:  & alejandro)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [649216 2017-01-05] () <===== ATTENTION
C:\Program Files (x86)\cpx
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\Run: [ares] => C:\Users\alejandro\Desktop\Ares.exe [1015808 2010-10-27] (Ares Development Group)
C:\Users\alejandro\Desktop\Ares.exe
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\Run: [BingSvc] => C:\Users\alejandro\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
C:\Users\alejandro\AppData\Local\Microsoft\BingSvc
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {20f577d0-ef12-11e5-bedc-082e5f7a785b} - "F:\iLinker.exe" 
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {4646b80b-08fe-11e6-bee2-082e5f7a785b} - "F:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\...\MountPoints2: {bc60f2ed-a76f-11e4-be8f-082e5f7a785b} - "F:\HPLauncher.exe" 
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
U2 clr_optimization_v4.0.30319_64; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160105.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160105.021\EX64.SYS [X] 
2017-03-17 20:52 - 2017-03-17 20:52 - 00000000 ____D C:\Users\alejandro\AppData\Roaming\TotalAV
2017-03-17 20:51 - 2017-03-17 20:51 - 09943712 _____ C:\Users\alejandro\Downloads\TotalAV.exe
2017-03-08 16:17 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{0AB269BD-BD19-DE16-6983-75DDF6D8A735}
2017-03-08 16:17 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\{0b2b4fc9-412c-0}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{FA660A4E-4DCD-BDE5-A9ED-66741E598596}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{AC4DB197-1BE6-063C-33BF-30FA460DBE87}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{A60C3FE6-11A7-884D-9C89-426B8878E3BB}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{82313D8C-359A-8A27-9AEA-40FFA4FE7B43}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{8023CAA4-3788-7D0F-DE32-8CE5A1972D8B}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{60B469F9-D71F-DE52-DFF2-B9A7CE4A3269}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{2B0F0045-9CA4-B7EE-7F56-4C185A9C27E5}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{23A0759A-940B-C231-F2DE-0BEA83D900A5}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{1487C7EE-A32C-7045-163A-B48477A23872}
2017-03-08 07:39 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{0E701967-B9DB-AECC-52FC-BD66F0909A99}
2017-03-08 07:39 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{417317df-212c-0}
2017-02-27 16:11 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{B5FB732E-0250-C485-ED96-4D9EA8DA0809}
2017-02-27 16:11 - 2017-03-19 22:43 - 00000000 ____D C:\ProgramData\{802632CD-378D-8566-628B-46B1F82743AE}
2017-02-27 16:11 - 2017-03-12 13:42 - 00000000 ____D C:\ProgramData\5c43154b
2017-02-27 16:11 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\77fb5b5d-7cd1-0
2017-02-27 16:10 - 2017-03-08 16:17 - 00000000 ____D C:\ProgramData\{27555696-512c-0}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{3b8206a8-712c-1}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{19be766b-212c-0}
2017-02-27 16:10 - 2017-03-08 07:39 - 00000000 ____D C:\ProgramData\{0b3e08c7-112c-1}
2017-02-25 23:47 - 2017-02-25 23:47 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-19 20:52 - 2017-03-19 22:45 - 00000000 ____D C:\Program Files (x86)\qdcomsvc 
C:\Users\alejandro\AppData\Local\cpx
2017-02-27 16:11 - 2017-02-05 23:19 - 00000000 ____D C:\ProgramData\03f6d56d-7a81-1
2017-02-27 16:11 - 2017-02-05 23:19 - 00000000 ____D C:\ProgramData\03f6d56d-2131-0
Task: {00E32D9A-FB05-4F24-9F8D-02C8ACE6CB22} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {05F2609E-FA2B-4696-B5C6-6CCCF1498CD6} - \brbrw_1502 -> No File <==== ATTENTION
Task: {252D0189-8DB2-4D82-BBA6-239576F9A80F} - System32\Tasks\Foaamwite => C:\ProgramData\Foaamwite\1.0.6.1\eoavukse.exe 
C:\ProgramData\Foaamwite
Task: {624F5A80-42EF-4D1B-BE9C-35EFCC25C407} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe  <==== ATTENTION
Task: {7B44429F-37E1-40F2-8B74-62108E379121} - \trivia_games_updating_service -> No File <==== ATTENTION
Task: {87766D12-8F5B-44C7-9A06-E32C3EF5AD46} - System32\Tasks\updateTask => c:/task.vbs 
