Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02 Ran by jesus (administrator) on JESUSHP (26-11-2015 09:19:25) Running from F:\ Loaded Profiles: jesus (Available Profiles: jesus) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\psksvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.) C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE (Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] () HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [APVXDWIN] => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE [1000768 2011-04-13] (Panda Security, S.L.) HKLM-x32\...\Run: [SCANINICIO] => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe [70464 2011-02-02] (Panda Security, S.L.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot) Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr64.dll (On-Access Anti-Malware Scanner Sync) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard) HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [Google Update**.d<*>] => "C:\Users\jesus\AppData\Local\Google\Desktop\Install\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [Windows Live] => rundll32 "C:\Users\jesus\AppData\Local\{09F9419A-86F4-40B6-87BA-C4D7A85F0E5E}\Windows Live\dehlnd.dll",DllRegisterServer <===== ATTENTION HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [GameServer515] => "C:\Users\jesus\AppData\Roaming\hpqLog\WINA446.exe" HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [GameServer518] => "C:\Users\jesus\AppData\Roaming\Leadertech\WIN1027.exe" HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Run: [PandaSecurityUpgrade] => C:\ProgramData\Panda Security Upgrade\Upgrade.exe [213752 2015-07-27] (Panda Security, S.L.) HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-642280661-2776801712-2906168080-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dllATTENTION! ====> ZeroAccess? HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe -update activex HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-06-16] ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-06-16] ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2010-08-14] ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll No File Winsock: Catalog9 02 mswsock.dll No File Winsock: Catalog9 03 mswsock.dll No File Winsock: Catalog9 04 mswsock.dll No File Winsock: Catalog9 05 mswsock.dll No File Winsock: Catalog9 06 mswsock.dll No File Winsock: Catalog9 07 mswsock.dll No File Winsock: Catalog9 08 mswsock.dll No File Winsock: Catalog9 09 mswsock.dll No File Winsock: Catalog9 10 mswsock.dll No File Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll No File Winsock: Catalog9-x64 02 mswsock.dll No File Winsock: Catalog9-x64 03 mswsock.dll No File Winsock: Catalog9-x64 04 mswsock.dll No File Winsock: Catalog9-x64 05 mswsock.dll No File Winsock: Catalog9-x64 06 mswsock.dll No File Winsock: Catalog9-x64 07 mswsock.dll No File Winsock: Catalog9-x64 08 mswsock.dll No File Winsock: Catalog9-x64 09 mswsock.dll No File Winsock: Catalog9-x64 10 mswsock.dll No File Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{6E0D5B34-4733-4D00-937D-F6AF9A6368DA}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{E1E0DC81-40FA-4809-8BC0-5726D49C2096}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-642280661-2776801712-2906168080-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ HKU\S-1-5-21-642280661-2776801712-2906168080-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {60F001CC-D80D-498C-B9E2-2660637F1EC5} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {761420A7-9D95-4656-82B9-20BBC673E8A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM -> {76C78AA3-EA7B-4CBA-8733-AC012729FA77} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {C40530CA-DD4A-479E-B68C-0416599C7AD4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {60F001CC-D80D-498C-B9E2-2660637F1EC5} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {761420A7-9D95-4656-82B9-20BBC673E8A5} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 -> {76C78AA3-EA7B-4CBA-8733-AC012729FA77} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {C40530CA-DD4A-479E-B68C-0416599C7AD4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {60F001CC-D80D-498C-B9E2-2660637F1EC5} URL = SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {761420A7-9D95-4656-82B9-20BBC673E8A5} URL = SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {76C78AA3-EA7B-4CBA-8733-AC012729FA77} URL = SearchScopes: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> {C40530CA-DD4A-479E-B68C-0416599C7AD4} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-12-26] (Sun Microsystems, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-06-16] (Webroot) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-26] (Sun Microsystems, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-06-16] (Webroot) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-06-16] (Webroot) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-06-16] (Webroot) Toolbar: HKU\S-1-5-21-642280661-2776801712-2906168080-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox: ======== FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-26] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File] FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] () FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-642280661-2776801712-2906168080-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jesus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-28] CHR Extension: (Google Search) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-28] CHR Extension: (Google Wallet) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01] CHR Extension: (Gmail) - C:\Users\jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20] CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-16] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe [173312 2009-08-10] (Panda Security, S.L.) R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe [202016 2012-10-16] (Panda Security, S.L.) R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.) R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe [314176 2010-06-04] (Panda Security, S.L.) