Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 x64 keeps freezing and random DCOM 10010 errors in Event Log


  • This topic is locked This topic is locked
22 replies to this topic

#1 pparedes

pparedes

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 29 January 2015 - 11:56 AM

Hi, something is not right overall all of a sudden where the computer freezes at night and needs to be manually shut off. I've run some tools like RougeKiller and at one point it said I might have ZeroAccess rootkit but have not been able to show I have it or fix the overall problem. I noticed my windows log had many DCOM errors with description of "The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout." I looked in the registry and it just labels that as ShellWindows. When I searched google that error brought me here.

 

In addition there were quite a few Mcafee crashes always scanning the same object (see below), but I have not idea what this is or how to delete.

 

A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
 The process will be terminated. Thread id : 9928 (0x26c8)
 Thread address : 0x00007FFD292E1A4A
 Thread message :

 Build VSCORE.15.1.0.543 / 5700.7163
 Object being scanned = \Device\HarddiskVolume22\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1
 by System
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 5003(0)(0)
 5002(0)(1)
 15002(0)(0)
 5000(0)(0)
 

 

Here is the FRST.txt content and addition.txt is attached per instructions. Thanks for any help you can provide

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Pedro (administrator) on WIN81_APT on 29-01-2015 10:38:02
Running from C:\Users\Pedro\Downloads
Loaded Profiles: Pedro (Available profiles: Pedro)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Anuko International Ltd.) C:\Program Files (x86)\Anuko\World Clock\timesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Control.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\Multipl2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Drag.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Anuko International Ltd.) C:\Program Files (x86)\Anuko\World Clock\world_clock.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-21] (Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [CDEjectCtr] => C:\Program Files (x86)\Dell\Dell Wireless Keyboard Software\CDCtr.exe [411648 2012-11-15] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5105288 2014-10-15] (Plex, Inc.)
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [AnukoWorldClock] => C:\Program Files (x86)\Anuko\World Clock\world_clock.exe [797336 2015-01-16] (Anuko International Ltd.)
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-01-04] (Siber Systems)
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\MountPoints2: G - "G:\setup.exe"
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{99D8B059-63AA-415B-A8F3-48A4F6E3D867}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> {7B67A3B6-A2A4-4519-BCEE-958278BB203A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150121114040.dll (McAfee, Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150121114041.dll (McAfee, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Download Status Bar - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-01-28]
FF Extension: Adblock Plus - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-28]
FF Extension: Tab Mix Plus - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-16]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-11-17]
FF HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnukoTime; C:\Program Files (x86)\Anuko\World Clock\timesync.exe [222872 2015-01-09] (Anuko International Ltd.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows ® Win 7 DDK provider)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [131072 2013-05-17] () [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [203128 2014-12-12] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-06-24] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2015-01-21] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2015-01-21] (McAfee, Inc.)
R2 Multiplicity; C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe [200504 2014-05-15] (Stardock Software, Inc)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-15] (Qualcomm Atheros) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-26] (Qualcomm Atheros, Inc.)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [97496 2015-01-28] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2015-01-21] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2015-01-21] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2015-01-21] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2015-01-21] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2015-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2015-01-21] (McAfee, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-18] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 07:46 - 2015-01-29 07:46 - 00000000 ___RD () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-29 00:02 - 2015-01-29 00:02 - 00001675 _____ () C:\Users\Pedro\Desktop\ZHPCleaner.txt
2015-01-29 00:01 - 2015-01-29 00:01 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FB4D041-904B-48F6-8A0A-06B69850AA39}
2015-01-28 23:59 - 2015-01-28 23:59 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-01-28 23:52 - 2015-01-29 00:02 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\ZHP
2015-01-28 23:52 - 2015-01-28 23:52 - 01458176 _____ () C:\Users\Pedro\Downloads\ZHPCleaner.exe