Task: {8C8E6644-5124-49D0-8333-499ACE036CD2} - \BBQLeads -> No File <==== ATTENTION
Task: {982594D1-B1D5-46BC-ACC1-6B25C040377D} - System32\Tasks\Reimage Reminder => C:\Program Files\eFix\eFix Pro\ReimageReminder.exe  <==== ATTENTION
C:\Program Files\eFix
Task: {C656AD9D-FB5A-4E24-BF61-B91E3C78FB52} - System32\Tasks\Popzijn => C:\Program Files\shopperz051020150419\Wojtitv.bat  <==== ATTENTION
C:\Program Files\shopperz051020150419
Task: {C96EFD3B-BB17-4539-96B5-A1940C7A56F0} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CCBD6F81-B7BD-490A-9C7F-0AA8824D2447} - \trivia_games_notification_service -> No File <==== ATTENTION
Task: {FFDC50B0-E362-445E-9808-AAC0D7F57B83} - System32\Tasks\runTask => %TEMP%/Updater.exe  
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
C:\Program Files (x86)\OneSystemCare
Task: C:\WINDOWS\Tasks\QPGCOYJUVOSLNAGI.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
C:\ProgramData\Service1291
 Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t-??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t-??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
ShortcutWithArgument: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --show-app-list <===== Cyrillic  
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Vuidqotg => ""="service"
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully
C:\Program Files (x86)\cpx => moved successfully
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ares => value removed successfully
C:\Users\alejandro\Desktop\Ares.exe => moved successfully
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
C:\Users\alejandro\AppData\Local\Microsoft\BingSvc => moved successfully
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20f577d0-ef12-11e5-bedc-082e5f7a785b} => key removed successfully
HKCR\CLSID\{20f577d0-ef12-11e5-bedc-082e5f7a785b} => key not found. 
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4646b80b-08fe-11e6-bee2-082e5f7a785b} => key removed successfully
HKCR\CLSID\{4646b80b-08fe-11e6-bee2-082e5f7a785b} => key not found. 
HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc60f2ed-a76f-11e4-be8f-082e5f7a785b} => key removed successfully
HKCR\CLSID\{bc60f2ed-a76f-11e4-be8f-082e5f7a785b} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\clr_optimization_v4.0.30319_64 => key removed successfully
clr_optimization_v4.0.30319_64 => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => key removed successfully
NAVEX15 => service removed successfully
C:\Users\alejandro\AppData\Roaming\TotalAV => moved successfully
C:\Users\alejandro\Downloads\TotalAV.exe => moved successfully
C:\ProgramData\{0AB269BD-BD19-DE16-6983-75DDF6D8A735} => moved successfully
"C:\ProgramData\{0b2b4fc9-412c-0}" => not found.
C:\ProgramData\{FA660A4E-4DCD-BDE5-A9ED-66741E598596} => moved successfully
C:\ProgramData\{AC4DB197-1BE6-063C-33BF-30FA460DBE87} => moved successfully
C:\ProgramData\{A60C3FE6-11A7-884D-9C89-426B8878E3BB} => moved successfully
C:\ProgramData\{82313D8C-359A-8A27-9AEA-40FFA4FE7B43} => moved successfully
C:\ProgramData\{8023CAA4-3788-7D0F-DE32-8CE5A1972D8B} => moved successfully
C:\ProgramData\{60B469F9-D71F-DE52-DFF2-B9A7CE4A3269} => moved successfully
C:\ProgramData\{2B0F0045-9CA4-B7EE-7F56-4C185A9C27E5} => moved successfully
C:\ProgramData\{23A0759A-940B-C231-F2DE-0BEA83D900A5} => moved successfully
C:\ProgramData\{1487C7EE-A32C-7045-163A-B48477A23872} => moved successfully
C:\ProgramData\{0E701967-B9DB-AECC-52FC-BD66F0909A99} => moved successfully
"C:\ProgramData\{417317df-212c-0}" => not found.
C:\ProgramData\{B5FB732E-0250-C485-ED96-4D9EA8DA0809} => moved successfully
C:\ProgramData\{802632CD-378D-8566-628B-46B1F82743AE} => moved successfully
C:\ProgramData\5c43154b => moved successfully
"C:\ProgramData\77fb5b5d-7cd1-0" => not found.
"C:\ProgramData\{27555696-512c-0}" => not found.
"C:\ProgramData\{3b8206a8-712c-1}" => not found.
"C:\ProgramData\{19be766b-212c-0}" => not found.
"C:\ProgramData\{0b3e08c7-112c-1}" => not found.
C:\Program Files (x86)\regtool => moved successfully
C:\Program Files (x86)\qdcomsvc => moved successfully
C:\Users\alejandro\AppData\Local\cpx => moved successfully
"C:\ProgramData\03f6d56d-7a81-1" => not found.
