TechSpot

Malicious download by son creates multiple errors in EventLog

By PParedes
May 19, 2015
  1. My son downloaded several applications and installed them with cracks and whatnot. I thought I've deleted most of the files however, I could not delete the utorrent app as it's not on my app list. I notice many errors in my Windows Log, SFC /SCANNOW doesn't complete without error and I think the computer rebooted without prompting recently.

    Attached are the FRST logs, and the ADDITION.txt file outputs across the next few posts. Thanks for any help you can provide.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
    Ran by Pedro (administrator) on WIN81_APT on 19-05-2015 00:04:26
    Running from C:\Users\Pedro\Downloads\Malware
    Loaded Profiles: Pedro (Available profiles: Pedro)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Anuko International Ltd.) C:\Program Files (x86)\Anuko\World Clock\timesync.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
    (Anuko International Ltd.) C:\Program Files (x86)\Anuko\World Clock\world_clock.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunes.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (I-Funbox.com) C:\Program Files (x86)\I-Funbox DevTeam\iFunBox_x64.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
    (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBW32.EXE
    () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
    (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
    (Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\sfc.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
    () C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    () C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
    () C:\Users\Pedro\Downloads\Malware\RogueKillerX64.exe
    (Google Inc.) C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-21] (Logitech, Inc.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [CDEjectCtr] => C:\Program Files (x86)\Dell\Dell Wireless Keyboard Software\CDCtr.exe [411648 2012-11-15] ()
    HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [67616 2015-02-13] (Prosoftnet)
    HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1973280 2015-02-13] (Prosoftnet)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-29] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-04-27] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] (Qualcomm®Atheros®)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-17] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [AnukoWorldClock] => C:\Program Files (x86)\Anuko\World Clock\world_clock.exe [797336 2015-04-22] (Anuko International Ltd.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [Google Update] => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-03-15] (Google Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-10] (Siber Systems)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\I-Funbox DevTeam\iFunBox_x64.exe [2742272 2015-04-25] (I-Funbox.com)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
    AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-12-26] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-12-26] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-05-01]
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-12]
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-06-12]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{99D8B059-63AA-415B-A8F3-48A4F6E3D867}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-05-01]
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2015-05-01]
    ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-05-01]
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBW32.EXE (Intuit Inc.)
    ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U270&ocid=U270DHP
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> {7B67A3B6-A2A4-4519-BCEE-958278BB203A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-10] (Siber Systems Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-08-15] (Qualcomm®Atheros®)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-10] (Siber Systems Inc.)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-10] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-10] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-10] (Siber Systems Inc.)
    Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\HelpAsyncPluggableProtocol.dll [2015-04-28] (Intuit, Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-06-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-06-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1752789045-980292033-1344979022-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1752789045-980292033-1344979022-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1752789045-980292033-1344979022-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pedro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Pedro\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-20] (Cisco WebEx LLC)
    FF Extension: iCloud Bookmarks - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\firefoxdav@icloud.com [2015-05-01]
    FF Extension: MEGA - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\firefox@mega.co.nz.xpi [2015-05-15]
    FF Extension: Download Status Bar - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-01-28]
    FF Extension: Adblock Plus - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-28]
    FF Extension: Tab Mix Plus - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-29]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-11-18]
    FF HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AnukoTime; C:\Program Files (x86)\Anuko\World Clock\timesync.exe [222872 2015-04-21] (Anuko International Ltd.)
    S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-05-14] ()
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows (R) Win 7 DDK provider) [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [131072 2013-05-17] () [File not signed]
    S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
    S3 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [100384 2015-02-13] (Prosoftnet)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-06-24] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-04-28] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-04-27] (Intuit Inc.) [File not signed]
    R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-04-27] (Intuit Inc.) [File not signed]
    R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-15] (Qualcomm Atheros) [File not signed]
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-17] (Sandboxie Holdings, LLC)
    S3 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-06] (Dell Inc.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
    R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-26] (Qualcomm Atheros, Inc.)
    S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-29] (Emsisoft GmbH)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation)
    S3 MUTENX_SERVICE; C:\Windows\System32\DRIVERS\mutenx.sys [77856 2014-07-14] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-17] (Sandboxie Holdings, LLC)
    S3 stdpms; C:\Windows\System32\drivers\stdpms.sys [28904 2014-10-22] (Splashtop Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-19] ()
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
     
  2. PParedes

    PParedes TS Rookie Topic Starter

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-18 23:51 - 2015-05-18 23:51 - 00000000 ____D () C:\Rooter$
    2015-05-18 23:40 - 2015-05-18 23:40 - 00000000 ___RD () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-05-18 23:18 - 2015-05-19 00:04 - 00000000 ____D () C:\FRST
    2015-05-18 22:10 - 2015-05-18 22:10 - 00000000 ____D () C:\Program Files (x86)\ZHPFix
    2015-05-18 22:08 - 2015-05-18 22:08 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
    2015-05-18 21:57 - 2015-05-18 22:07 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\ZHP
    2015-05-18 21:44 - 2015-05-18 23:40 - 00000744 _____ () C:\WINDOWS\setupact.log
    2015-05-18 21:44 - 2015-05-18 21:46 - 00002978 _____ () C:\WINDOWS\PFRO.log
    2015-05-18 21:44 - 2015-05-18 21:45 - 01406472 _____ () C:\WINDOWS\Minidump\051815-13062-01.dmp
    2015-05-18 21:44 - 2015-05-18 21:44 - 1239175502 _____ () C:\WINDOWS\MEMORY.DMP
    2015-05-18 21:44 - 2015-05-18 21:44 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-05-18 21:44 - 2015-05-18 21:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-05-18 21:16 - 2015-05-18 23:45 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1752789045-980292033-1344979022-1001
    2015-05-18 12:56 - 2015-05-18 12:56 - 89983160 _____ (Plex, Inc.) C:\Users\Pedro\Downloads\Plex-Media-Server-0.9.1201.1079-b655370-en-US.exe
    2015-05-18 11:14 - 2015-05-18 11:14 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\qwegiysj.sys
    2015-05-18 11:14 - 2015-05-18 11:14 - 00000192 _____ () C:\WINDOWS\system\bmkffswj
    2015-05-17 21:58 - 2015-05-18 21:57 - 00000000 ____D () C:\AdwCleaner
    2015-05-17 21:57 - 2015-05-17 21:57 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-WIN81_APT-Windows-8.1-Pro-(64-bit).dat
    2015-05-17 21:56 - 2015-05-17 21:56 - 00000000 ____D () C:\RegBackup
    2015-05-16 05:01 - 2015-05-18 21:11 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
    2015-05-16 04:58 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
    2015-05-16 04:57 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
    2015-05-16 04:57 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
    2015-05-16 04:57 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
    2015-05-16 04:57 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
    2015-05-16 04:57 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
    2015-05-16 04:57 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
    2015-05-16 04:57 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
    2015-05-16 04:57 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
    2015-05-16 04:57 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
    2015-05-16 04:57 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
    2015-05-16 04:57 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
    2015-05-16 04:57 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
    2015-05-16 04:57 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
    2015-05-16 04:57 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
    2015-05-16 04:57 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
    2015-05-16 04:57 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
    2015-05-16 04:57 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
    2015-05-16 04:57 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
    2015-05-16 04:57 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
    2015-05-16 04:57 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
    2015-05-16 04:57 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
    2015-05-16 04:57 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
    2015-05-16 04:57 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
    2015-05-16 04:57 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
    2015-05-16 04:57 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
    2015-05-16 04:57 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
    2015-05-16 04:57 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
    2015-05-16 04:57 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
    2015-05-16 04:57 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
    2015-05-16 04:57 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
    2015-05-16 04:57 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
    2015-05-16 04:57 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
    2015-05-16 04:57 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
    2015-05-16 04:57 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
    2015-05-16 04:57 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
    2015-05-16 04:57 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
    2015-05-16 04:57 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
    2015-05-16 04:57 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
    2015-05-16 04:57 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
    2015-05-16 04:57 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
    2015-05-16 04:57 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
    2015-05-16 04:57 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
    2015-05-16 04:57 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
    2015-05-16 04:57 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
    2015-05-16 04:57 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
    2015-05-16 04:57 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
    2015-05-16 04:57 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
    2015-05-16 04:57 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
    2015-05-16 04:57 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
    2015-05-16 04:57 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
    2015-05-16 04:57 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
    2015-05-16 04:57 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
    2015-05-16 04:57 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
    2015-05-16 04:57 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
    2015-05-16 04:57 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
    2015-05-16 04:57 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
    2015-05-16 04:57 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
    2015-05-16 04:57 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
    2015-05-16 04:57 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
    2015-05-16 04:57 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
    2015-05-16 04:57 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
    2015-05-16 04:57 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
    2015-05-16 04:57 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
    2015-05-16 04:57 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
    2015-05-16 04:57 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
    2015-05-16 04:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
    2015-05-16 04:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
    2015-05-16 04:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
    2015-05-16 04:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
    2015-05-16 04:57 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
    2015-05-16 04:57 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
    2015-05-16 04:57 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
    2015-05-16 04:57 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
    2015-05-16 04:55 - 2015-05-16 04:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
     