2015-01-28 23:19 - 2015-01-29 07:50 - 00002191 _____ () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2015-01-28 23:16 - 2015-01-28 23:16 - 00026860 _____ () C:\Users\Pedro\Downloads\Addition.txt
2015-01-28 23:15 - 2015-01-29 10:38 - 00025411 _____ () C:\Users\Pedro\Downloads\FRST.txt
2015-01-28 23:15 - 2015-01-29 10:38 - 00000000 ____D () C:\FRST
2015-01-28 23:15 - 2015-01-28 23:15 - 02130432 _____ (Farbar) C:\Users\Pedro\Downloads\FRST64.exe
2015-01-28 15:48 - 2015-01-28 15:48 - 00000000 __SHD () C:\Recovery
2015-01-28 15:47 - 2015-01-29 06:00 - 00000000 ____D () C:\Windows.old
2015-01-28 15:47 - 2015-01-28 15:47 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-01-28 15:47 - 2015-01-28 14:10 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-28 15:43 - 2015-01-28 15:43 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-28 15:43 - 2015-01-28 15:43 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-28 15:43 - 2015-01-28 15:43 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-28 15:43 - 2015-01-28 15:43 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-28 15:43 - 2014-11-18 10:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-01-28 15:43 - 2014-11-18 10:31 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-01-28 15:43 - 2014-11-18 10:31 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-28 15:43 - 2014-11-18 10:31 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-28 15:43 - 2014-11-18 10:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-01-28 15:43 - 2014-11-18 10:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-01-28 15:42 - 2015-01-28 15:42 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-01-28 14:47 - 2015-01-28 14:47 - 00000000 ____D () C:\_OTL
2015-01-28 14:45 - 2015-01-28 14:45 - 00179242 _____ () C:\Users\Pedro\Downloads\OTL.Txt
2015-01-28 14:45 - 2015-01-28 14:45 - 00061984 _____ () C:\Users\Pedro\Downloads\Extras.Txt
2015-01-28 14:37 - 2015-01-28 14:37 - 00602112 _____ (OldTimer Tools) C:\Users\Pedro\Downloads\OTL.exe
2015-01-28 14:37 - 2015-01-28 14:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-28 14:36 - 2015-01-28 14:36 - 01707939 _____ (Thisisu) C:\Users\Pedro\Downloads\JRT.exe
2015-01-28 14:09 - 2015-01-28 14:09 - 00001449 _____ () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-28 14:09 - 2015-01-28 14:09 - 00000020 ___SH () C:\Users\Pedro\ntuser.ini
2015-01-28 14:04 - 2015-01-28 14:04 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-01-28 14:00 - 2015-01-28 14:00 - 00000000 ____D () C:\WINDOWS\CSC
2015-01-28 13:57 - 2015-01-28 13:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-28 13:57 - 2015-01-28 13:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-28 13:57 - 2015-01-28 13:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-28 13:55 - 2015-01-28 13:55 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-01-28 13:54 - 2015-01-29 07:44 - 00000000 ____D () C:\Users\Pedro
2015-01-28 13:54 - 2015-01-28 14:05 - 00030483 _____ () C:\WINDOWS\diagwrn.xml
2015-01-28 13:54 - 2015-01-28 14:05 - 00030483 _____ () C:\WINDOWS\diagerr.xml
2015-01-28 13:54 - 2014-11-18 10:21 - 00000000 ___RD () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-28 13:54 - 2014-11-18 10:12 - 00000000 ___RD () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-28 13:54 - 2014-03-18 04:05 - 00000369 _____ () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-28 13:54 - 2014-03-18 04:05 - 00000369 _____ () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-28 13:54 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 13:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-28 13:50 - 2015-01-28 13:50 - 00849522 _____ () C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2015-01-28 13:50 - 2015-01-28 13:50 - 00424510 _____ () C:\WINDOWS\system32\Drivers\rtwavesmapro.dat
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Program Files\Realtek
2015-01-28 13:50 - 2013-11-11 09:02 - 06674208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-28 13:50 - 2013-11-11 09:02 - 03490080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-28 13:50 - 2013-11-11 09:01 - 03467927 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-28 13:50 - 2013-11-11 09:01 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-28 13:50 - 2013-11-11 09:01 - 01065248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-28 13:50 - 2013-11-11 09:01 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-28 13:50 - 2013-11-11 09:01 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-28 13:50 - 2013-11-11 09:01 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-28 13:50 - 2013-11-11 09:01 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-28 13:49 - 2015-01-29 08:12 - 00404388 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-28 13:49 - 2015-01-28 13:56 - 00000000 ____D () C:\Program Files\Intel
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-28 13:49 - 2014-08-06 10:59 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-01-28 13:49 - 2014-08-06 10:59 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-01-28 13:31 - 2015-01-28 14:05 - 00006524 _____ () C:\WINDOWS\comsetup.log
2015-01-28 09:17 - 2015-01-28 09:21 - 00000000 ____D () C:\AdwCleaner
2015-01-28 09:11 - 2015-01-28 09:11 - 02194432 _____ () C:\Users\Pedro\Downloads\adwcleaner_4.109.exe
2015-01-28 08:47 - 2015-01-28 08:47 - 18570328 _____ () C:\Users\Pedro\Downloads\RogueKillerX64.exe