"C:\ProgramData\03f6d56d-2131-0" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00E32D9A-FB05-4F24-9F8D-02C8ACE6CB22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00E32D9A-FB05-4F24-9F8D-02C8ACE6CB22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05F2609E-FA2B-4696-B5C6-6CCCF1498CD6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05F2609E-FA2B-4696-B5C6-6CCCF1498CD6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\brbrw_1502 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{252D0189-8DB2-4D82-BBA6-239576F9A80F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{252D0189-8DB2-4D82-BBA6-239576F9A80F} => key removed successfully
C:\WINDOWS\System32\Tasks\Foaamwite => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Foaamwite => key removed successfully
"C:\ProgramData\Foaamwite" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{624F5A80-42EF-4D1B-BE9C-35EFCC25C407} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{624F5A80-42EF-4D1B-BE9C-35EFCC25C407} => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_P => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B44429F-37E1-40F2-8B74-62108E379121} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B44429F-37E1-40F2-8B74-62108E379121} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\trivia_games_updating_service => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87766D12-8F5B-44C7-9A06-E32C3EF5AD46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87766D12-8F5B-44C7-9A06-E32C3EF5AD46} => key removed successfully
C:\WINDOWS\System32\Tasks\updateTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C8E6644-5124-49D0-8333-499ACE036CD2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C8E6644-5124-49D0-8333-499ACE036CD2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BBQLeads => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{982594D1-B1D5-46BC-ACC1-6B25C040377D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{982594D1-B1D5-46BC-ACC1-6B25C040377D} => key removed successfully
C:\WINDOWS\System32\Tasks\Reimage Reminder => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => key removed successfully
"C:\Program Files\eFix" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C656AD9D-FB5A-4E24-BF61-B91E3C78FB52} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C656AD9D-FB5A-4E24-BF61-B91E3C78FB52} => key removed successfully
C:\WINDOWS\System32\Tasks\Popzijn => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Popzijn => key removed successfully
"C:\Program Files\shopperz051020150419" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C96EFD3B-BB17-4539-96B5-A1940C7A56F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C96EFD3B-BB17-4539-96B5-A1940C7A56F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCBD6F81-B7BD-490A-9C7F-0AA8824D2447} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCBD6F81-B7BD-490A-9C7F-0AA8824D2447} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\trivia_games_notification_service => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFDC50B0-E362-445E-9808-AAC0D7F57B83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFDC50B0-E362-445E-9808-AAC0D7F57B83} => key removed successfully
C:\WINDOWS\System32\Tasks\runTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\runTask => key removed successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => moved successfully
"C:\Program Files (x86)\OneSystemCare" => not found.
C:\WINDOWS\Tasks\QPGCOYJUVOSLNAGI.job => moved successfully
"C:\ProgramData\Service1291" => not found.
"C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t-??pl?r?r.lnk" => Could not move.
"C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk" => Could not move.
"C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\alejandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t-??pl?r?r.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Vuidqotg => key removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 114958423 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1449797 B
Edge => 0 B
Chrome => 373559227 B
Firefox => 0 B
Opera => 970752 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 15778050 B
systemprofile32 => 10839727 B
LocalService => 853614 B
NetworkService => 31738233 B
 => 0 B
alejandro => 6652899 B