  3. PParedes

    PParedes TS Rookie Topic Starter

    2015-05-15 22:20 - 2015-05-15 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-15 22:03 - 2015-05-15 22:03 - 00002053 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2015-05-15 22:01 - 2015-05-15 22:01 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-05-14 22:22 - 2015-05-14 22:22 - 50037296 _____ () C:\Users\Pedro\Downloads\TaiGJBreak_EN_1201.zip
    2015-05-14 22:05 - 2015-05-14 22:05 - 00002459 _____ () C:\Users\Public\Desktop\Bitvise SSH Client.lnk
    2015-05-14 22:05 - 2015-05-14 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitvise SSH Client
    2015-05-14 22:05 - 2015-05-14 22:05 - 00000000 ____D () C:\Program Files (x86)\Bitvise SSH Client
    2015-05-14 21:43 - 2015-05-14 21:52 - 00000000 ____D () C:\Program Files (x86)\I-Funbox DevTeam
    2015-05-14 21:01 - 2015-05-14 21:03 - 1420308943 _____ () C:\Users\Pedro\Downloads\iPad2,2_8.1.2_12B440_Restore.ipsw
    2015-05-14 20:17 - 2015-05-14 20:17 - 00000000 ____D () C:\Users\Pedro\Documents\Expression
    2015-05-14 20:16 - 2015-05-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
    2015-05-14 20:16 - 2015-05-14 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression
    2015-05-14 14:28 - 2015-05-14 14:41 - 52266712 _____ (悠然天地科技有限公司) C:\Users\Pedro\Downloads\iTunesDriver64_0205.exe
    2015-05-13 10:02 - 2015-04-24 16:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
    2015-05-13 10:02 - 2015-03-04 18:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2015-05-13 03:44 - 2015-04-30 15:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 03:44 - 2015-04-30 15:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-12 13:30 - 2015-01-29 19:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2015-05-12 13:29 - 2015-04-30 18:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-05-12 13:29 - 2015-04-30 17:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-05-12 13:29 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-05-12 13:29 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-05-12 13:29 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-05-12 13:29 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-05-12 13:29 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-05-12 13:29 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-05-12 13:29 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-05-12 13:29 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-05-12 13:29 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2015-05-12 13:29 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-05-12 13:29 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-05-12 13:29 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-05-12 13:29 - 2015-04-21 11:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-05-12 13:29 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-05-12 13:29 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-05-12 13:29 - 2015-04-21 10:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-05-12 13:29 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-05-12 13:29 - 2015-04-21 10:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-05-12 13:29 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-05-12 13:29 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-05-12 13:29 - 2015-04-21 10:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-05-12 13:29 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-05-12 13:29 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-05-12 13:29 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-05-12 13:29 - 2015-04-21 10:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-05-12 13:29 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-05-12 13:29 - 2015-04-21 10:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-05-12 13:29 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-05-12 13:29 - 2015-04-21 10:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-05-12 13:29 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-05-12 13:29 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-05-12 13:29 - 2015-04-21 10:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-05-12 13:29 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-05-12 13:29 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-05-12 13:29 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-05-12 13:29 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-05-12 13:29 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-05-12 13:29 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-05-12 13:29 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-05-12 13:29 - 2015-04-13 17:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-05-12 13:29 - 2015-04-09 20:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-05-12 13:29 - 2015-04-09 19:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-05-12 13:29 - 2015-04-09 19:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2015-05-12 13:29 - 2015-04-09 19:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-05-12 13:29 - 2015-04-09 19:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2015-05-12 13:29 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-05-12 13:29 - 2015-04-02 19:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
    2015-05-12 13:29 - 2015-04-02 19:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
    2015-05-12 13:29 - 2015-04-01 17:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2015-05-12 13:29 - 2015-04-01 17:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2015-05-12 13:29 - 2015-03-31 22:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
    2015-05-12 13:29 - 2015-03-31 21:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
    2015-05-12 13:29 - 2015-03-30 00:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-05-12 13:29 - 2015-03-26 22:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-05-12 13:29 - 2015-03-26 21:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-05-12 13:29 - 2015-03-26 21:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-05-12 13:29 - 2015-03-19 20:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-05-12 13:29 - 2015-03-17 12:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-05-12 13:29 - 2015-03-12 23:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-05-12 13:29 - 2015-03-12 23:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2015-05-12 13:29 - 2015-03-12 21:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2015-05-12 13:29 - 2015-03-12 20:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-05-12 13:29 - 2015-03-12 19:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2015-05-12 13:29 - 2015-03-12 19:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2015-05-12 13:29 - 2015-03-10 20:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
    2015-05-12 13:29 - 2015-03-10 20:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
    2015-05-12 13:29 - 2015-03-08 21:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2015-05-12 13:29 - 2015-03-05 22:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
    2015-05-12 13:29 - 2015-03-05 21:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2015-05-12 13:29 - 2015-03-05 21:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
    2015-05-12 13:29 - 2015-03-03 20:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2015-05-12 13:29 - 2015-03-03 20:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2015-05-12 13:29 - 2015-02-17 18:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2015-05-12 13:29 - 2014-10-28 21:45 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
    2015-05-12 13:29 - 2014-10-28 21:44 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
    2015-05-12 13:29 - 2014-10-28 21:42 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jnwmon.dll
    2015-05-12 13:29 - 2014-10-28 21:00 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
    2015-05-12 13:29 - 2014-10-28 21:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
    2015-05-12 13:29 - 2014-10-28 20:58 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShextAutoplay.exe
    2015-05-12 13:29 - 2014-10-28 20:57 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
    2015-05-12 13:29 - 2014-10-28 20:54 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
    2015-05-12 13:29 - 2014-10-28 20:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe
    2015-05-12 13:29 - 2014-10-28 20:22 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
    2015-05-12 13:29 - 2014-10-28 20:19 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
    2015-05-12 13:29 - 2014-10-28 19:59 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
    2015-05-04 22:48 - 2015-05-04 22:48 - 64471040 _____ () C:\Users\Pedro\Downloads\calibre-2.27.0.msi
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2015-05-02 08:41 - 2015-05-02 08:41 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2015-05-01 22:57 - 2015-05-01 22:58 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Intel_Corporation
    2015-05-01 22:43 - 2014-07-14 10:37 - 00077856 _____ () C:\WINDOWS\system32\Drivers\mutenx.sys
    2015-05-01 22:42 - 2015-05-01 23:11 - 00000000 ____D () C:\Program Files\ASTER-V7
    2015-05-01 22:02 - 2015-05-01 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-05-01 10:40 - 2015-05-01 10:40 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\SQL Anywhere 16
    2015-05-01 09:37 - 2015-05-01 09:37 - 00002320 _____ () C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions 16.0.lnk
    2015-05-01 09:37 - 2015-05-01 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
    2015-05-01 09:32 - 2015-05-01 09:32 - 00000000 ____D () C:\ProgramData\Nuance
    2015-04-27 23:44 - 2015-04-27 23:44 - 01694992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBA6.DLL
    2015-04-27 23:44 - 2015-04-27 23:44 - 00925328 _____ (Adroit Technologies) C:\WINDOWS\SysWOW64\SmartTabs28.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00741008 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\SPR32D30.DLL
    2015-04-27 23:44 - 2015-04-27 23:44 - 00667280 _____ () C:\WINDOWS\SysWOW64\tx12.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00638608 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Gsprop32.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00636032 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Graphs32.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00620064 _____ (Teebo Software Solutions) C:\WINDOWS\SysWOW64\tssOfficeMenu1c.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00519824 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_pdf.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00482960 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_doc.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00423016 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Gsw32.exe
    2015-04-27 23:44 - 2015-04-27 23:44 - 00364176 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_rtf.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00355984 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx4ole12.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00343696 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_obj.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00306832 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_xml.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00261776 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_css.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00242816 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Gswag32.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00229008 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_htm.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00217088 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_png.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00172032 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_jpg.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00152688 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\gswdll32.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00130704 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_tls.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00110224 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_ic.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00061440 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_tif.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00056976 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_wnd.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00049152 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_gif.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00049152 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_bmp.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00033280 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_wmf.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00000530 _____ () C:\WINDOWS\SysWOW64\tx12_ic.ini
    2015-04-20 14:08 - 2015-04-20 14:08 - 00000000 ____D () C:\Users\Pedro\Documents\Bluetooth Folder
    2015-04-20 14:05 - 2015-05-01 22:27 - 00000000 ____D () C:\ProgramData\ThinSoft
    2015-04-20 14:05 - 2015-04-20 14:05 - 00000264 _____ () C:\WINDOWS\SysWOW64\winsusrm.dll
    2015-04-20 14:05 - 2015-04-20 14:05 - 00000120 _____ () C:\WINDOWS\SysWOW64\winsusrx.dll
    2015-04-20 09:59 - 2015-04-22 15:43 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\webex
    2015-04-20 09:59 - 2015-04-20 09:59 - 00000000 ____D () C:\Users\Pedro\AppData\Local\WebEx
    2015-04-20 09:59 - 2015-04-20 09:59 - 00000000 ____D () C:\ProgramData\WebEx
    2015-04-19 17:01 - 2015-04-19 17:01 - 00002039 _____ () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
    2015-04-19 17:01 - 2015-04-19 17:01 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\OpenDNS Updater
    2015-04-19 17:01 - 2015-04-19 17:01 - 00000000 ____D () C:\Program Files (x86)\OpenDNS Updater

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-19 00:04 - 2015-03-15 22:54 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA.job
    2015-05-19 00:04 - 2015-02-01 15:15 - 00000000 ____D () C:\Users\Pedro\Downloads\Malware
    2015-05-19 00:03 - 2015-01-28 09:23 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-05-19 00:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-05-18 23:51 - 2015-02-06 16:13 - 02067858 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-18 23:46 - 2015-01-29 01:01 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FB4D041-904B-48F6-8A0A-06B69850AA39}
    2015-05-18 23:46 - 2014-03-18 05:02 - 00869412 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-18 23:42 - 2015-01-22 22:59 - 00006468 _____ () C:\WINDOWS\SysWOW64\Gms.log
    2015-05-18 23:41 - 2015-02-25 09:55 - 00000000 ____D () C:\ProgramData\IDrive
    2015-05-18 23:41 - 2014-11-17 11:23 - 00000000 ___DO () C:\Users\Pedro\OneDrive
    2015-05-18 23:40 - 2015-04-18 12:13 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-05-18 23:40 - 2015-01-02 11:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-18 23:40 - 2014-12-29 10:47 - 00000000 ___RD () C:\Users\Pedro\iCloudDrive
    2015-05-18 23:40 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-18 23:17 - 2014-11-17 13:08 - 00000000 ____D () C:\Users\Pedro\Documents\Office 2010
    2015-05-18 21:58 - 2015-02-06 16:18 - 00000000 ____D () C:\Users\Pedro
    2015-05-18 21:58 - 2015-02-02 02:21 - 01835520 _____ () C:\Users\Pedro\ZHPCleaner.exe
    2015-05-18 21:45 - 2015-02-11 15:30 - 00360960 ___SH () C:\Users\Pedro\Desktop\Thumbs.db
    2015-05-18 21:45 - 2014-11-17 16:49 - 00002660 _____ () C:\WINDOWS\Sandboxie.ini
    2015-05-18 21:45 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-05-18 21:17 - 2014-11-18 13:57 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\uTorrent
    2015-05-18 21:14 - 2015-02-06 18:11 - 00000000 ___DC () C:\WINDOWS\Panther
    2015-05-18 21:14 - 2014-11-18 14:05 - 00000000 ____D () C:\Users\Pedro\AppData\Local\CrashDumps
    2015-05-18 21:11 - 2015-01-18 08:06 - 00000000 ____D () C:\ProgramData\Origin
    2015-05-18 21:10 - 2014-11-17 12:24 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-05-18 21:08 - 2014-11-19 15:50 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Skype
    2015-05-18 21:08 - 2014-11-17 13:08 - 00000000 ____D () C:\Users\Pedro\Documents\Outlook Files
    2015-05-18 21:08 - 2014-11-17 11:21 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Packages
    2015-05-18 20:32 - 2014-11-19 10:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-18 20:04 - 2015-03-15 22:54 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core.job
    2015-05-18 20:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-05-18 16:14 - 2015-02-05 06:53 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
    2015-05-18 12:55 - 2014-11-17 13:52 - 00000000 ____D () C:\Media
    2015-05-18 11:15 - 2015-01-28 09:23 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-05-18 11:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
    2015-05-18 09:34 - 2014-12-29 10:46 - 00000000 ____D () C:\Users\Pedro\AppData\Local\2DD6A56A-7A8C-4F2E-BC7E-43FEDC2B609A.aplzod
    2015-05-18 09:23 - 2015-01-28 09:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-05-17 16:25 - 2015-01-01 14:52 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.minecraft
    2015-05-17 16:08 - 2014-11-17 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-17 08:10 - 2014-11-17 12:54 - 00000000 ____D () C:\Users\Pedro\Documents\Cooking
    2015-05-16 05:30 - 2015-01-18 08:27 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Origin
    2015-05-16 04:55 - 2015-01-16 13:45 - 00000000 ____D () C:\temp
    2015-05-15 22:03 - 2015-03-11 21:46 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2015-05-15 22:03 - 2015-03-11 21:46 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2015-05-15 22:03 - 2015-03-11 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
    2015-05-15 21:50 - 2014-11-18 13:57 - 00000000 ____D () C:\Program Files (x86)\uTorrent
    2015-05-15 19:59 - 2015-03-15 22:54 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA
    2015-05-15 19:59 - 2015-03-15 22:54 - 00003494 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core
    2015-05-15 07:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-05-14 21:43 - 2015-01-04 11:28 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\iFunbox_UserCache
    2015-05-14 20:10 - 2013-08-22 09:44 - 00508376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-14 20:09 - 2014-11-25 03:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-14 20:09 - 2014-11-25 03:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-14 20:08 - 2014-03-18 04:43 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-14 20:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2015-05-14 20:08 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
    2015-05-14 14:53 - 2014-11-17 12:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-05-14 14:14 - 2014-11-17 13:00 - 00000000 ____D () C:\Program Files (x86)\Quicken
    2015-05-14 11:44 - 2015-02-12 12:27 - 00000426 _____ () C:\WINDOWS\Tasks\Dell SupportAssistAgent AutoUpdate.job
    2015-05-13 11:27 - 2013-08-22 10:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-05-13 03:47 - 2014-11-22 19:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-05-13 03:47 - 2014-11-17 14:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-13 03:43 - 2014-11-17 11:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-05-13 03:42 - 2014-11-17 11:40 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-13 03:41 - 2013-08-22 08:25 - 00000254 _____ () C:\WINDOWS\win.ini
    2015-05-13 03:34 - 2014-11-25 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-11 12:49 - 2014-11-17 12:49 - 00000000 ____D () C:\Users\Pedro\Documents\Books
    2015-05-10 20:09 - 2014-11-18 13:32 - 00004218 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm
    2015-05-10 20:09 - 2014-11-18 13:32 - 00003494 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
    2015-05-10 20:08 - 2014-11-18 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
    2015-05-10 20:08 - 2014-11-17 13:11 - 00000000 ____D () C:\Users\Pedro\Documents\Passwords
    2015-05-05 12:59 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-05-05 12:59 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-05-04 22:49 - 2014-11-23 12:52 - 00000979 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
    2015-05-04 22:49 - 2014-11-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    2015-05-04 22:49 - 2014-11-23 12:52 - 00000000 ____D () C:\Program Files (x86)\Calibre2
    2015-05-04 16:07 - 2015-01-30 21:07 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
    2015-05-03 09:07 - 2015-02-13 12:26 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Deployment
    2015-05-02 20:41 - 2015-02-13 07:38 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.voidswrath
    2015-05-02 20:41 - 2015-02-12 17:51 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\VoidLauncher
    2015-05-02 20:41 - 2015-02-12 17:51 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.VoidLauncher
    2015-05-02 20:40 - 2015-02-20 16:47 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.crazycraft2
    2015-05-02 15:30 - 2014-11-19 15:50 - 00000000 ____D () C:\ProgramData\Skype
    2015-05-02 03:20 - 2015-03-06 21:03 - 04697768 _____ () C:\Users\Pedro\Desktop\TechnicLauncher.exe
    2015-05-02 03:20 - 2015-03-06 21:03 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.technic
    2015-05-01 23:05 - 2015-02-06 16:13 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
    2015-05-01 23:05 - 2015-02-06 16:13 - 00000000 ____D () C:\WINDOWS\system32\NV
    2015-05-01 23:05 - 2015-02-06 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-05-01 10:40 - 2014-11-27 10:11 - 00000000 ____D () C:\WINDOWS\Intuit
    2015-05-01 10:40 - 2014-11-18 09:17 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Intuit
    2015-05-01 09:37 - 2014-11-27 09:51 - 00000116 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
    2015-05-01 09:34 - 2014-11-27 09:51 - 00000000 ____D () C:\Program Files (x86)\Intuit
    2015-05-01 09:32 - 2014-11-17 12:59 - 00000000 ____D () C:\ProgramData\Intuit
    2015-05-01 09:31 - 2014-11-27 09:52 - 00000000 ____D () C:\Users\Public\Documents\Intuit
    2015-04-30 11:26 - 2014-11-17 13:12 - 00000000 ____D () C:\Users\Pedro\Documents\Work
    2015-04-29 13:09 - 2014-11-17 12:59 - 00000000 ____D () C:\Users\Pedro\Documents\Medical
    2015-04-29 12:53 - 2014-11-25 10:39 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\CDTPL
    2015-04-29 12:36 - 2014-11-25 10:39 - 00000000 ____D () C:\Program Files (x86)\SysTools OST Recovery
    2015-04-22 08:20 - 2014-11-17 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anuko World Clock
    2015-04-21 09:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Resources
    2015-04-20 14:14 - 2015-03-31 09:37 - 00000000 ____D () C:\Program Files (x86)\VirtuaWin
    2015-04-20 13:58 - 2014-11-17 16:49 - 00001021 _____ () C:\Users\Pedro\Desktop\Sandboxed Web Browser.lnk
    2015-04-20 09:59 - 2014-11-17 11:43 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Mozilla
    2015-04-19 17:09 - 2014-11-17 12:54 - 00000000 ____D () C:\Users\Pedro\Documents\Gaby
    2015-04-19 08:05 - 2015-01-02 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-19 08:05 - 2015-01-02 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    ==================== Files in the root of some directories =======