2015-01-28 08:36 - 2015-01-28 14:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-28 08:34 - 2015-01-28 14:27 - 00000000 ____D () C:\Users\Pedro\Desktop\mbar
2015-01-28 08:26 - 2015-01-28 08:26 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Pedro\Downloads\mbar-1.08.3.1004.exe
2015-01-28 08:23 - 2015-01-28 23:42 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-28 08:23 - 2015-01-28 08:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-27 11:23 - 2015-01-27 11:28 - 824467456 _____ () C:\Users\Pedro\Downloads\QBW32Pro.exe
2015-01-27 09:44 - 2015-01-27 09:44 - 08345384 _____ () C:\Users\Pedro\Downloads\479971_intl_x64_zip.exe
2015-01-27 08:36 - 2015-01-27 08:36 - 05407080 _____ () C:\Users\Pedro\Downloads\474475_intl_x64_zip.exe
2015-01-27 08:29 - 2015-01-27 08:29 - 00820936 _____ () C:\Users\Pedro\Downloads\476700_intl_x64_zip.exe
2015-01-27 08:27 - 2015-01-27 08:27 - 41191776 _____ () C:\Users\Pedro\Downloads\479120_intl_x64_zip.exe
2015-01-26 17:35 - 2015-01-26 17:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 15:28 - 2015-01-26 15:29 - 94195216 _____ (Microsoft Corporation) C:\Users\Pedro\Downloads\outlook2013-kb2910923-fullfile-x64-glb.exe
2015-01-26 14:53 - 2015-01-26 14:53 - 01082368 _____ () C:\Users\Pedro\Downloads\MicrosoftFixit50388.msi
2015-01-26 14:47 - 2015-01-28 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2015-01-26 14:47 - 2015-01-26 14:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft OffCAT
2015-01-26 14:46 - 2015-01-26 14:46 - 10827776 _____ () C:\Users\Pedro\Downloads\OffCAT.msi
2015-01-26 10:30 - 2015-01-28 13:35 - 00436100 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-01-23 09:38 - 2015-01-23 09:38 - 00000017 _____ () C:\Users\Pedro\AppData\Local\resmon.resmoncfg
2015-01-22 22:03 - 2015-01-22 22:04 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2015-01-22 22:03 - 2015-01-22 22:03 - 08719920 _____ (Dell Inc.) C:\Users\Pedro\Downloads\Application_6W2VD_WN_1.2.1004.0_A05.EXE
2015-01-22 22:01 - 2015-01-22 22:01 - 00003722 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-01-22 22:01 - 2015-01-22 22:01 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-01-22 21:59 - 2015-01-29 07:46 - 00006468 _____ () C:\WINDOWS\SysWOW64\Gms.log
2015-01-22 21:55 - 2015-01-22 21:56 - 85752176 _____ (Dell Inc.) C:\Users\Pedro\Downloads\2720_Chipset_Driver_6YDMM_WN_10.0.25.1048_A01.EXE
2015-01-22 21:55 - 2015-01-22 21:56 - 25338440 _____ (Dell Inc.) C:\Users\Pedro\Downloads\2720_Serial-ATA_Driver_HD4NH_WN_12.8.2.1000_A01.EXE
2015-01-22 21:48 - 2015-01-22 21:48 - 00417064 _____ () C:\Users\Pedro\Downloads\DellSystemDetect.exe
2015-01-21 10:18 - 2015-01-28 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-21 10:17 - 2015-01-21 10:17 - 02655968 _____ () C:\Users\Pedro\Downloads\APP_IO_W7_W8_A00_Setup-9PPPW_ZPE.exe
2015-01-18 07:27 - 2015-01-19 14:40 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Origin
2015-01-18 07:06 - 2015-01-19 14:42 - 00000000 ____D () C:\ProgramData\Origin
2015-01-16 19:38 - 2015-01-16 19:38 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\3914
2015-01-16 15:02 - 2015-01-16 15:02 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.5 64-bit.lnk
2015-01-16 15:02 - 2015-01-16 15:02 - 00002078 _____ () C:\Users\Public\Desktop\Lightroom 5.5 64-bit.lnk
2015-01-16 14:51 - 2015-01-16 14:55 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-01-16 14:51 - 2015-01-16 14:55 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-01-16 14:51 - 2015-01-16 14:55 - 00002076 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-01-16 14:51 - 2015-01-16 14:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-16 14:42 - 2015-01-16 14:42 - 00003504 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ppp0@outlook.com
2015-01-16 14:41 - 2015-01-16 14:41 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\NVIDIA
2015-01-16 14:40 - 2015-01-28 13:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 14:40 - 2015-01-16 15:01 - 00000000 ____D () C:\Program Files\Adobe
2015-01-16 14:40 - 2015-01-16 14:40 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-01-16 14:39 - 2015-01-16 14:39 - 00001565 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-01-16 14:37 - 2015-01-16 15:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 14:35 - 2015-01-16 15:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-16 14:20 - 2015-01-16 14:21 - 00005866 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-01-16 12:45 - 2015-01-16 12:45 - 00000000 ____D () C:\temp
2015-01-15 09:22 - 2015-01-29 07:56 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WIN81_APT-Pedro Win81_Apt
2015-01-09 09:03 - 2015-01-28 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-01-09 09:03 - 2015-01-09 09:03 - 00002547 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-01-05 19:28 - 2015-01-05 19:28 - 00000000 ____D () C:\Users\Pedro\Documents\CyberLink
2015-01-05 19:28 - 2015-01-05 19:28 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\CyberLink
2015-01-05 19:28 - 2015-01-05 19:28 - 00000000 ____D () C:\Users\Pedro\AppData\Local\CyberLink
2015-01-05 18:27 - 2015-01-05 18:27 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\TaiG
2015-01-04 13:17 - 2015-01-04 13:22 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-04 10:28 - 2015-01-04 10:28 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\iFunbox_UserCache
2015-01-04 10:22 - 2015-01-04 10:22 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Apple_Inc
2015-01-04 07:41 - 2015-01-16 17:33 - 00000000 ____D () C:\Users\Pedro\Desktop\Minecraft Server