RecycleBin => 0 B
EmptyTemp: => 543 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:23:58 ====

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/23/17
Scan Time: 2:45 AM
Logfile: mlog.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1575
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 453191
Time Elapsed: 28 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.SpeedBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser\User Data\Default\Local Storage, No Action By User, [11546], [181035],1.0.1575
PUP.Optional.SpeedBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser\User Data\Default, No Action By User, [11546], [181035],1.0.1575
PUP.Optional.SpeedBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser\User Data, No Action By User, [11546], [181035],1.0.1575
PUP.Optional.SpeedBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\speed browser, No Action By User, [11546], [181035],1.0.1575
PUP.Optional.VBates.WnskRST, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCALLOW\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, No Action By User, [719], [181253],1.0.1575

File: 6
PUP.Optional.SpeedBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage, No Action By User, [11546], [181035],1.0.1575
PUP.Optional.SpeedBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SPEED BROWSER.LNK, No Action By User, [11546], [252748],1.0.1575
PUP.Optional.ProxyGate, C:\USERS\ALEJANDRO\APPDATA\LOCAL\UNINSTALLRO.EXE, No Action By User, [1174], [375420],1.0.1575
PUP.Optional.Reimage, C:\WINDOWS\EFIX.INI, No Action By User, [1327], [333170],1.0.1575
PUP.Optional.SpeedItUp, C:\WINDOWS\REIMAGE.INI, No Action By User, [1431], [329423],1.0.1575
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\AGPROXYCHECK, No Action By User, [1430], [356709],1.0.1575

Physical Sector: 0
(No malicious items detected)


(end)

 

# AdwCleaner v6.044 - Logfile created 23/03/2017 at 16:44:28
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-23.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : alejandro - ALEJANDRO
# Running from : C:\Users\alejandro\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: YahooAUService


***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\raealdeal
[-] Folder deleted: C:\Program Files (x86)\reallDeal
[-] Folder deleted: C:\Program Files (x86)\ssavingtoyiou
[-] Folder deleted: C:\ProgramData\fb395a7000001486
[-] Folder deleted: C:\Users\alejandro\AppData\Local\globalUpdate
[-] Folder deleted: C:\Users\alejandro\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\alejandro\AppData\Local\AdvinstAnalytics
[-] Folder deleted: C:\Users\alejandro\AppData\Local\llssoft
[-] Folder deleted: C:\Users\alejandro\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Users\alejandro\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\alejandro\AppData\LocalLow\YahooCouponAddOn
[-] Folder deleted: C:\Users\alejandro\AppData\Roaming\RPEng
[-] Folder deleted: C:\Users\alejandro\AppData\Roaming\shortCutStore
[-] Folder deleted: C:\Users\alejandro\AppData\Roaming\Store
[-] Folder deleted: C:\Users\alejandro\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Users\alejandro\AppData\Roaming\Tencent
[-] Folder deleted: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater
[-] Folder deleted: C:\Users\alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: C:\Program Files\Reimage
[#] Folder deleted on reboot: C:\Program Files\reimage
[-] Folder deleted: C:\Program Files\ReviverSoft
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\Auto Updater
[-] Folder deleted: C:\ProgramData\Yahoo! Companion
[-] Folder deleted: C:\ProgramData\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Auto Updater
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Yahoo! Companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Program Files (x86)\Auto Updater
[-] Folder deleted: C:\Program Files (x86)\Exploremedia
[-] Folder deleted: C:\Program Files (x86)\globalUpdate
[-] Folder deleted: C:\Program Files (x86)\predm
[-] Folder deleted: C:\Program Files (x86)\SeekerProc
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\speed browser
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\alejandro\AppData\Local\Geckofx