    2015-02-05 05:49 - 2015-02-05 05:49 - 0773632 _____ (Robert Simpson, et al.) C:\Users\Pedro\AppData\Roaming\System.Data.SQLite.dll
    2015-01-23 10:38 - 2015-01-23 10:38 - 0000017 _____ () C:\Users\Pedro\AppData\Local\resmon.resmoncfg
    2014-11-18 16:47 - 2014-11-18 16:47 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-02-06 16:14 - 2015-02-06 16:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-12-15 09:07 - 2015-02-20 14:56 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2014-06-12 20:21 - 2014-06-12 20:22 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2014-06-12 20:19 - 2014-06-12 20:19 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2014-06-12 20:20 - 2014-06-12 20:20 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2014-06-12 20:20 - 2014-06-12 20:21 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2014-06-12 20:19 - 2014-06-12 20:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Files to move or delete:
    ====================
    C:\Users\Pedro\ZHPCleaner.exe


    Some content of TEMP:
    ====================
    C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Pedro\AppData\Local\Temp\Quarantine.exe
    C:\Users\Pedro\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-10 04:35

    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
    Ran by Pedro at 2015-05-19 00:05:09
    Running from C:\Users\Pedro\Downloads\Malware
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1752789045-980292033-1344979022-500 - Administrator - Disabled)
    Guest (S-1-5-21-1752789045-980292033-1344979022-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1752789045-980292033-1344979022-1007 - Limited - Enabled)
    Pedro (S-1-5-21-1752789045-980292033-1344979022-1001 - Administrator - Enabled) => C:\Users\Pedro

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
    Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Anuko World Clock (HKLM-x32\...\AnukoWorldClock) (Version: 5.8.1.4635 - Anuko)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
    Bitvise SSH Client 6.31 (remove only) (HKLM-x32\...\BvSshClient) (Version: - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    calibre (HKLM-x32\...\{8FC4CEFE-8F15-4E22-986F-87EAF0C69A00}) (Version: 2.27.0 - Kovid Goyal)
    CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
    Cisco WebEx Meetings (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
    Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.0.55844 - Dell)
    Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
    Dell Wireless Keyboard Software (HKLM-x32\...\{00A73CE4-4595-420A-8E6E-8495EE481584}) (Version: 1.1.0.0 - Dell)
    DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0006 - DELL)
    DVDFab 9.1.6.8 (13/09/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
    HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
    Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
    Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Configuration Analyzer Tool 1.2 (HKLM-x32\...\{57164560-615C-4C9F-A75E-865B2A56310C}) (Version: 1.2.2 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
    Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    Music Manager (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\MusicManager) (Version: - Google, Inc.)
    MyHarmony (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
    OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden
    Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
    Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Network Manager (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Performance Suite (HKLM-x32\...\{F7C7EFEC-D7AB-4BDE-B5FA-D76231DA4E80}) (Version: 1.0.31.1053 - Qualcomm Atheros)
    QuickBooks (x32 Version: 26.0.2003.2607 - Intuit Inc.) Hidden
    QuickBooks Enterprise Solutions 16.0 (HKLM-x32\...\{2C50460D-1179-4819-A531-880469859DF0}) (Version: 26.0.2003.2607 - Intuit Inc.)
    QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
    Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.7.4 - Intuit)
    Quicken 2016 Alpha2 (HKLM-x32\...\{A19262DC-1163-4871-9411-0113B4C5E508}) (Version: 25.0.2.4 - Intuit)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
    RoboForm 7-9-13-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
    Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    SysTools OST Recovery 3.2 (HKLM-x32\...\{1ECEC1F7-EEDB-4DAA-8019-FA1EEEC347A2}_is1) (Version: - SysTools Software)
    SysTools OST Recovery version v4.1 (HKLM-x32\...\{A6FFDFF3-9913-4EBE-AF2D-CDA5B55A6779}_is1) (Version: v4.1 - SysTools Software)
    The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Unity Web Player (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
    Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1405.1 - Microsoft Corporation) Hidden
    Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1752789045-980292033-1344979022-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1752789045-980292033-1344979022-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    01-05-2015 09:30:26 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    04-05-2015 16:06:43 Removed Sling
    12-05-2015 05:02:07 Scheduled Checkpoint
    16-05-2015 04:56:31 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    16-05-2015 04:56:53 Installed DirectX
    18-05-2015 21:07:29 Installed ASUS Ai Charger

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-01-30 21:42 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
  4. PParedes

    PParedes TS Rookie Topic Starter

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02C2059E-52E6-485A-BE38-26961E5C81D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {0F63A961-F9B6-4B1E-B6DD-02BED49EF973} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {142D564A-27A8-4D17-8B2C-DF7F2D800009} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-05-10] (Siber Systems)
    Task: {24E1EDCB-8D1F-4030-AFCA-1BDC00E19731} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {2BB01020-5CC6-4A64-992D-763DC51A2F06} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {2F77E676-F7D1-4242-9A8F-943549116DEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
    Task: {366EA5B0-4DD6-454A-9B85-418430C9BDC6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {394E29AC-4495-4A0F-9336-1871E46BBADA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {4E418027-B15B-49F1-AF43-D501166EC6F2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-06] (Microsoft)
    Task: {578613F4-661F-4B1D-884B-F48987680BC0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {5F4DD486-F508-46BC-BAF5-FD74811FED1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
    Task: {618504ED-DB4B-4B09-949A-D59595722AFB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
    Task: {66B9E2C2-53F1-4F32-891E-D9DAB736BBFF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {6F2E82C3-8BD1-4FEE-B85E-EA4E63E600C8} - System32\Tasks\{53235ECE-D935-4045-837E-CEA5D606F8BF} => pcalua.exe -a C:\Users\Pedro\Downloads\forge-1.8-11.14.0.1281-1.8-installer-win.exe -d C:\Users\Pedro\Downloads
    Task: {7A745F89-10F1-4168-AC74-FB63B20495D1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {7E66A22C-94E8-45F4-96CC-FDED2AE3CB3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
    Task: {83503364-7523-40CA-B176-E3F136E6E73B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {946E426A-83B9-4668-B681-752C7CAF97A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
    Task: {95C82071-CD8B-4197-BC8B-000D5D470F58} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {9ACAE483-0B73-469C-87E3-B3D2A5D6ECFB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {AF7FE12C-AF54-4EAC-A955-4A6DB578260C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
    Task: {BB2EC38A-EE66-4C30-83C7-0550A3359DDC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
    Task: {CD72DAA7-D32A-48CE-8CC4-CF285A082391} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {CF7F2211-070B-4D5F-A0FE-EE4D529C953B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
    Task: {EC57B380-8F18-47C9-8D2E-71EC8AC46670} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {F4266206-0EB2-4829-8DBC-C38E990E9330} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...MPMMMNMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
    Task: {FD0FEC7B-6D29-4D4B-BEA5-5D58C24F41A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {FDB26820-DF88-4AF5-8608-D9FB0FE43AD8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core.job => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA.job => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (Whitelisted) ==============