2015-01-03 10:06 - 2015-01-03 10:06 - 00000000 ___HD () C:\Users\Pedro\AppData\Roaming\GoldenGate
2015-01-03 10:05 - 2015-01-03 10:05 - 00000171 _____ () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2015-01-03 09:58 - 2015-01-03 09:58 - 00003190 _____ () C:\WINDOWS\System32\Tasks\{53235ECE-D935-4045-837E-CEA5D606F8BF}
2015-01-02 10:29 - 2015-01-29 10:31 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 10:29 - 2015-01-28 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-02 10:29 - 2015-01-28 09:56 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-02 10:29 - 2015-01-02 10:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-02 10:29 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-02 10:27 - 2015-01-02 10:29 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Malwarebytes
2015-01-02 10:27 - 2015-01-02 10:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-02 10:27 - 2015-01-02 10:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-02 10:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-01 13:52 - 2015-01-28 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-01 13:52 - 2015-01-22 20:14 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.minecraft
2015-01-01 13:52 - 2015-01-09 16:09 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-01-01 13:52 - 2015-01-01 13:52 - 00000980 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-01-01 13:52 - 2015-01-01 13:52 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\java
2014-12-30 15:16 - 2015-01-28 13:56 - 00000000 ____D () C:\ProgramData\PBDACN
2014-12-30 15:10 - 2014-12-30 15:10 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Daring_Development_Inc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 10:32 - 2014-11-19 09:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 10:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-29 09:44 - 2014-11-17 12:08 - 00000000 ____D () C:\Users\Pedro\Documents\Outlook Files
2015-01-29 09:38 - 2014-11-17 11:54 - 00000000 ____D () C:\Users\Pedro\Documents\Gaby
2015-01-29 08:08 - 2014-11-17 10:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1752789045-980292033-1344979022-1001
2015-01-29 07:51 - 2014-03-18 04:02 - 00869412 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-29 07:50 - 2014-11-17 14:50 - 00000000 ____D () C:\QUARANTINE
2015-01-29 07:49 - 2014-11-17 12:52 - 00000000 ____D () C:\Media
2015-01-29 07:46 - 2014-12-29 09:47 - 00000000 ___RD () C:\Users\Pedro\iCloudDrive
2015-01-29 07:46 - 2014-11-17 10:23 - 00000000 ___DO () C:\Users\Pedro\OneDrive
2015-01-29 07:44 - 2014-03-18 03:51 - 00007364 _____ () C:\WINDOWS\PFRO.log
2015-01-29 07:44 - 2013-08-22 08:46 - 00297862 _____ () C:\WINDOWS\setupact.log
2015-01-29 07:44 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-29 02:00 - 2014-11-19 09:30 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Adobe
2015-01-28 23:40 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-28 15:47 - 2013-08-22 09:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-28 14:50 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-28 14:37 - 2014-11-18 13:05 - 00000000 ____D () C:\Users\Pedro\AppData\Local\CrashDumps
2015-01-28 14:20 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-28 14:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-28 14:01 - 2013-08-22 09:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-28 14:01 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-28 13:59 - 2014-12-17 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-28 13:59 - 2014-11-25 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools OST Recovery
2015-01-28 13:59 - 2014-11-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-28 13:59 - 2014-11-23 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-28 13:59 - 2014-11-22 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-28 13:59 - 2014-11-22 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2015-01-28 13:59 - 2014-11-22 18:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-28 13:59 - 2014-11-21 11:37 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-28 13:59 - 2014-11-19 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-28 13:59 - 2014-11-18 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-01-28 13:59 - 2014-11-18 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-01-28 13:59 - 2014-11-17 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anuko World Clock
2015-01-28 13:59 - 2014-11-17 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-01-28 13:59 - 2014-11-17 13:57 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-28 13:59 - 2014-11-17 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-28 13:59 - 2014-11-17 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-28 13:59 - 2014-11-17 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-28 13:59 - 2014-11-17 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
2015-01-28 13:59 - 2014-11-17 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EdgeRunner