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File deleted: C:\END
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File deleted: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File deleted: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
[-] File deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\LaunchBrowser_ed.exe.config
[-] File deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\LaunchBrowser_ed.exe
[-] File deleted: C:\user.js
[-] File deleted: C:\Users\alejandro\AppData\Local\uninstallssl.exe
[-] File deleted: C:\Program Files (x86)\Internet Explorer\iexplore.bat
[-] File deleted: C:\Program Files (x86)\Google\Chrome\Application\chrome.bat


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\yahooauservice
[-] Key deleted: HKLM\SOFTWARE\8d384d85-2b41-24bd-4fb3-8b9b148d745f
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Crashhd
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Crashhd
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\windowsmanagementservice
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\qdcomsvc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\dataup
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key deleted: HKU\.DEFAULT\Software\AnyProtect
[-] Key deleted: HKU\.DEFAULT\Software\Browser
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\.DEFAULT\Software\winmnt
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key deleted: HKU\S-1-5-19\Software\Browser
[-] Key deleted: HKU\S-1-5-20\Software\Browser
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\__SP__browser_name__SP__
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Browser
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\cain
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\darwendlm
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\eFix
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\GlobalUpdate
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Tinstalls
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\ShopperPro
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\tstamptoken
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\winmnt
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AnyProtect
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Browser
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\winmnt
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[#] Key deleted on reboot: HKCU\Software\__SP__browser_name__SP__
[#] Key deleted on reboot: HKCU\Software\Browser
[#] Key deleted on reboot: HKCU\Software\cain
[#] Key deleted on reboot: HKCU\Software\darwendlm
[#] Key deleted on reboot: HKCU\Software\eFix
[#] Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: HKCU\Software\ShopperPro
[#] Key deleted on reboot: HKCU\Software\tstamptoken
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\winmnt
[#] Key deleted on reboot: HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key deleted: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\Crashhd
[-] Key deleted: HKLM\SOFTWARE\GlobalUpdate
[-] Key deleted: HKLM\SOFTWARE\NetTcpHandler
[-] Key deleted: HKLM\SOFTWARE\NpApp
[-] Key deleted: HKLM\SOFTWARE\NtSvcHandler
[-] Key deleted: HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\__SP__browser_name__SP__
[#] Key deleted on reboot: [x64] HKCU\Software\Browser
[#] Key deleted on reboot: [x64] HKCU\Software\cain
[#] Key deleted on reboot: [x64] HKCU\Software\darwendlm
[#] Key deleted on reboot: [x64] HKCU\Software\eFix
[#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: [x64] HKCU\Software\ShopperPro
[#] Key deleted on reboot: [x64] HKCU\Software\tstamptoken
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: [x64] HKCU\Software\winmnt
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\eFix
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: [x64] HKLM\SOFTWARE\ShopperPro
[-] Key deleted: [x64] HKLM\SOFTWARE\WebBar
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Internet Explorer\SearchScopes\{65DA4D22-1201-4BE2-9044-E968775FA0BE}
[-] Key deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{65DA4D22-1201-4BE2-9044-E968775FA0BE}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{65DA4D22-1201-4BE2-9044-E968775FA0BE}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [cpx]
[-] Value deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
[-] Value deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [lstrmn]
[-] Value deleted: HKU\S-1-5-21-1758070284-1970931268-1006762314-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WinResSync]
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [29031 Bytes] - [23/03/2017 16:44:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [26853 Bytes] - [23/03/2017 16:32:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [29179 Bytes] ##########