    2013-12-26 07:12 - 2013-12-26 07:12 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2015-02-06 16:13 - 2013-11-11 10:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-02-25 09:55 - 2015-01-27 20:16 - 00582656 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
    2014-06-12 20:10 - 2013-05-17 19:12 - 00131072 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    2015-02-25 09:55 - 2015-02-13 21:00 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll
    2015-02-25 09:55 - 2015-01-27 20:16 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
    2013-08-12 21:06 - 2013-08-12 21:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-08-12 21:06 - 2013-08-12 21:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-08-12 21:06 - 2013-08-12 21:06 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2014-06-12 20:10 - 2013-01-26 00:29 - 00544768 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    2013-08-15 05:48 - 2013-08-15 05:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-08-15 05:45 - 2013-08-15 05:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-08-15 05:52 - 2013-08-15 05:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2010-06-16 16:42 - 2010-06-16 16:42 - 00839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    2015-01-20 23:35 - 2015-01-20 23:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2015-05-14 21:43 - 2015-04-23 01:29 - 00560640 _____ () C:\Program Files (x86)\I-Funbox DevTeam\exifext_x64.dll
    2013-08-15 14:03 - 2013-08-15 14:03 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
    2014-06-12 20:10 - 2012-11-15 17:35 - 00411648 _____ () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCtr.exe
    2015-02-25 09:55 - 2015-01-27 20:18 - 00225280 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
    2015-02-25 09:55 - 2015-02-11 16:56 - 02451624 _____ () C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
    2015-05-18 09:32 - 2015-05-18 09:32 - 20736088 _____ () C:\Users\Pedro\Downloads\Malware\RogueKillerX64.exe
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-02-02 00:40 - 2014-10-11 00:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2015-04-18 12:14 - 2015-04-16 12:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-04-18 12:14 - 2015-04-22 21:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-04-18 12:14 - 2015-05-14 20:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-04-18 12:14 - 2015-04-22 21:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-04-18 12:14 - 2015-04-22 21:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-04-18 12:14 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-04-18 12:14 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-04-18 12:14 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-04-18 12:14 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-04-18 12:14 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-04-18 12:14 - 2015-05-14 20:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2013-12-26 07:12 - 2013-12-26 07:12 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-11-20 13:56 - 2014-11-20 13:56 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-11-20 13:55 - 2014-11-20 13:55 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-11-20 13:56 - 2014-11-20 13:56 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-11-20 13:55 - 2014-11-20 13:55 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2015-04-28 05:20 - 2015-04-28 05:20 - 00687896 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\BackupLib.dll
    2015-04-28 05:22 - 2015-04-28 05:22 - 00031512 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBCompressor.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\libcef.dll
    2015-04-28 05:21 - 2015-04-28 05:21 - 00656152 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\FtuEngine.dll
    2015-04-28 05:21 - 2015-04-28 05:21 - 00187160 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\GMConsumer.dll
    2015-04-28 05:23 - 2015-04-28 05:23 - 00085784 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBProActiveCore.dll
    2015-04-28 05:22 - 2015-04-28 05:22 - 00099096 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBMAPILibrary.dll
    2015-04-27 23:45 - 2015-04-27 23:45 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\boost_regex-vc120-mt-1_55.dll
    2015-04-27 23:47 - 2015-04-27 23:47 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\zlib1.dll
    2015-04-28 05:23 - 2015-04-28 05:23 - 00225048 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBSearch.dll
    2015-04-28 05:20 - 2015-04-28 05:20 - 00245528 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\boost_serialization-vc120-mt-1_55.dll
    2015-04-28 05:20 - 2015-04-28 05:20 - 01248536 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\FeaturesBridge.dll
    2015-04-28 05:21 - 2015-04-28 05:21 - 00067352 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\mbpopup.dll
    2015-04-28 05:22 - 2015-04-28 05:22 - 00153368 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbar.dll
    2014-06-12 20:10 - 2012-11-15 18:07 - 00061440 _____ () C:\Program Files (x86)\DELL\Dell Wireless Keyboard Software\CDCTR.DLL
    2015-04-18 12:14 - 2015-05-11 14:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-02-02 00:40 - 2014-10-11 00:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-06-24 17:08 - 2014-06-24 17:08 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-02-25 09:55 - 2015-01-27 20:17 - 00022528 _____ () C:\Program Files (x86)\IDriveWindows\cmd_util\cygpopt-0.dll
    2015-02-25 09:55 - 2015-01-27 20:17 - 00046094 _____ () C:\Program Files (x86)\IDriveWindows\cmd_util\cyggcc_s-1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Pedro\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\Pedro\Documents\.DS_Store:AFP_AfpInfo

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\dell.com -> dell.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 208.67.222.222 - 192.168.2.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [{47F4CD5F-EF25-4637-B789-4B87DC6367F3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    FirewallRules: [{2C76039A-07E3-46B9-B4ED-DB099D9108F2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    FirewallRules: [{52777470-B2D4-404F-B320-B24DEAE1186E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    FirewallRules: [{4A784980-33D6-4AD8-8ABA-4A206DD77F1D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{DB185D79-4E17-4B4C-BA3C-85F56B49F701}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{35B9748B-5D32-4C2F-B3F6-8C121DCCC420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C88E054E-1B9F-4F87-B452-FF9D7F0E7A15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F2BBD17B-F0AD-48F0-AAC6-B17B3063F6F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C10B856F-8B8D-4B0B-B654-1421BB251428}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A8EE4514-6496-485E-AC82-E3678661548D}] => (Allow) LPort=30564
    FirewallRules: [{0246A03D-426F-4E3A-826A-72EA997A42F6}] => (Allow) LPort=30565
    FirewallRules: [{2B2F8761-8802-49D8-8944-54F94EF11BB0}] => (Allow) LPort=30567
    FirewallRules: [{5CB8C55A-74EE-404C-9E2A-6A1D8B2C7EED}] => (Allow) LPort=30569
    FirewallRules: [TCP Query User{5045A75B-DE17-4F58-9C49-B15A43FC1E91}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [UDP Query User{0551D4A9-F217-41B6-9BD7-4FF8320BE947}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [{78EEC397-5CF6-4BFC-9EA2-48D3EA87D983}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{A879B310-F06A-43D6-BA38-853A6BE66B37}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{28BBB04C-0010-4066-9BB8-858BDDFF3C57}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{1EB86967-2FDF-40FE-8826-B67E859A1263}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{8D9F7B08-BB0C-4652-9A7F-5E8A375F90CD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{A55E8FFA-0D60-4FA6-858C-D899BE88C1D3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{9BF88C47-C6E0-48B2-ABF1-67159862CCF9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{88232922-BB1F-4CA0-846D-5BC6D7F1FE0F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{716B9029-9160-4FF0-9427-393F86D62CB4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{833231DD-FDC4-4952-8710-B8EC18081A0E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{2765CC8E-79F4-4835-AD1E-479BE8CA81F7}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{0C5E6ED2-6D27-41F0-823B-2932FAA89296}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{EC415D48-271F-41F1-8CA0-0F1D64629E79}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{B0AB8C54-05A0-4A33-B00B-92446D8488BE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{AC40240B-2EEA-4624-A22C-BDECC4B6E412}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{CA96C0FC-B770-4FAA-A650-6A7ABD2AFB40}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{F3DCED5F-5C58-428C-865D-C6581101D455}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{359B70C7-899D-4ABB-9400-1F4A96268AF7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{402E562D-D868-4039-B72D-31C94B9D6C3E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{8ACD3086-1B65-4F4E-9B2E-F41677012A19}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{8DA4A930-69F3-4173-A0D6-5E7D66E1972F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{3D264B03-DBF9-4C90-975E-E6D4690004BE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{1EBAF734-74A8-4C0C-A4A2-89F28D735215}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{FC85559B-32F8-4A74-A855-9F9D4A2FDAF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{4A61A6AC-F302-4A02-AE3B-12289C284335}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
    FirewallRules: [UDP Query User{9ABA61C9-AB64-4B8F-9C08-89CBB9E077AA}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
    FirewallRules: [TCP Query User{4E3EACF3-CA43-4658-823D-366A535AED7A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{1BE13C25-EA64-46C0-BE44-0580D439C85D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{29B9950F-6873-4FFE-ACD6-CAACA04C7913}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
    FirewallRules: [UDP Query User{5169615A-93BE-44C2-BC5A-C4557D5BD3EA}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
    FirewallRules: [TCP Query User{54910674-A226-4648-9416-DD33A8CF7406}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [UDP Query User{A5DFC15F-9B39-4E35-AF70-E67DF418E218}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [{6C3B46E7-B527-41B5-82B5-A89D9C43771F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{0B5F66F5-A7F2-437B-ADAD-AE7FEE178A5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EF1E197A-B540-4817-923F-781FEDA9EFFA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{30178781-5056-4D38-9F99-5A9E8C1DFD0C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6BB53973-A594-4317-AA4C-9809A22B9FAD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{97D66707-A97F-49FB-8CFC-343DFA83094F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
    FirewallRules: [{38FF5C75-5C41-4E8F-B7D7-ABF74DBE33A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
    FirewallRules: [{AF6AFC9F-7F75-4ED8-9DD3-08882CCD7F16}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{03A676A6-7AD4-4C20-80C8-B647AD3957A4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{93F6F957-1B06-4514-BB1E-E3E08C5A1A67}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{CCB1E508-43F1-4C3F-BA35-A1DC1DB6BC8A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{8682193A-6781-472E-90C3-81293B6A725F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{719CF85A-585E-4176-AF41-58127715D132}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{A4DCD007-A0E3-49FA-8CDB-2DE7038AC510}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    FirewallRules: [{B5E888E2-2B4E-4859-89B8-133FBDA0FEFF}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{5A3D4916-E8B9-4060-A4B0-6452E9752407}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/19/2015 00:00:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: f24

    Start Time: 01d091eff8ac8ebf

    Termination Time: 4294967295

    Application Path: C:\WINDOWS\syswow64\wwahost.exe

    Report Id: ecd34fe9-fde3-11e4-82a2-90489a6cfd84

    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

    Faulting package-relative application ID: App

    Error: (05/18/2015 11:49:59 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.


    System errors:
    =============
    Error: (05/18/2015 11:51:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80246010: Microsoft.ZuneVideo.

    Error: (05/18/2015 11:40:11 PM) (Source: DCOM) (EventID: 10016) (User: WIN81_APT)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Win81_AptPedroS-1-5-21-1752789045-980292033-1344979022-1001LocalHost (Using LRPC)UnavailableUnavailable

    Error: (05/18/2015 11:40:10 PM) (Source: DCOM) (EventID: 10016) (User: WIN81_APT)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Win81_AptPedroS-1-5-21-1752789045-980292033-1344979022-1001LocalHost (Using LRPC)UnavailableUnavailable

    Error: (05/18/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) Serial IO I2C Controller Driver service failed to start due to the following error:
    %%1058

    Error: (05/18/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Driver Foundation - User-mode Driver Framework Reflector service failed to start due to the following error:
    %%2

    Error: (05/18/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft USB Universal Host Controller Miniport Driver service failed to start due to the following error:
    %%1058

    Error: (05/18/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Microsoft USB Open Host Controller Miniport Driver service failed to start due to the following error:
    %%1058

    Error: (05/18/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TsUsbFlt service failed to start due to the following error:
    %%1058

    Error: (05/18/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The storvsc service failed to start due to the following error:
    %%1058

    Error: (05/18/2015 11:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BlackBerry Smartphone service failed to start due to the following error:
    %%1058


    Microsoft Office Sessions:
    =========================
    Error: (05/19/2015 00:00:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.3.9600.17031f2401d091eff8ac8ebf4294967295C:\WINDOWS\syswow64\wwahost.exeecd34fe9-fde3-11e4-82a2-90489a6cfd84Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

    Error: (05/18/2015 11:49:59 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Pedro\Downloads\Malware\esetsmartinstaller_enu.exe


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-18 04:06:39.093
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:48.555
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:48.477
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:48.300
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:48.210
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:41.894
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:41.814
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:41.729
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-16 08:16:41.614
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-15 06:00:08.072
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 37%
    Total physical RAM: 16309.98 MB
    Available physical RAM: 10115.97 MB
    Total Pagefile: 32693.98 MB
    Available Pagefile: 26774.88 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.82 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1853.08 GB) (Free:998.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: EFA7E497)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    [​IMG] I can see uTorrent in your Control Panel>Programs & Features list.
    It should be listed there in first position right above Adobe Acrobat X Pro not under "U" letter.
    Let me know.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. PParedes

    PParedes TS Rookie Topic Starter

    Hi Broni, thanks for your reply, I had programs and features sorted by install date. Removed utorrent.

    Here is Rogue Killer Log:
    RogueKiller V10.6.5.0 (x64) [May 20 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Pedro [Administrator]
    Started from : C:\Users\Pedro\Downloads\Malware\RogueKillerX64.exe
    Mode : Delete -- Date : 05/20/2015 08:00:45

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 4 ¤¤¤
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1752789045-980292033-1344979022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1752789045-980292033-1344979022-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Replaced (http://search.msn.com/spbasic.htm)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST2000DM001-1CH +++++
    --- User ---
    [MBR] d0f1d6462bf3dbe34c2381290cd5c407
    [BSP] 7e11b24ba8b4b3732f48821e75fe1bba : Empty MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
    4 - Basic data partition | Offset (sectors): 2906112 | Size: 1897559 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3889106944 | Size: 450 MB
    6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 3890028544 | Size: 8297 MB
    User = LL1 ... OK
    Error reading LL2 MBR! NOT VALID!