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc) R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.) R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.) R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [839208 2015-11-20] (Webroot) S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\ \...\???\{bf80a1bb-7599-6935-d9a1-635ced365c9c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [65608 2010-05-21] (Panda Security, S.L.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.) R1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.) S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot) S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-03] (Webroot) S3 catchme; \??\C:\ComboFix\catchme.sys [X] R3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [X] R3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X] U0 SR; no ImagePath U2 srservice; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-26 09:18 - 2015-11-26 09:19 - 00000000 ____D C:\FRST 2015-11-19 19:42 - 2015-11-20 16:58 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForjesus.job 2015-11-19 19:42 - 2015-11-19 19:42 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForjesus ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-26 09:19 - 2014-06-16 19:20 - 00000000 ____D C:\ProgramData\WRData 2015-11-26 09:19 - 2009-07-13 21:13 - 00733164 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-26 09:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2015-11-26 09:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows 2015-11-26 09:13 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-26 09:13 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-26 09:08 - 2012-04-03 07:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-26 09:06 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-25 21:11 - 2010-10-20 16:54 - 00000000 ____D C:\Users\jesus\AppData\Roaming\SoftGrid Client 2015-11-25 17:36 - 2014-08-03 18:17 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 06:26 - 2013-01-31 09:09 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{62FDFF31-3B08-4FDC-9A6F-38A982062ED7} 2015-11-20 17:03 - 2014-06-16 19:21 - 00170760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2015-11-20 17:03 - 2014-06-16 19:21 - 00105888 _____ (Webroot) C:\Windows\system32\WRusr.dll 2015-11-20 16:59 - 2010-08-14 15:25 - 00000000 ____D C:\ProgramData\PDFC 2015-11-19 19:14 - 2010-10-20 15:59 - 00008627 _____ C:\Windows\SysWOW64\PAV_FOG.OPC 2015-11-17 09:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-10 19:08 - 2012-04-03 07:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-10 19:08 - 2012-04-03 07:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-10 19:08 - 2011-05-20 06:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2011-08-04 14:37 - 2011-08-04 14:37 - 0001854 _____ () C:\Users\jesus\AppData\Roaming\GhostObjGAFix.xml 2014-05-16 11:37 - 2014-05-16 11:37 - 0000055 _____ () C:\Users\jesus\AppData\Roaming\mbam.context.scan 2011-12-24 15:29 - 2011-12-24 15:33 - 0010098 ___SH () C:\Users\jesus\AppData\Local\d31w03803t6bly5mr8gi647 2012-01-01 15:06 - 2012-01-02 11:01 - 0013242 ___SH () C:\Users\jesus\AppData\Local\oid711gu8xhb03rf7p358s0cbgfia7nt8yyel 2011-05-02 07:40 - 2011-05-02 07:40 - 0000000 _____ () C:\Users\jesus\AppData\Local\{D4A74673-F89F-422C-BC78-4B031B39EC3C} 2011-12-24 15:29 - 2011-12-24 15:33 - 0010098 ___SH () C:\ProgramData\d31w03803t6bly5mr8gi647 2012-01-01 15:06 - 2012-01-02 11:01 - 0013242 ___SH () C:\ProgramData\oid711gu8xhb03rf7p358s0cbgfia7nt8yyel ZeroAccess: C:\Users\jesus\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini Some files in TEMP: ==================== C:\Users\jesus\AppData\Local\Temp\01361741089046.exe C:\Users\jesus\AppData\Local\Temp\01361741089775.exe C:\Users\jesus\AppData\Local\Temp\1.exe C:\Users\jesus\AppData\Local\Temp\2SKKKKKKK.exe C:\Users\jesus\AppData\Local\Temp\COMAP.EXE C:\Users\jesus\AppData\Local\Temp\Couponscom.exe C:\Users\jesus\AppData\Local\Temp\ehdwniqldfrurtoabdd.exe C:\Users\jesus\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\jesus\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\jesus\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\jesus\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\jesus\AppData\Local\Temp\ohnabvsrdtylicmodex.exe C:\Users\jesus\AppData\Local\Temp\Resource.exe C:\Users\jesus\AppData\Local\Temp\sp54931.exe C:\Users\jesus\AppData\Local\Temp\sp58915.exe C:\Users\jesus\AppData\Local\Temp\uninst1.exe C:\Users\jesus\AppData\Local\Temp\UninstallHPSA.exe C:\Users\jesus\AppData\Local\Temp\WRupdate338350.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 LastRegBack: 2015-11-20 17:31 ==================== End of FRST.txt ============================