2015-01-28 13:59 - 2014-11-17 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-28 13:59 - 2014-11-17 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-01-28 13:59 - 2014-06-12 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2015-01-28 13:59 - 2014-06-12 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-28 13:59 - 2014-06-12 19:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-28 13:59 - 2014-03-18 03:43 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-01-28 13:59 - 2013-08-22 08:44 - 00493368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-28 13:59 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-28 13:57 - 2014-11-22 22:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2015-01-28 13:57 - 2014-03-18 03:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-01-28 13:57 - 2014-03-18 03:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-01-28 13:57 - 2014-03-18 03:30 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-01-28 13:57 - 2013-08-22 09:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2015-01-28 13:57 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-01-28 13:57 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-01-28 13:57 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-01-28 13:57 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-01-28 13:57 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-01-28 13:57 - 2013-08-22 07:36 - 00000000 ____D () C:\Users\Default.migrated
2015-01-28 13:56 - 2014-11-18 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-28 13:56 - 2014-06-12 19:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-01-28 13:56 - 2014-06-12 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2015-01-28 13:56 - 2013-08-22 09:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Help
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-28 13:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\WindowsPowerShell
2015-01-28 13:55 - 2014-11-17 10:21 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Packages
2015-01-28 13:55 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-01-28 13:51 - 2013-08-22 08:46 - 00000084 _____ () C:\WINDOWS\setuperr.log
2015-01-27 15:49 - 2014-11-17 15:49 - 00002482 _____ () C:\WINDOWS\Sandboxie.ini
2015-01-27 15:36 - 2013-08-22 09:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-27 11:33 - 2014-11-17 10:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 09:45 - 2014-11-17 13:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-27 08:37 - 2014-12-29 09:46 - 00000000 ____D () C:\Users\Pedro\AppData\Local\2DD6A56A-7A8C-4F2E-BC7E-43FEDC2B609A.aplzod
2015-01-26 15:31 - 2013-08-22 07:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-01-26 05:39 - 2014-11-27 08:51 - 00000000 ____D () C:\Program Files (x86)\Intuit
2015-01-26 05:36 - 2014-11-18 12:57 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\uTorrent
2015-01-24 14:32 - 2014-11-19 09:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-22 21:57 - 2014-06-12 19:18 - 00019044 _____ () C:\WINDOWS\system32\results.xml
2015-01-22 21:56 - 2014-06-12 19:30 - 00000000 ____D () C:\ProgramData\Dell
2015-01-22 21:55 - 2014-06-12 19:09 - 00000000 ____D () C:\ProgramData\Intel
2015-01-22 21:55 - 2014-06-12 18:58 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-22 16:58 - 2014-11-19 14:50 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Skype
2015-01-21 11:40 - 2013-08-22 09:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-21 11:38 - 2014-11-17 13:50 - 00782968 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfehidk.sys
2015-01-21 11:38 - 2014-11-17 13:50 - 00311600 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2015-01-21 11:38 - 2014-11-17 13:50 - 00180272 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeapfk.sys
2015-01-21 11:38 - 2014-11-17 13:50 - 00121896 _____ (McAfee, Inc.) C:\WINDOWS\system32\MfeOtlkAddin.dll
2015-01-21 11:38 - 2014-11-17 13:50 - 00107032 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mferkdet.sys
2015-01-21 11:38 - 2014-11-17 13:50 - 00094080 _____ (McAfee, Inc.) C:\WINDOWS\SysWOW64\MfeOtlkAddin.dll
2015-01-21 11:38 - 2014-11-17 13:50 - 00069344 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2015-01-21 11:38 - 2014-11-17 13:50 - 00025088 _____ (McAfee, Inc.) C:\WINDOWS\SysWOW64\MFEOtlk.dll
2015-01-21 11:38 - 2014-11-17 13:50 - 00011208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeclnk.sys
2015-01-21 11:38 - 2014-11-17 13:49 - 00344176 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2015-01-21 11:38 - 2014-11-17 13:49 - 00185280 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2015-01-21 11:34 - 2014-11-28 08:04 - 00000000 ____D () C:\Shared Stuff
2015-01-19 16:28 - 2014-06-14 11:39 - 04075664 _____ () C:\Users\Pedro\Downloads\world_clock_full.exe
2015-01-19 14:47 - 2014-11-19 14:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-19 14:47 - 2014-11-19 14:50 - 00000000 ____D () C:\ProgramData\Skype
2015-01-19 14:39 - 2014-11-17 12:00 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-01-17 02:24 - 2014-11-17 10:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 15:02 - 2014-11-17 10:21 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Adobe
2015-01-16 14:39 - 2014-11-17 11:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 13:10 - 2014-11-27 08:51 - 00000111 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
2015-01-16 12:43 - 2014-11-17 13:57 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-15 13:35 - 2014-11-17 12:11 - 00000000 ____D () C:\Users\Pedro\Documents\Passwords
2015-01-09 08:59 - 2014-12-15 08:07 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-01-05 19:28 - 2014-06-12 19:19 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-04 22:54 - 2014-11-18 12:32 - 00004214 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2015-01-04 22:54 - 2014-11-18 12:32 - 00003494 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2015-01-04 10:22 - 2014-11-17 11:32 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Apple Computer