    ============================================
    RKreport_SCN_05202015_080018.log

    MBAM Log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/20/2015
    Scan Time: 7:58:05 AM
    Logfile: BOBO.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.20.03
    Rootkit Database: v2015.05.16.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Pedro

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 431572
    Time Elapsed: 19 min, 21 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. PParedes

    PParedes TS Rookie Topic Starter

    AdwCleaner did not create a log nor open a text file on reboot (there was no file in c:\). Here is JRT's log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.7.5 (05.20.2015:1)
    OS: Windows 8.1 Pro x64
    Ran by Pedro on Wed 05/20/2015 at 8:31:44.54
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1752789045-980292033-1344979022-1001



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 05/20/2015 at 8:33:38.24
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  9. PParedes

    PParedes TS Rookie Topic Starter

    Hi here you go. Thanks for your response.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
    Ran by Pedro (administrator) on WIN81_APT on 21-05-2015 00:21:31
    Running from C:\Users\Pedro\Downloads\Malware
    Loaded Profiles: Pedro (Available profiles: Pedro)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBW32.EXE
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-21] (Logitech, Inc.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [CDEjectCtr] => C:\Program Files (x86)\Dell\Dell Wireless Keyboard Software\CDCtr.exe [411648 2012-11-15] ()
    HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [67616 2015-02-13] (Prosoftnet)
    HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1973280 2015-02-13] (Prosoftnet)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-29] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-04-27] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] (Qualcomm®Atheros®)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-17] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [AnukoWorldClock] => C:\Program Files (x86)\Anuko\World Clock\world_clock.exe [797336 2015-04-22] (Anuko International Ltd.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [Google Update] => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-03-15] (Google Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-10] (Siber Systems)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\I-Funbox DevTeam\iFunBox_x64.exe [2742272 2015-04-25] (I-Funbox.com)
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
    AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-12-26] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-12-26] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-05-01]
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-06-12]
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-06-12]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{99D8B059-63AA-415B-A8F3-48A4F6E3D867}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-05-01]
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2015-05-01]
    ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-05-01]
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBW32.EXE (Intuit Inc.)
    ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)
    ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2015-01-27] (Pro-Softnet Corporation, U.S.A)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U270&ocid=U270DHP
    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> {7B67A3B6-A2A4-4519-BCEE-958278BB203A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-10] (Siber Systems Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-08-15] (Qualcomm®Atheros®)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-10] (Siber Systems Inc.)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-10] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-10] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-10] (Siber Systems Inc.)
    Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\HelpAsyncPluggableProtocol.dll [2015-04-28] (Intuit, Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-06-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-06-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1752789045-980292033-1344979022-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1752789045-980292033-1344979022-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1752789045-980292033-1344979022-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pedro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Pedro\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-20] (Cisco WebEx LLC)
    FF Extension: iCloud Bookmarks - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\firefoxdav@icloud.com [2015-05-01]
    FF Extension: Download Status Bar - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-01-28]
    FF Extension: Adblock Plus - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-28]
    FF Extension: Tab Mix Plus - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\03uhi97u.default-1420378273763\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-29]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-11-18]
    FF HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
     
  10. PParedes

    PParedes TS Rookie Topic Starter

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AnukoTime; C:\Program Files (x86)\Anuko\World Clock\timesync.exe [222872 2015-04-21] (Anuko International Ltd.)
    S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-05-14] ()
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows (R) Win 7 DDK provider) [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    S2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [131072 2013-05-17] () [File not signed]
    S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
    S3 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
    S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    S2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [100384 2015-02-13] (Prosoftnet)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-06-24] (Intel Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-04-28] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-04-27] (Intuit Inc.) [File not signed]
    S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-04-27] (Intuit Inc.) [File not signed]
    S2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-15] (Qualcomm Atheros) [File not signed]
    S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-17] (Sandboxie Holdings, LLC)
    S3 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-06] (Dell Inc.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
    R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-26] (Qualcomm Atheros, Inc.)
    S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-29] (Emsisoft GmbH)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation)
    S3 MUTENX_SERVICE; C:\Windows\System32\DRIVERS\mutenx.sys [77856 2014-07-14] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-17] (Sandboxie Holdings, LLC)
    S3 stdpms; C:\Windows\System32\drivers\stdpms.sys [28904 2014-10-22] (Splashtop Inc.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-20 09:48 - 2015-05-20 09:48 - 64577536 _____ () C:\Users\Pedro\Downloads\calibre-2.28.0.msi
    2015-05-20 08:37 - 2015-05-20 19:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1752789045-980292033-1344979022-1001
    2015-05-20 08:27 - 2015-05-20 08:27 - 00000000 ___RD () C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-05-18 23:51 - 2015-05-18 23:51 - 00000000 ____D () C:\Rooter$
    2015-05-18 23:18 - 2015-05-21 00:21 - 00000000 ____D () C:\FRST
    2015-05-18 22:10 - 2015-05-18 22:10 - 00000000 ____D () C:\Program Files (x86)\ZHPFix
    2015-05-18 22:08 - 2015-05-18 22:08 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
    2015-05-18 21:57 - 2015-05-18 22:07 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\ZHP
    2015-05-18 21:44 - 2015-05-21 00:20 - 00003182 _____ () C:\WINDOWS\setupact.log
    2015-05-18 21:44 - 2015-05-18 21:46 - 00002978 _____ () C:\WINDOWS\PFRO.log
    2015-05-18 21:44 - 2015-05-18 21:45 - 01406472 _____ () C:\WINDOWS\Minidump\051815-13062-01.dmp
    2015-05-18 21:44 - 2015-05-18 21:44 - 1239175502 _____ () C:\WINDOWS\MEMORY.DMP
    2015-05-18 21:44 - 2015-05-18 21:44 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-05-18 21:44 - 2015-05-18 21:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-05-18 12:56 - 2015-05-18 12:56 - 89983160 _____ (Plex, Inc.) C:\Users\Pedro\Downloads\Plex-Media-Server-0.9.1201.1079-b655370-en-US.exe
    2015-05-18 11:14 - 2015-05-18 11:14 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\qwegiysj.sys
    2015-05-18 11:14 - 2015-05-18 11:14 - 00000192 _____ () C:\WINDOWS\system\bmkffswj
    2015-05-17 21:58 - 2015-05-20 08:25 - 00000000 ____D () C:\AdwCleaner
    2015-05-17 21:57 - 2015-05-17 21:57 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-WIN81_APT-Windows-8.1-Pro-(64-bit).dat
    2015-05-17 21:56 - 2015-05-17 21:56 - 00000000 ____D () C:\RegBackup
    2015-05-16 05:01 - 2015-05-18 21:11 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
    2015-05-16 04:58 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
    2015-05-16 04:58 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
    2015-05-16 04:58 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
    2015-05-16 04:58 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
    2015-05-16 04:58 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
    2015-05-16 04:58 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
    2015-05-16 04:58 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
    2015-05-16 04:58 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
    2015-05-16 04:58 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
    2015-05-16 04:58 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
    2015-05-16 04:57 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
    2015-05-16 04:57 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
    2015-05-16 04:57 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
    2015-05-16 04:57 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
    2015-05-16 04:57 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
    2015-05-16 04:57 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
    2015-05-16 04:57 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
    2015-05-16 04:57 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
    2015-05-16 04:57 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
    2015-05-16 04:57 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
    2015-05-16 04:57 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
    2015-05-16 04:57 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
    2015-05-16 04:57 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
    2015-05-16 04:57 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
    2015-05-16 04:57 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
    2015-05-16 04:57 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
    2015-05-16 04:57 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
    2015-05-16 04:57 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
    2015-05-16 04:57 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
    2015-05-16 04:57 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
    2015-05-16 04:57 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
    2015-05-16 04:57 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
    2015-05-16 04:57 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
    2015-05-16 04:57 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
    2015-05-16 04:57 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
    2015-05-16 04:57 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
    2015-05-16 04:57 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
    2015-05-16 04:57 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
    2015-05-16 04:57 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
    2015-05-16 04:57 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
    2015-05-16 04:57 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
    2015-05-16 04:57 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
    2015-05-16 04:57 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
    2015-05-16 04:57 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
    2015-05-16 04:57 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
    2015-05-16 04:57 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
    2015-05-16 04:57 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
    2015-05-16 04:57 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
    2015-05-16 04:57 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
    2015-05-16 04:57 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
    2015-05-16 04:57 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
    2015-05-16 04:57 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
    2015-05-16 04:57 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
    2015-05-16 04:57 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
    2015-05-16 04:57 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
    2015-05-16 04:57 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
    2015-05-16 04:57 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
    2015-05-16 04:57 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
    2015-05-16 04:57 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
    2015-05-16 04:57 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
    2015-05-16 04:57 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
    2015-05-16 04:57 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
    2015-05-16 04:57 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
    2015-05-16 04:57 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
    2015-05-16 04:57 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
    2015-05-16 04:57 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
    2015-05-16 04:57 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
    2015-05-16 04:57 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
    2015-05-16 04:57 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
    2015-05-16 04:57 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
    2015-05-16 04:57 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
    2015-05-16 04:57 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
    2015-05-16 04:57 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
    2015-05-16 04:57 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
    2015-05-16 04:57 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
    2015-05-16 04:57 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
    2015-05-16 04:57 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
    2015-05-16 04:57 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
    2015-05-16 04:57 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
    2015-05-16 04:57 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
    2015-05-16 04:57 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
    2015-05-16 04:57 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
    2015-05-16 04:57 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
    2015-05-16 04:57 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
    2015-05-16 04:57 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
    2015-05-16 04:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
    2015-05-16 04:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
    2015-05-16 04:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
    2015-05-16 04:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
    2015-05-16 04:57 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
    2015-05-16 04:57 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
    2015-05-16 04:57 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
    2015-05-16 04:57 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
    2015-05-16 04:55 - 2015-05-16 04:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
    2015-05-15 22:20 - 2015-05-15 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-15 22:03 - 2015-05-15 22:03 - 00002053 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2015-05-15 22:01 - 2015-05-15 22:01 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-05-14 22:22 - 2015-05-14 22:22 - 50037296 _____ () C:\Users\Pedro\Downloads\TaiGJBreak_EN_1201.zip
    2015-05-14 22:05 - 2015-05-14 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitvise SSH Client
    2015-05-14 22:05 - 2015-05-14 22:05 - 00000000 ____D () C:\Program Files (x86)\Bitvise SSH Client
    2015-05-14 21:43 - 2015-05-14 21:52 - 00000000 ____D () C:\Program Files (x86)\I-Funbox DevTeam
    2015-05-14 21:01 - 2015-05-14 21:03 - 1420308943 _____ () C:\Users\Pedro\Downloads\iPad2,2_8.1.2_12B440_Restore.ipsw
    2015-05-14 20:17 - 2015-05-14 20:17 - 00000000 ____D () C:\Users\Pedro\Documents\Expression
    2015-05-14 20:16 - 2015-05-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
    2015-05-14 20:16 - 2015-05-14 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression
    2015-05-14 14:28 - 2015-05-14 14:41 - 52266712 _____ (悠然天地科技有限公司) C:\Users\Pedro\Downloads\iTunesDriver64_0205.exe
    2015-05-13 10:02 - 2015-04-24 16:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
    2015-05-13 10:02 - 2015-03-04 18:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2015-05-13 03:44 - 2015-04-30 15:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 03:44 - 2015-04-30 15:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-12 13:30 - 2015-01-29 19:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2015-05-12 13:29 - 2015-04-30 18:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-05-12 13:29 - 2015-04-30 17:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-05-12 13:29 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-05-12 13:29 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-05-12 13:29 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-05-12 13:29 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-05-12 13:29 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-05-12 13:29 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-05-12 13:29 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-05-12 13:29 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-05-12 13:29 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2015-05-12 13:29 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-05-12 13:29 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-05-12 13:29 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-05-12 13:29 - 2015-04-21 11:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-05-12 13:29 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-05-12 13:29 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-05-12 13:29 - 2015-04-21 10:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-05-12 13:29 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-05-12 13:29 - 2015-04-21 10:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-05-12 13:29 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-05-12 13:29 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-05-12 13:29 - 2015-04-21 10:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-05-12 13:29 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-05-12 13:29 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-05-12 13:29 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-05-12 13:29 - 2015-04-21 10:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-05-12 13:29 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-05-12 13:29 - 2015-04-21 10:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-05-12 13:29 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-05-12 13:29 - 2015-04-21 10:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-05-12 13:29 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-05-12 13:29 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-05-12 13:29 - 2015-04-21 10:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-05-12 13:29 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-05-12 13:29 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-05-12 13:29 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-05-12 13:29 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-05-12 13:29 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-05-12 13:29 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-05-12 13:29 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-05-12 13:29 - 2015-04-13 17:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-05-12 13:29 - 2015-04-09 20:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-05-12 13:29 - 2015-04-09 19:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-05-12 13:29 - 2015-04-09 19:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2015-05-12 13:29 - 2015-04-09 19:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-05-12 13:29 - 2015-04-09 19:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2015-05-12 13:29 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-05-12 13:29 - 2015-04-02 19:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
    2015-05-12 13:29 - 2015-04-02 19:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
    2015-05-12 13:29 - 2015-04-01 17:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2015-05-12 13:29 - 2015-04-01 17:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2015-05-12 13:29 - 2015-03-31 22:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
    2015-05-12 13:29 - 2015-03-31 21:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
    2015-05-12 13:29 - 2015-03-30 00:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-05-12 13:29 - 2015-03-26 22:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-05-12 13:29 - 2015-03-26 21:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-05-12 13:29 - 2015-03-26 21:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-05-12 13:29 - 2015-03-19 20:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-05-12 13:29 - 2015-03-17 12:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-05-12 13:29 - 2015-03-12 23:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-05-12 13:29 - 2015-03-12 23:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2015-05-12 13:29 - 2015-03-12 21:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2015-05-12 13:29 - 2015-03-12 20:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-05-12 13:29 - 2015-03-12 19:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2015-05-12 13:29 - 2015-03-12 19:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2015-05-12 13:29 - 2015-03-10 20:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
    2015-05-12 13:29 - 2015-03-10 20:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
    2015-05-12 13:29 - 2015-03-08 21:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2015-05-12 13:29 - 2015-03-05 22:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
    2015-05-12 13:29 - 2015-03-05 21:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2015-05-12 13:29 - 2015-03-05 21:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
    2015-05-12 13:29 - 2015-03-03 20:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2015-05-12 13:29 - 2015-03-03 20:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2015-05-12 13:29 - 2015-02-17 18:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2015-05-12 13:29 - 2014-10-28 21:45 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
    2015-05-12 13:29 - 2014-10-28 21:44 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
    2015-05-12 13:29 - 2014-10-28 21:42 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jnwmon.dll
    2015-05-12 13:29 - 2014-10-28 21:00 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
    2015-05-12 13:29 - 2014-10-28 21:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
    2015-05-12 13:29 - 2014-10-28 20:58 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShextAutoplay.exe
    2015-05-12 13:29 - 2014-10-28 20:57 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
    2015-05-12 13:29 - 2014-10-28 20:54 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
    2015-05-12 13:29 - 2014-10-28 20:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe
    2015-05-12 13:29 - 2014-10-28 20:22 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
    2015-05-12 13:29 - 2014-10-28 20:19 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
    2015-05-12 13:29 - 2014-10-28 19:59 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
    2015-05-04 22:48 - 2015-05-04 22:48 - 64471040 _____ () C:\Users\Pedro\Downloads\calibre-2.27.0.msi
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2015-05-02 08:41 - 2015-05-02 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2015-05-02 08:41 - 2015-05-02 08:41 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2015-05-01 22:57 - 2015-05-01 22:58 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Intel_Corporation
    2015-05-01 22:43 - 2014-07-14 10:37 - 00077856 _____ () C:\WINDOWS\system32\Drivers\mutenx.sys
    2015-05-01 22:42 - 2015-05-01 23:11 - 00000000 ____D () C:\Program Files\ASTER-V7
    2015-05-01 22:02 - 2015-05-01 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-05-01 10:40 - 2015-05-01 10:40 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\SQL Anywhere 16
    2015-05-01 09:37 - 2015-05-01 09:37 - 00002320 _____ () C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions 16.0.lnk
    2015-05-01 09:37 - 2015-05-01 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
    2015-05-01 09:32 - 2015-05-01 09:32 - 00000000 ____D () C:\ProgramData\Nuance
    2015-04-27 23:44 - 2015-04-27 23:44 - 01694992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBA6.DLL
    2015-04-27 23:44 - 2015-04-27 23:44 - 00925328 _____ (Adroit Technologies) C:\WINDOWS\SysWOW64\SmartTabs28.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00741008 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\SPR32D30.DLL
    2015-04-27 23:44 - 2015-04-27 23:44 - 00667280 _____ () C:\WINDOWS\SysWOW64\tx12.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00638608 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Gsprop32.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00636032 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Graphs32.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00620064 _____ (Teebo Software Solutions) C:\WINDOWS\SysWOW64\tssOfficeMenu1c.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00519824 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_pdf.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00482960 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_doc.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00423016 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Gsw32.exe
    2015-04-27 23:44 - 2015-04-27 23:44 - 00364176 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_rtf.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00355984 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx4ole12.ocx
    2015-04-27 23:44 - 2015-04-27 23:44 - 00343696 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_obj.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00306832 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_xml.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00261776 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_css.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00242816 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\Gswag32.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00229008 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_htm.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00217088 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_png.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00172032 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_jpg.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00152688 _____ (Bits Per Second Ltd) C:\WINDOWS\SysWOW64\gswdll32.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00130704 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_tls.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00110224 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_ic.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00061440 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_tif.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00056976 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_wnd.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 00049152 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_gif.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00049152 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_bmp.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00033280 _____ (The Imaging Source Europe GmbH) C:\WINDOWS\SysWOW64\tx12_wmf.flt
    2015-04-27 23:44 - 2015-04-27 23:44 - 00000530 _____ () C:\WINDOWS\SysWOW64\tx12_ic.ini
     