 

2017-03-24 00:01:41.724    Sophos Virus Removal Tool version 2.5.6
2017-03-24 00:01:41.725    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-03-24 00:01:41.725    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-24 00:01:41.725    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-03-24 00:01:41.727    Checking for updates...
2017-03-24 00:01:41.787    Update progress: proxy server not available
2017-03-24 00:02:00.755    Option all = no
2017-03-24 00:02:00.755    Option recurse = yes
2017-03-24 00:02:00.756    Option archive = no
2017-03-24 00:02:00.756    Option service = yes
2017-03-24 00:02:00.756    Option confirm = yes
2017-03-24 00:02:00.756    Option sxl = yes
2017-03-24 00:02:00.758    Option max-data-age = 35
2017-03-24 00:02:00.758    Option vdl-logging = yes
2017-03-24 00:02:00.791    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-24 00:02:00.791    Machine ID:    fe1b789a5886470bace013c30817c866
2017-03-24 00:02:00.795    Component SVRTcli.exe version 2.5.6
2017-03-24 00:02:00.795    Component control.dll version 2.5.6
2017-03-24 00:02:00.795    Component SVRTservice.exe version 2.5.6
2017-03-24 00:02:00.796    Component engine\osdp.dll version 1.44.1.2280
2017-03-24 00:02:00.796    Component engine\veex.dll version 3.68.0.2280
2017-03-24 00:02:00.797    Component engine\savi.dll version 9.0.7.2280
2017-03-24 00:02:00.798    Component rkdisk.dll version 1.5.31.1
2017-03-24 00:02:00.798    Version info:    Product version    2.5.6
2017-03-24 00:02:00.799    Version info:    Detection engine    3.68.0
2017-03-24 00:02:00.799    Version info:    Detection data    5.36
2017-03-24 00:02:00.799    Version info:    Build date    2/7/2017
2017-03-24 00:02:00.799    Version info:    Data files added    344
2017-03-24 00:02:00.799    Version info:    Last successful update    (not yet updated)
2017-03-24 00:02:06.166    Downloading updates...
2017-03-24 00:02:06.175    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-03-24 00:02:06.176    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-24 00:02:06.176    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-24 00:02:06.176    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-03-24 00:02:06.176    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-03-24 00:02:06.176    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-03-24 00:02:06.176    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-03-24 00:02:06.176    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-03-24 00:02:06.176    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-03-24 00:02:06.176    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-03-24 00:02:06.176    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-03-24 00:02:06.176    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-03-24 00:02:06.176    Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product IDE538 LATEST path=]
2017-03-24 00:02:06.176    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-03-24 00:02:06.176    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-03-24 00:02:06.177    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-24 00:02:07.141    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-03-24 00:02:07.141    Update progress: [I19463] Product download size 158884372 bytes
2017-03-24 00:03:00.955    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-03-24 00:03:00.955    Update progress: [I19463] Product download size 2537599 bytes
2017-03-24 00:03:13.136    Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-03-24 00:03:13.136    Update progress: [I19463] Product download size 2280148 bytes
2017-03-24 00:03:24.076    Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-03-24 00:03:24.076    Update progress: [I19463] Product download size 1657543 bytes
2017-03-24 00:03:31.564    Installing updates...
2017-03-24 00:03:32.774    Error level 1
2017-03-24 00:05:20.924    Update successful
2017-03-24 00:05:42.661    Option all = no
2017-03-24 00:05:42.661    Option recurse = yes
2017-03-24 00:05:42.661    Option archive = no
2017-03-24 00:05:42.661    Option service = yes
2017-03-24 00:05:42.661    Option confirm = yes
2017-03-24 00:05:42.661    Option sxl = yes
2017-03-24 00:05:42.665    Option max-data-age = 35
2017-03-24 00:05:42.665    Option vdl-logging = yes
2017-03-24 00:05:42.679    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-24 00:05:42.679    Machine ID:    fe1b789a5886470bace013c30817c866
2017-03-24 00:05:42.682    Component SVRTcli.exe version 2.5.6
2017-03-24 00:05:42.683    Component control.dll version 2.5.6
2017-03-24 00:05:42.683    Component SVRTservice.exe version 2.5.6
2017-03-24 00:05:42.684    Component engine\osdp.dll version 1.44.1.2280
2017-03-24 00:05:42.685    Component engine\veex.dll version 3.68.0.2280
2017-03-24 00:05:42.686    Component engine\savi.dll version 9.0.7.2280
2017-03-24 00:05:42.687    Component rkdisk.dll version 1.5.31.1
2017-03-24 00:05:42.687    Version info:    Product version    2.5.6
2017-03-24 00:05:42.689    Version info:    Detection engine    3.68.0
2017-03-24 00:05:42.689    Version info:    Detection data    5.36
2017-03-24 00:05:42.689    Version info:    Build date    2/7/2017
2017-03-24 00:05:42.689    Version info:    Data files added    344
2017-03-24 00:05:42.689    Version info:    Last successful update    3/23/2017 5:05:20 PM