==================== Files in the root of some directories =======

2015-01-23 09:38 - 2015-01-23 09:38 - 0000017 _____ () C:\Users\Pedro\AppData\Local\resmon.resmoncfg
2014-11-18 15:47 - 2014-11-18 15:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-01-28 13:50 - 2015-01-28 13:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-15 08:07 - 2014-12-15 08:08 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-06-12 19:21 - 2014-06-12 19:22 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-06-12 19:19 - 2014-06-12 19:19 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-06-12 19:20 - 2014-06-12 19:20 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-06-12 19:20 - 2014-06-12 19:21 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-06-12 19:19 - 2014-06-12 19:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 13:48

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 pparedes

pparedes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 29 January 2015 - 12:34 PM

Pasting Addition.txt directly for those that can't read attachments. Thanks,

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Pedro at 2015-01-29 10:38:19
Running from C:\Users\Pedro\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anuko World Clock (HKLM-x32\...\AnukoWorldClock) (Version: 5.8.1.4618 - Anuko)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Update (HKLM-x32\...\{C87ADBDA-EF36-4A53-B05C-DBCD98D3A2CA}) (Version: 1.4.2000.0 - Dell Inc.)
Dell Wireless Keyboard Software (HKLM-x32\...\{00A73CE4-4595-420A-8E6E-8495EE481584}) (Version: 1.1.0.0 - Dell)
DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0006 - DELL)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
DVDFab 9.1.7.1 (17/10/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EdgeRunner Multiplicity (HKLM-x32\...\Multiplicity) (Version: 3.0.1 - EdgeRunner, LLC.)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Microsoft Office Configuration Analyzer Tool 1.2 (HKLM-x32\...\{57164560-615C-4C9F-A75E-865B2A56310C}) (Version: 1.2.2 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyHarmony (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{F7C7EFEC-D7AB-4BDE-B5FA-D76231DA4E80}) (Version: 1.0.31.1053 - Qualcomm Atheros)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.4.19 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysTools OST Recovery 3.2 (HKLM-x32\...\{1ECEC1F7-EEDB-4DAA-8019-FA1EEEC347A2}_is1) (Version:  - SysTools Software)
SysTools OST Recovery version v4.1 (HKLM-x32\...\{A6FFDFF3-9913-4EBE-AF2D-CDA5B55A6779}_is1) (Version: v4.1 - SysTools Software)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-01-16 14:21 - 00005866 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com

There are 110 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02C2059E-52E6-485A-BE38-26961E5C81D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08A2292A-FD69-42F5-8A1F-47C62FB71A56} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {0DD167E1-F8EC-4875-9AED-F40F857D9EAF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WIN81_APT-Pedro Win81_Apt => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {0F63A961-F9B6-4B1E-B6DD-02BED49EF973} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {3FA8F619-F809-4CF4-87CB-FD56AD2D2F36} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMIMNJLJPMKJGMGMKMCNKJNMHMOMCNLMGMGMOMCNGMMMHMMJCNOJLMNJKJMMNMJJKJGMLMNMHMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMLMIMJMJNHICMBJKJLIMJPIJNBJCMPKKJLJNIAJPNPKOJNIKJLJKJMIJNKJCMPIPIPIPMPLAJKILIDJAJAJEJBNMJAJCJJNNICMJNDJCMKJBJJNMJCMJMFMGMGMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {5080619F-F683-4D15-A1BD-CA7713C6E3CD} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {578613F4-661F-4B1D-884B-F48987680BC0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5F4DD486-F508-46BC-BAF5-FD74811FED1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {618504ED-DB4B-4B09-949A-D59595722AFB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {6F2E82C3-8BD1-4FEE-B85E-EA4E63E600C8} - System32\Tasks\{53235ECE-D935-4045-837E-CEA5D606F8BF} => pcalua.exe -a C:\Users\Pedro\Downloads\forge-1.8-11.14.0.1281-1.8-installer-win.exe -d C:\Users\Pedro\Downloads
Task: {792E7FED-A428-4B03-B5DE-CC2EFBF3BDCA} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-01-04] (Siber Systems)
Task: {7E66A22C-94E8-45F4-96CC-FDED2AE3CB3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {95C82071-CD8B-4197-BC8B-000D5D470F58} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {978F6FCA-740D-4190-99B1-F2E67BD08FC4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {ACA77C53-2F74-45D2-9437-BDC7CB3E1339} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {AF7FE12C-AF54-4EAC-A955-4A6DB578260C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {C57F23DF-BA93-4C4F-8756-F061C8A3568F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {D75636A7-ED73-4873-AF6D-6E1FAC5AEFD3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ppp0@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {EC57B380-8F18-47C9-8D2E-71EC8AC46670} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FB892ED9-627E-4022-B5F2-A70B0F4D126C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FDB26820-DF88-4AF5-8608-D9FB0FE43AD8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-12-26 06:12 - 2013-12-26 06:12 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-28 13:50 - 2013-11-11 09:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-12 19:10 - 2013-05-17 18:12 - 00131072 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2013-08-12 20:06 - 2013-08-12 20:06 - 00198120 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 20:06 - 2013-08-12 20:06 - 00054760 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 20:06 - 2013-08-12 20:06 - 00034792 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-06-12 19:10 - 2013-01-25 23:29 - 00544768 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-15 04:48 - 2013-08-15 04:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-08-15 04:45 - 2013-08-15 04:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-08-15 04:52 - 2013-08-15 04:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-08-15 13:03 - 2013-08-15 13:03 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-06-12 19:10 - 2012-11-15 16:35 - 00411648 _____ () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-12 19:19 - 2013-03-04 21:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 01883784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-06-12 19:10 - 2012-11-15 17:07 - 00061440 _____ () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCTR.DLL
2013-12-26 06:12 - 2013-12-26 06:12 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-24 16:08 - 2014-06-24 16:08 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-01-26 17:35 - 2015-01-26 17:35 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Pedro\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Pedro\Documents\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1752789045-980292033-1344979022-500 - Administrator - Disabled)
Guest (S-1-5-21-1752789045-980292033-1344979022-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1752789045-980292033-1344979022-1005 - Limited - Enabled)
Pedro (S-1-5-21-1752789045-980292033-1344979022-1001 - Administrator - Enabled) => C:\Users\Pedro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