  11. PParedes

    PParedes TS Rookie Topic Starter

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-21 00:21 - 2015-02-01 15:15 - 00000000 ____D () C:\Users\Pedro\Downloads\Malware
    2015-05-21 00:20 - 2014-11-17 13:08 - 00000000 ____D () C:\Users\Pedro\Documents\Outlook Files
    2015-05-21 00:19 - 2015-01-29 01:01 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FB4D041-904B-48F6-8A0A-06B69850AA39}
    2015-05-21 00:14 - 2014-11-19 15:50 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Skype
    2015-05-21 00:04 - 2015-03-15 22:54 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA.job
    2015-05-21 00:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-05-20 23:32 - 2014-11-19 10:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-20 21:35 - 2015-02-06 16:13 - 02055261 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-20 20:04 - 2015-03-15 22:54 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core.job
    2015-05-20 19:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-05-20 16:06 - 2014-11-17 11:21 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Packages
    2015-05-20 14:50 - 2015-02-11 15:30 - 00360960 ___SH () C:\Users\Pedro\Desktop\Thumbs.db
    2015-05-20 10:35 - 2014-11-17 12:49 - 00000000 ____D () C:\Users\Pedro\Documents\Books
    2015-05-20 09:30 - 2014-12-29 10:46 - 00000000 ____D () C:\Users\Pedro\AppData\Local\2DD6A56A-7A8C-4F2E-BC7E-43FEDC2B609A.aplzod
    2015-05-20 08:32 - 2014-11-18 14:05 - 00000000 ____D () C:\Users\Pedro\AppData\Local\CrashDumps
    2015-05-20 08:32 - 2014-11-17 11:23 - 00000000 ___DO () C:\Users\Pedro\OneDrive
    2015-05-20 08:28 - 2015-01-22 22:59 - 00006468 _____ () C:\WINDOWS\SysWOW64\Gms.log
    2015-05-20 08:26 - 2015-04-18 12:13 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-05-20 08:26 - 2015-01-02 11:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-20 08:26 - 2014-12-29 10:47 - 00000000 ___RD () C:\Users\Pedro\iCloudDrive
    2015-05-20 08:26 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-20 08:25 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-05-20 07:54 - 2015-01-28 09:23 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-05-20 07:52 - 2014-11-18 13:57 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\uTorrent
    2015-05-19 14:57 - 2015-04-04 18:08 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-05-19 14:57 - 2015-04-04 18:08 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-05-19 14:57 - 2013-08-22 10:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-05-19 11:07 - 2014-11-17 16:49 - 00002660 _____ () C:\WINDOWS\Sandboxie.ini
    2015-05-19 09:22 - 2015-02-25 09:55 - 00000000 ____D () C:\ProgramData\IDrive
    2015-05-19 07:54 - 2014-03-18 05:02 - 00869412 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-19 07:40 - 2014-11-17 13:52 - 00000000 ____D () C:\Media
    2015-05-18 23:17 - 2014-11-17 13:08 - 00000000 ____D () C:\Users\Pedro\Documents\Office 2010
    2015-05-18 21:58 - 2015-02-06 16:18 - 00000000 ____D () C:\Users\Pedro
    2015-05-18 21:58 - 2015-02-02 02:21 - 01835520 _____ () C:\Users\Pedro\ZHPCleaner.exe
    2015-05-18 21:14 - 2015-02-06 18:11 - 00000000 ___DC () C:\WINDOWS\Panther
    2015-05-18 21:11 - 2015-01-18 08:06 - 00000000 ____D () C:\ProgramData\Origin
    2015-05-18 21:10 - 2014-11-17 12:24 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-05-18 16:14 - 2015-02-05 06:53 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
    2015-05-18 11:15 - 2015-01-28 09:23 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-05-18 11:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
    2015-05-18 09:23 - 2015-01-28 09:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-05-17 16:25 - 2015-01-01 14:52 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.minecraft
    2015-05-17 16:08 - 2014-11-17 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-17 08:10 - 2014-11-17 12:54 - 00000000 ____D () C:\Users\Pedro\Documents\Cooking
    2015-05-16 05:30 - 2015-01-18 08:27 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Origin
    2015-05-16 04:55 - 2015-01-16 13:45 - 00000000 ____D () C:\temp
    2015-05-15 22:03 - 2015-03-11 21:46 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2015-05-15 22:03 - 2015-03-11 21:46 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2015-05-15 22:03 - 2015-03-11 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
    2015-05-15 19:59 - 2015-03-15 22:54 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA
    2015-05-15 19:59 - 2015-03-15 22:54 - 00003494 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core
    2015-05-15 07:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-05-14 21:43 - 2015-01-04 11:28 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\iFunbox_UserCache
    2015-05-14 20:10 - 2013-08-22 09:44 - 00508376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-14 20:09 - 2014-11-25 03:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-14 20:09 - 2014-11-25 03:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-14 20:08 - 2014-03-18 04:43 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-14 20:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2015-05-14 20:08 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
    2015-05-14 14:53 - 2014-11-17 12:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-05-14 14:14 - 2014-11-17 13:00 - 00000000 ____D () C:\Program Files (x86)\Quicken
    2015-05-14 11:44 - 2015-02-12 12:27 - 00000426 _____ () C:\WINDOWS\Tasks\Dell SupportAssistAgent AutoUpdate.job
    2015-05-13 03:47 - 2014-11-22 19:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-05-13 03:47 - 2014-11-17 14:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-13 03:43 - 2014-11-17 11:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-05-13 03:42 - 2014-11-17 11:40 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-13 03:41 - 2013-08-22 08:25 - 00000254 _____ () C:\WINDOWS\win.ini
    2015-05-13 03:34 - 2014-11-25 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-10 20:09 - 2014-11-18 13:32 - 00004218 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm
    2015-05-10 20:09 - 2014-11-18 13:32 - 00003494 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
    2015-05-10 20:08 - 2014-11-18 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
    2015-05-10 20:08 - 2014-11-17 13:11 - 00000000 ____D () C:\Users\Pedro\Documents\Passwords
    2015-05-05 12:59 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-05-05 12:59 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-05-04 22:49 - 2014-11-23 12:52 - 00000979 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
    2015-05-04 22:49 - 2014-11-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    2015-05-04 22:49 - 2014-11-23 12:52 - 00000000 ____D () C:\Program Files (x86)\Calibre2
    2015-05-04 16:07 - 2015-01-30 21:07 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
    2015-05-03 09:07 - 2015-02-13 12:26 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Deployment
    2015-05-02 20:41 - 2015-02-13 07:38 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.voidswrath
    2015-05-02 20:41 - 2015-02-12 17:51 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\VoidLauncher
    2015-05-02 20:41 - 2015-02-12 17:51 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.VoidLauncher
    2015-05-02 20:40 - 2015-02-20 16:47 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.crazycraft2
    2015-05-02 15:30 - 2014-11-19 15:50 - 00000000 ____D () C:\ProgramData\Skype
    2015-05-02 03:20 - 2015-03-06 21:03 - 04697768 _____ () C:\Users\Pedro\Desktop\TechnicLauncher.exe
    2015-05-02 03:20 - 2015-03-06 21:03 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\.technic
    2015-05-01 23:05 - 2015-02-06 16:13 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
    2015-05-01 23:05 - 2015-02-06 16:13 - 00000000 ____D () C:\WINDOWS\system32\NV
    2015-05-01 23:05 - 2015-02-06 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-05-01 22:27 - 2015-04-20 14:05 - 00000000 ____D () C:\ProgramData\ThinSoft
    2015-05-01 10:40 - 2014-11-27 10:11 - 00000000 ____D () C:\WINDOWS\Intuit
    2015-05-01 10:40 - 2014-11-18 09:17 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Intuit
    2015-05-01 09:37 - 2014-11-27 09:51 - 00000116 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
    2015-05-01 09:34 - 2014-11-27 09:51 - 00000000 ____D () C:\Program Files (x86)\Intuit
    2015-05-01 09:32 - 2014-11-17 12:59 - 00000000 ____D () C:\ProgramData\Intuit
    2015-05-01 09:31 - 2014-11-27 09:52 - 00000000 ____D () C:\Users\Public\Documents\Intuit
    2015-04-30 11:26 - 2014-11-17 13:12 - 00000000 ____D () C:\Users\Pedro\Documents\Work
    2015-04-29 13:09 - 2014-11-17 12:59 - 00000000 ____D () C:\Users\Pedro\Documents\Medical
    2015-04-29 12:53 - 2014-11-25 10:39 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\CDTPL
    2015-04-29 12:36 - 2014-11-25 10:39 - 00000000 ____D () C:\Program Files (x86)\SysTools OST Recovery
    2015-04-22 15:43 - 2015-04-20 09:59 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\webex
    2015-04-22 08:20 - 2014-11-17 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anuko World Clock
    2015-04-21 09:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Resources