2017-03-24 00:57:24.957    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\AdwCleaner\quarantine\files\kctcccipbfnyfidxgdjkgjpiulsgunnk\Internet Explore.lnk
2017-03-24 00:59:38.591    Could not open C:\hiberfil.sys
2017-03-24 00:59:49.746    Could not open C:\pagefile.sys
2017-03-24 02:02:19.352    Could not open C:\swapfile.sys
2017-03-24 02:04:36.657    Could not open C:\System Volume Information\{1d408c1d-0de0-11e7-bf64-082e5f7a785b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-24 02:04:36.659    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-24 02:04:36.662    Could not open C:\System Volume Information\{da38930a-1022-11e7-bf6b-082e5f7a785b}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-24 02:07:57.577    Could not open C:\Users\alejandro\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-03-24 02:36:17.570    >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\alejandro\Documents\Vuze Downloads\Call of Duty Black Ops 2 PC game SP+MP+ZM ^^nosTEAM^^\COD Black ops 2\Call of Duty Black Ops 2\buddha.dll
2017-03-24 02:58:49.472    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-03-24 02:58:49.477    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-03-24 02:58:56.633    Could not open C:\Windows\System32\config\BBI
2017-03-24 02:58:56.968    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-03-24 02:58:56.994    Could not open C:\Windows\System32\config\RegBack\SAM
2017-03-24 02:58:56.998    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-03-24 02:58:57.010    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-03-24 02:58:57.025    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-03-24 03:33:57.409    The following items will be cleaned up:
2017-03-24 03:33:57.429    Mal/VMProtBad-A
2017-03-24 03:33:57.429    Mal/HiBrowLnk-A

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/24/17
Scan Time: 1:37 PM
Logfile: malwarebyteslog.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1587
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: ALEJANDRO\alejandro

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 487165
Time Elapsed: 52 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Well,i think so... I haven't seen any issues so far!! Thank You so much Kevin! I really appreciate it. I will definitely donate tomorrow if not then the day after tomorrow!!! Thanks!!!! :D

By the way, do i keep the programs? Just in case this happens again? If i have any concerns with my PC later on can you please help me again? Alright man Thank You so much for helping through these whole days i really appreciate it !!!!! This was so helpful!!! Thanks!

Link to post
Share on other sites

Hello BryanPerez09,

Thank you for those kind words, feel free to comeback in the future if you need help again. Regarding the tools we have used, is better option to clean up and remove them, if they are needed again is good practice to download fresh versions.... Continue with the following to clean up...

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.