Error: (01/29/2015 07:41:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WIN81_APT)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/29/2015 05:38:00 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 9928 (0x26c8)

Thread address : 0x00007FFD292E1A4A

Thread message :

 Build VSCORE.15.1.0.543 / 5700.7163
 Object being scanned = \Device\HarddiskVolume22\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1
 by System
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 5003(0)(0)
 5002(0)(1)
 15002(0)(0)
 5000(0)(0)

Error: (01/29/2015 02:05:47 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3892 (0xf34)

Thread address : 0x00007FFD292E1A4A

Thread message :

 Build VSCORE.15.1.0.543 / 5700.7163
 Object being scanned = \Device\HarddiskVolume13\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1
 by System
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 5003(0)(0)
 5002(0)(1)
 15002(0)(0)
 5000(0)(0)

Error: (01/28/2015 10:32:59 PM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 4256 (0x10a0)

Thread address : 0x00007FFE21C41A4A

Thread message :

 Build VSCORE.15.1.0.543 / 5700.7163
 Object being scanned = \Device\HarddiskVolume26\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1
 by System
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 5003(0)(0)
 5002(0)(1)
 15002(0)(0)
 5000(0)(0)


System errors:
=============
Error: (01/29/2015 07:44:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:20:56 AM on ‎1/‎29/‎2015 was unexpected.

Error: (01/29/2015 02:05:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2015 11:40:24 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The McAfee McShield service did not shut down properly after receiving a preshutdown control.

Error: (01/28/2015 11:40:00 PM) (Source: DCOM) (EventID: 10010) (User: WIN81_APT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/28/2015 11:40:00 PM) (Source: DCOM) (EventID: 10010) (User: WIN81_APT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/28/2015 10:32:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2015 02:49:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The McAfee McShield service did not shut down properly after receiving a preshutdown control.

Error: (01/28/2015 02:47:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Multiplicity Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (01/28/2015 02:46:50 PM) (Source: DCOM) (EventID: 10010) (User: WIN81_APT)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/28/2015 02:46:20 PM) (Source: DCOM) (EventID: 10010) (User: WIN81_APT)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (01/29/2015 07:41:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WIN81_APT)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142

Error: (01/29/2015 05:38:00 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900009928 (0x26c8)0x00007FFD292E1A4A
 Build VSCORE.15.1.0.543 / 5700.7163
 Object being scanned = \Device\HarddiskVolume22\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1
 by System
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 5003(0)(0)
 5002(0)(1)
 15002(0)(0)
 5000(0)(0)

Error: (01/29/2015 02:05:47 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003892 (0xf34)0x00007FFD292E1A4A
 Build VSCORE.15.1.0.543 / 5700.7163
 Object being scanned = \Device\HarddiskVolume13\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1
 by System
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 5003(0)(0)
 5002(0)(1)
 15002(0)(0)
 5000(0)(0)

Error: (01/28/2015 10:32:59 PM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900004256 (0x10a0)0x00007FFE21C41A4A
 Build VSCORE.15.1.0.543 / 5700.7163
 Object being scanned = \Device\HarddiskVolume26\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.1
 by System
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 5003(0)(0)
 5002(0)(1)
 15002(0)(0)
 5000(0)(0)


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770S CPU @ 3.10GHz
Percentage of memory in use: 31%
Total physical RAM: 8117.96 MB
Available physical RAM: 5588.3 MB
Total Pagefile: 9397.96 MB
Available Pagefile: 6473.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1853.08 GB) (Free:1296.82 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:1863.02 GB) (Free:1297.93 GB) NTFS
Drive f: (RECOVERY) (Removable) (Total:14.58 GB) (Free:7.08 GB) FAT32
Drive g: (IR3_CPRA_X64FREV_EN-US_DV9) (CDROM) (Total:4.94 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: EFA7E497)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 1AA46B43)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:56 AM

Posted 30 January 2015 - 07:37 PM

Greetings pparedes and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately there is evidence of Pirated software on your computer. I am going to ask you to remove it before we continue on. If you are willing to do so let me know when that has been accomplished.