    ==================== Files in the root of some directories =======

    2015-02-05 05:49 - 2015-02-05 05:49 - 0773632 _____ (Robert Simpson, et al.) C:\Users\Pedro\AppData\Roaming\System.Data.SQLite.dll
    2015-01-23 10:38 - 2015-01-23 10:38 - 0000017 _____ () C:\Users\Pedro\AppData\Local\resmon.resmoncfg
    2014-11-18 16:47 - 2014-11-18 16:47 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-02-06 16:14 - 2015-02-06 16:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-12-15 09:07 - 2015-02-20 14:56 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2014-06-12 20:21 - 2014-06-12 20:22 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2014-06-12 20:19 - 2014-06-12 20:19 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2014-06-12 20:20 - 2014-06-12 20:20 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2014-06-12 20:20 - 2014-06-12 20:21 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2014-06-12 20:19 - 2014-06-12 20:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Files to move or delete:
    ====================
    C:\Users\Pedro\ZHPCleaner.exe


    Some content of TEMP:
    ====================
    C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Pedro\AppData\Local\Temp\Quarantine.exe
    C:\Users\Pedro\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-20 02:45

    ==================== End Of Log ============================
    Here is addition:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
    Ran by Pedro at 2015-05-21 00:21:59
    Running from C:\Users\Pedro\Downloads\Malware
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1752789045-980292033-1344979022-500 - Administrator - Disabled)
    Guest (S-1-5-21-1752789045-980292033-1344979022-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1752789045-980292033-1344979022-1007 - Limited - Enabled)
    Pedro (S-1-5-21-1752789045-980292033-1344979022-1001 - Administrator - Enabled) => C:\Users\Pedro

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Anuko World Clock (HKLM-x32\...\AnukoWorldClock) (Version: 5.8.1.4635 - Anuko)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
    Bitvise SSH Client 6.31 (remove only) (HKLM-x32\...\BvSshClient) (Version: - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    calibre (HKLM-x32\...\{8FC4CEFE-8F15-4E22-986F-87EAF0C69A00}) (Version: 2.27.0 - Kovid Goyal)
    CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
    Cisco WebEx Meetings (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
    Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.0.55844 - Dell)
    Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
    Dell Wireless Keyboard Software (HKLM-x32\...\{00A73CE4-4595-420A-8E6E-8495EE481584}) (Version: 1.1.0.0 - Dell)
    DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0006 - DELL)
    DVDFab 9.1.6.8 (13/09/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
    HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
    Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
    Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Configuration Analyzer Tool 1.2 (HKLM-x32\...\{57164560-615C-4C9F-A75E-865B2A56310C}) (Version: 1.2.2 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
    Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    Music Manager (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\MusicManager) (Version: - Google, Inc.)
    MyHarmony (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
    OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden
    Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
    Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Network Manager (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Performance Suite (HKLM-x32\...\{F7C7EFEC-D7AB-4BDE-B5FA-D76231DA4E80}) (Version: 1.0.31.1053 - Qualcomm Atheros)
    QuickBooks (x32 Version: 26.0.2003.2607 - Intuit Inc.) Hidden
    QuickBooks Enterprise Solutions 16.0 (HKLM-x32\...\{2C50460D-1179-4819-A531-880469859DF0}) (Version: 26.0.2003.2607 - Intuit Inc.)
    QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
    Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.7.4 - Intuit)
    Quicken 2016 Alpha2 (HKLM-x32\...\{A19262DC-1163-4871-9411-0113B4C5E508}) (Version: 25.0.2.4 - Intuit)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
    RoboForm 7-9-13-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
    Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    SysTools OST Recovery 3.2 (HKLM-x32\...\{1ECEC1F7-EEDB-4DAA-8019-FA1EEEC347A2}_is1) (Version: - SysTools Software)
    SysTools OST Recovery version v4.1 (HKLM-x32\...\{A6FFDFF3-9913-4EBE-AF2D-CDA5B55A6779}_is1) (Version: v4.1 - SysTools Software)
    The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Unity Web Player (HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
    Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1405.1 - Microsoft Corporation) Hidden
    Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1752789045-980292033-1344979022-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1752789045-980292033-1344979022-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pedro\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    04-05-2015 16:06:43 Removed Sling
    12-05-2015 05:02:07 Scheduled Checkpoint
    16-05-2015 04:56:31 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    16-05-2015 04:56:53 Installed DirectX
    18-05-2015 21:07:29 Installed ASUS Ai Charger

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-01-30 21:42 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02C2059E-52E6-485A-BE38-26961E5C81D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {09936E4E-1657-4037-96C3-05B2DB992FA5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {0F63A961-F9B6-4B1E-B6DD-02BED49EF973} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {142D564A-27A8-4D17-8B2C-DF7F2D800009} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-05-10] (Siber Systems)
    Task: {2F77E676-F7D1-4242-9A8F-943549116DEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
    Task: {394E29AC-4495-4A0F-9336-1871E46BBADA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {4E418027-B15B-49F1-AF43-D501166EC6F2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-06] (Microsoft)
    Task: {578613F4-661F-4B1D-884B-F48987680BC0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {5F4DD486-F508-46BC-BAF5-FD74811FED1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
    Task: {618504ED-DB4B-4B09-949A-D59595722AFB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
    Task: {66B9E2C2-53F1-4F32-891E-D9DAB736BBFF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {6F2E82C3-8BD1-4FEE-B85E-EA4E63E600C8} - System32\Tasks\{53235ECE-D935-4045-837E-CEA5D606F8BF} => pcalua.exe -a C:\Users\Pedro\Downloads\forge-1.8-11.14.0.1281-1.8-installer-win.exe -d C:\Users\Pedro\Downloads
    Task: {7A745F89-10F1-4168-AC74-FB63B20495D1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {7E66A22C-94E8-45F4-96CC-FDED2AE3CB3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
    Task: {83503364-7523-40CA-B176-E3F136E6E73B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {95C82071-CD8B-4197-BC8B-000D5D470F58} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {AF7FE12C-AF54-4EAC-A955-4A6DB578260C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
    Task: {BB2EC38A-EE66-4C30-83C7-0550A3359DDC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
    Task: {CD72DAA7-D32A-48CE-8CC4-CF285A082391} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {CF7F2211-070B-4D5F-A0FE-EE4D529C953B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
    Task: {E4BA6B89-9567-4BCF-BAEE-19180D27054A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
    Task: {EC57B380-8F18-47C9-8D2E-71EC8AC46670} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {F4266206-0EB2-4829-8DBC-C38E990E9330} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...MPMMMNMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
    Task: {FB2F79B2-FA84-4038-B222-54CB0F1873F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
    Task: {FD0FEC7B-6D29-4D4B-BEA5-5D58C24F41A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {FDB26820-DF88-4AF5-8608-D9FB0FE43AD8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001Core.job => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752789045-980292033-1344979022-1001UA.job => C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-12-26 07:12 - 2013-12-26 07:12 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-02-25 09:55 - 2015-01-27 20:16 - 00582656 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
    2013-08-12 21:06 - 2013-08-12 21:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-08-12 21:06 - 2013-08-12 21:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-08-12 21:06 - 2013-08-12 21:06 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2015-02-02 00:40 - 2014-10-11 00:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-04-28 05:20 - 2015-04-28 05:20 - 00687896 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\BackupLib.dll
    2015-04-28 05:22 - 2015-04-28 05:22 - 00031512 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBCompressor.dll
    2015-04-27 23:44 - 2015-04-27 23:44 - 38715904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\libcef.dll
    2015-04-28 05:21 - 2015-04-28 05:21 - 00656152 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\FtuEngine.dll
    2015-04-28 05:21 - 2015-04-28 05:21 - 00187160 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\GMConsumer.dll
    2015-04-28 05:23 - 2015-04-28 05:23 - 00085784 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBProActiveCore.dll
    2015-04-28 05:22 - 2015-04-28 05:22 - 00099096 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBMAPILibrary.dll
    2015-04-27 23:45 - 2015-04-27 23:45 - 00630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\boost_regex-vc120-mt-1_55.dll
    2015-04-27 23:47 - 2015-04-27 23:47 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\zlib1.dll
    2015-04-28 05:23 - 2015-04-28 05:23 - 00225048 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\QBSearch.dll
    2015-04-28 05:20 - 2015-04-28 05:20 - 00245528 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\boost_serialization-vc120-mt-1_55.dll
    2015-04-28 05:20 - 2015-04-28 05:20 - 01248536 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\FeaturesBridge.dll
    2015-04-28 05:21 - 2015-04-28 05:21 - 00067352 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\mbpopup.dll
    2015-04-28 05:22 - 2015-04-28 05:22 - 00153368 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 16.0\qbar.dll
    2014-06-24 17:08 - 2014-06-24 17:08 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2013-12-26 07:12 - 2013-12-26 07:12 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-05-14 14:14 - 2015-05-11 08:01 - 36632280 _____ () C:\Program Files (x86)\Quicken\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Pedro\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\Pedro\Documents\.DS_Store:AFP_AfpInfo