Edited by Oh My!, 30 January 2015 - 07:38 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 pparedes

pparedes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 30 January 2015 - 07:39 PM

Thanks Gary, you can call me Pedro.  Happy for you to point me into what software needs to be deleted or removed.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:56 AM

Posted 30 January 2015 - 08:39 PM

Hi Pedro,

Any Adobe product for which you do not have a License Key.
 

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 pparedes

pparedes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 30 January 2015 - 09:09 PM

OK uninstalled all three.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:56 AM

Posted 30 January 2015 - 09:35 PM

Thank you, let's start with this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> {7B67A3B6-A2A4-4519-BCEE-958278BB203A} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
Toolbar: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
U3 mfeavfk01; No ImagePath
2015-01-28 23:59 - 2015-01-28 23:59 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll
Task: {978F6FCA-740D-4190-99B1-F2E67BD08FC4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Folder: C:\Users\Pedro\AppData\Roaming\3914
Hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 pparedes

pparedes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 30 January 2015 - 09:45 PM

Thanks Gary for the information, had no idea. Here is fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Pedro at 2015-01-30 20:42:05 Run:2
Running from C:\Users\Pedro\Downloads
Loaded Profiles: Pedro (Available profiles: Pedro)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> {7B67A3B6-A2A4-4519-BCEE-958278BB203A} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
Toolbar: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
U3 mfeavfk01; No ImagePath
2015-01-28 23:59 - 2015-01-28 23:59 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll
Task: {978F6FCA-740D-4190-99B1-F2E67BD08FC4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Folder: C:\Users\Pedro\AppData\Roaming\3914
Hosts:
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1752789045-980292033-1344979022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B67A3B6-A2A4-4519-BCEE-958278BB203A}" => Key deleted successfully.
HKCR\CLSID\{7B67A3B6-A2A4-4519-BCEE-958278BB203A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}" => Key deleted successfully.
HKCR\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a} => Key not found.
HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => Key not found.
mfeavfk01 => Service deleted successfully.
C:\WINDOWS\System32\Tasks\AutoKMS => Moved successfully.
C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{978F6FCA-740D-4190-99B1-F2E67BD08FC4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{978F6FCA-740D-4190-99B1-F2E67BD08FC4}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.

========================= Folder: C:\Users\Pedro\AppData\Roaming\3914 ========================


====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog 20:42:06 ====

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:56 AM

Posted 30 January 2015 - 10:06 PM

If we uninstalled McAfee do you have the ability to reinstall it, i.e. Product Key?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 pparedes

pparedes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 30 January 2015 - 10:20 PM

yes



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:56 AM

Posted 30 January 2015 - 10:26 PM

OK, it appears your problems are related to a McAfee file. Please uninstall McAfee then Enable Windows Defender. Monitor for freezes.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 pparedes

pparedes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 30 January 2015 - 10:34 PM

OK uninstalled it and uninstalled McAfee Agent that didn't uninstall once I removed the VirusScan. Enabled windows defender. Let's give it a day? Won't install any updates and monitor the event log, is that what you meant? Thanks again Gary,



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:56 AM

Posted 30 January 2015 - 11:05 PM

What we are looking for is whether or not it freezes. This step is to determine one way or the other whether McAfee is the issue. I think it is probably the Virus Scan but I wanted to remove all of it.

 

Time will tell. I will be wrapping it up soon so we will likely touch base tomorrow. Thanks for your work.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 pparedes

pparedes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 31 January 2015 - 12:22 PM

Hi Gary, this morning there were no freezes or new errors on the log. I might just switch to Avast if it's the VirusScan. Let me know if there is anything else you'd like me to check but it's running much better (since no freeze, obviously).



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:56 AM

Posted 31 January 2015 - 03:33 PM

Hi Pedro,

Sure seems like we found the issue. You can either reinstall McAfee and see how it works or switch to Avast. Since Windows Defender is active let's hold off on installing a new antivirus until we finish some other steps.

Please do this.

===================================================

9-Lab Removal Tool

--------------------
  • Download 9-Lab Removal Tool for either 64 bit or 32 bit computers and save it to your Desktop
  • Double click the rmtool-setup icon
  • Click Next, I Agree, then Install
  • Click Finish to automatically lauch the program
  • Click Settings, then place a check mark in Open log file immediately after saving
  • Click Scanner, then Full scan
  • When completed click Show Results
  • Click Clean
  • Close the window without clicking Save Log (it has already been saved)
  • Copy and paste the contents of the 9lab log in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • 9lab log
  • Security Check log
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users