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
  12. PParedes

    PParedes TS Rookie Topic Starter

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1752789045-980292033-1344979022-1001\...\dell.com -> dell.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 208.67.222.222 - 192.168.2.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [{47F4CD5F-EF25-4637-B789-4B87DC6367F3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    FirewallRules: [{2C76039A-07E3-46B9-B4ED-DB099D9108F2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    FirewallRules: [{52777470-B2D4-404F-B320-B24DEAE1186E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    FirewallRules: [{4A784980-33D6-4AD8-8ABA-4A206DD77F1D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{DB185D79-4E17-4B4C-BA3C-85F56B49F701}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{35B9748B-5D32-4C2F-B3F6-8C121DCCC420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C88E054E-1B9F-4F87-B452-FF9D7F0E7A15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F2BBD17B-F0AD-48F0-AAC6-B17B3063F6F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C10B856F-8B8D-4B0B-B654-1421BB251428}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A8EE4514-6496-485E-AC82-E3678661548D}] => (Allow) LPort=30564
    FirewallRules: [{0246A03D-426F-4E3A-826A-72EA997A42F6}] => (Allow) LPort=30565
    FirewallRules: [{2B2F8761-8802-49D8-8944-54F94EF11BB0}] => (Allow) LPort=30567
    FirewallRules: [{5CB8C55A-74EE-404C-9E2A-6A1D8B2C7EED}] => (Allow) LPort=30569
    FirewallRules: [TCP Query User{5045A75B-DE17-4F58-9C49-B15A43FC1E91}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [UDP Query User{0551D4A9-F217-41B6-9BD7-4FF8320BE947}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [{28BBB04C-0010-4066-9BB8-858BDDFF3C57}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{1EB86967-2FDF-40FE-8826-B67E859A1263}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{8D9F7B08-BB0C-4652-9A7F-5E8A375F90CD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{A55E8FFA-0D60-4FA6-858C-D899BE88C1D3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{9BF88C47-C6E0-48B2-ABF1-67159862CCF9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{88232922-BB1F-4CA0-846D-5BC6D7F1FE0F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{716B9029-9160-4FF0-9427-393F86D62CB4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{833231DD-FDC4-4952-8710-B8EC18081A0E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{2765CC8E-79F4-4835-AD1E-479BE8CA81F7}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{0C5E6ED2-6D27-41F0-823B-2932FAA89296}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{EC415D48-271F-41F1-8CA0-0F1D64629E79}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{B0AB8C54-05A0-4A33-B00B-92446D8488BE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{AC40240B-2EEA-4624-A22C-BDECC4B6E412}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{CA96C0FC-B770-4FAA-A650-6A7ABD2AFB40}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{F3DCED5F-5C58-428C-865D-C6581101D455}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{359B70C7-899D-4ABB-9400-1F4A96268AF7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{402E562D-D868-4039-B72D-31C94B9D6C3E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{8ACD3086-1B65-4F4E-9B2E-F41677012A19}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{8DA4A930-69F3-4173-A0D6-5E7D66E1972F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{3D264B03-DBF9-4C90-975E-E6D4690004BE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{1EBAF734-74A8-4C0C-A4A2-89F28D735215}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{FC85559B-32F8-4A74-A855-9F9D4A2FDAF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{4A61A6AC-F302-4A02-AE3B-12289C284335}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
    FirewallRules: [UDP Query User{9ABA61C9-AB64-4B8F-9C08-89CBB9E077AA}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
    FirewallRules: [TCP Query User{4E3EACF3-CA43-4658-823D-366A535AED7A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{1BE13C25-EA64-46C0-BE44-0580D439C85D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{29B9950F-6873-4FFE-ACD6-CAACA04C7913}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
    FirewallRules: [UDP Query User{5169615A-93BE-44C2-BC5A-C4557D5BD3EA}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
    FirewallRules: [TCP Query User{54910674-A226-4648-9416-DD33A8CF7406}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [UDP Query User{A5DFC15F-9B39-4E35-AF70-E67DF418E218}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [{6C3B46E7-B527-41B5-82B5-A89D9C43771F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{0B5F66F5-A7F2-437B-ADAD-AE7FEE178A5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EF1E197A-B540-4817-923F-781FEDA9EFFA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{30178781-5056-4D38-9F99-5A9E8C1DFD0C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6BB53973-A594-4317-AA4C-9809A22B9FAD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{97D66707-A97F-49FB-8CFC-343DFA83094F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
    FirewallRules: [{38FF5C75-5C41-4E8F-B7D7-ABF74DBE33A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
    FirewallRules: [{AF6AFC9F-7F75-4ED8-9DD3-08882CCD7F16}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{03A676A6-7AD4-4C20-80C8-B647AD3957A4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{93F6F957-1B06-4514-BB1E-E3E08C5A1A67}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{CCB1E508-43F1-4C3F-BA35-A1DC1DB6BC8A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{8682193A-6781-472E-90C3-81293B6A725F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{719CF85A-585E-4176-AF41-58127715D132}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{AC3AAD20-9633-4C85-9B28-2EE8E1BA3F9F}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    FirewallRules: [{5436220F-4876-4293-9F6D-181A6DD823BD}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    FirewallRules: [{338C1C19-F7BA-4CA9-819D-B80213E4FEF7}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/20/2015 08:32:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
    Faulting module name: hook.dll_unloaded, version: 5.8.1.4635, time stamp: 0x55371847
    Exception code: 0xc0000005
    Fault offset: 0x0000000000040e40
    Faulting process id: 0x8c4
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/20/2015 08:25:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)

    Error: (05/20/2015 08:25:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)}. The service will attempt to automatically correct this problem by rebuilding the index.


    Details:
    The data is invalid. 0x8007000d (0x8007000d)

    Error: (05/20/2015 08:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
    Faulting module name: hook.dll_unloaded, version: 5.8.1.4635, time stamp: 0x55371847
    Exception code: 0xc0000005
    Fault offset: 0x0000000000040e40
    Faulting process id: 0x838
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (05/19/2015 09:58:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume \\?\Volume{2d6f833b-2e8f-4108-a45a-492f8307ade8}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (05/19/2015 09:58:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume WINRETOOLS was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (05/19/2015 00:24:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
    Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
    Exception code: 0x80000003
    Fault offset: 0x00001aa1
    Faulting process id: 0x2a74
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (05/19/2015 00:00:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: f24

    Start Time: 01d091eff8ac8ebf

    Termination Time: 4294967295

    Application Path: C:\WINDOWS\syswow64\wwahost.exe

    Report Id: ecd34fe9-fde3-11e4-82a2-90489a6cfd84

    Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

    Faulting package-relative application ID: App

    Error: (05/18/2015 11:49:59 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.


    System errors:
    =============
    Error: (05/20/2015 07:15:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (05/20/2015 04:44:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (05/20/2015 01:55:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (05/20/2015 11:13:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (05/20/2015 10:17:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (05/20/2015 08:46:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (05/20/2015 08:37:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (05/20/2015 08:32:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/20/2015 08:32:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/20/2015 08:32:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (05/20/2015 08:32:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1766754c6f7c2hook.dll_unloaded5.8.1.463555371847c00000050000000000040e408c401d093008cba5aeaC:\WINDOWS\Explorer.EXEhook.dll9cadffb9-fef4-11e4-82a4-90489a6cfd84

    Error: (05/20/2015 08:25:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description:
    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)
    The catalog is corrupt

    Error: (05/20/2015 08:25:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description:
    Details:
    The data is invalid. 0x8007000d (0x8007000d)
    4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)

    Error: (05/20/2015 08:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1766754c6f7c2hook.dll_unloaded5.8.1.463555371847c00000050000000000040e4083801d09231ea4812f2C:\WINDOWS\Explorer.EXEhook.dlla6c0ede9-fef3-11e4-82a3-90489a6cfd84

    Error: (05/19/2015 09:58:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: \\?\Volume{2d6f833b-2e8f-4108-a45a-492f8307ade8}\The parameter is incorrect. (0x80070057)

    Error: (05/19/2015 09:58:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: WINRETOOLSThe parameter is incorrect. (0x80070057)

    Error: (05/19/2015 00:24:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa12a7401d091f1dec51f75C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll53b24412-fde7-11e4-82a2-90489a6cfd84

    Error: (05/19/2015 00:00:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.3.9600.17031f2401d091eff8ac8ebf4294967295C:\WINDOWS\syswow64\wwahost.exeecd34fe9-fde3-11e4-82a2-90489a6cfd84Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

    Error: (05/18/2015 11:49:59 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Pedro\Downloads\Malware\esetsmartinstaller_enu.exe


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-20 07:52:17.074
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-20 07:52:17.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-20 07:52:16.932
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-20 07:52:16.827
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-20 07:52:16.753
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-20 02:45:17.019
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-19 07:40:25.688
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-19 07:40:25.615
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-19 07:40:25.539
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-19 07:40:19.869
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 28%
    Total physical RAM: 16309.98 MB
    Available physical RAM: 11698.75 MB
    Total Pagefile: 32693.98 MB
    Available Pagefile: 27190.61 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1853.08 GB) (Free:943.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: EFA7E497)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. PParedes

    PParedes TS Rookie Topic Starter

    Hi, thanks - here is the log

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
    Ran by Pedro at 2015-05-21 09:28:52 Run:1
    Running from C:\Users\Pedro\Downloads\Malware
    Loaded Profiles: Pedro (Available profiles: Pedro)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKU\S-1-5-21-1752789045-980292033-1344979022-1001 -> {7B67A3B6-A2A4-4519-BCEE-958278BB203A} URL =
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
    2015-02-05 05:49 - 2015-02-05 05:49 - 0773632 _____ (Robert Simpson, et al.) C:\Users\Pedro\AppData\Roaming\System.Data.SQLite.dll
    2015-01-23 10:38 - 2015-01-23 10:38 - 0000017 _____ () C:\Users\Pedro\AppData\Local\resmon.resmoncfg
    2014-11-18 16:47 - 2014-11-18 16:47 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-02-06 16:14 - 2015-02-06 16:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-12-15 09:07 - 2015-02-20 14:56 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2014-06-12 20:21 - 2014-06-12 20:22 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2014-06-12 20:19 - 2014-06-12 20:19 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2014-06-12 20:20 - 2014-06-12 20:20 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2014-06-12 20:20 - 2014-06-12 20:21 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2014-06-12 20:19 - 2014-06-12 20:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    C:\Users\Pedro\ZHPCleaner.exe
    C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Pedro\AppData\Local\Temp\Quarantine.exe
    C:\Users\Pedro\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\Users\Pedro\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\Pedro\Documents\.DS_Store:AFP_AfpInfo

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "HKU\S-1-5-21-1752789045-980292033-1344979022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B67A3B6-A2A4-4519-BCEE-958278BB203A}" => Key deleted successfully.
    HKCR\CLSID\{7B67A3B6-A2A4-4519-BCEE-958278BB203A} => Key not found.
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
    PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Service deleted successfully.
    C:\Users\Pedro\AppData\Roaming\System.Data.SQLite.dll => Moved successfully.
    C:\Users\Pedro\AppData\Local\resmon.resmoncfg => Moved successfully.
    C:\ProgramData\Ament.ini => Moved successfully.
    C:\ProgramData\DP45977C.lfl => Moved successfully.
    C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => Moved successfully.
    C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => Moved successfully.
    C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => Moved successfully.
    C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => Moved successfully.
    C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => Moved successfully.
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => Moved successfully.
    C:\Users\Pedro\ZHPCleaner.exe => Moved successfully.
    C:\Users\Pedro\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Pedro\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Pedro\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Users\Pedro\OneDrive => ":ms-properties" ADS removed successfully.
    C:\Users\Pedro\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.

    ==== End of Fixlog 09:28:52 ====
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  16. PParedes

    PParedes TS Rookie Topic Starter

    Thanks for quick reply, here is SecruityCheck Log:

    Results of screen317's Security Check version 1.002
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java version 32-bit out of Date!
    Adobe Flash Player 17.0.0.169
    Mozilla Firefox (38.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Pedro Downloads Malware FRST64.exe
    Pedro Downloads Malware SecurityCheck.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

    Here is FSS log:

    Farbar Service Scanner Version: 17-01-2015
    Ran by Pedro (administrator) on 21-05-2015 at 09:44:12
    Running from "C:\Users\Pedro\Downloads\Malware"
    Microsoft Windows 8.1 Pro (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    Ran the TFC program, though it did not ask me to reboot.

    Am running Sophos now and will post once completed.
     
  17. PParedes

    PParedes TS Rookie Topic Starter

    Sophos Log:

    2015-05-21 14:50:11.411 Sophos Virus Removal Tool version 2.5.4
    2015-05-21 14:50:11.411 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-05-21 14:50:11.411 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-05-21 14:50:11.411 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
    2015-05-21 14:50:11.411 Checking for updates...
    2015-05-21 14:50:11.411 Update progress: proxy server not available
    2015-05-21 14:50:17.531 Option all = no
    2015-05-21 14:50:17.531 Option recurse = yes
    2015-05-21 14:50:17.531 Option archive = no
    2015-05-21 14:50:17.531 Option service = yes
    2015-05-21 14:50:17.531 Option confirm = yes
    2015-05-21 14:50:17.531 Option sxl = yes
    2015-05-21 14:50:17.531 Option max-data-age = 35
    2015-05-21 14:50:17.531 Option EnableSafeClean = yes
    2015-05-21 14:50:20.560 Option vdl-logging = yes
    2015-05-21 14:50:20.576 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-05-21 14:50:20.576 Machine ID: 8c8eb98d9b874b23acc1203d2366a646
    2015-05-21 14:50:20.576 Component SVRTcli.exe version 2.5.4
    2015-05-21 14:50:20.576 Component control.dll version 2.5.4
    2015-05-21 14:50:20.576 Component SVRTservice.exe version 2.5.4
    2015-05-21 14:50:20.576 Component engine\osdp.dll version 1.44.1.2200
    2015-05-21 14:50:20.576 Component engine\veex.dll version 3.60.0.2200
    2015-05-21 14:50:20.576 Component engine\savi.dll version 8.1.7.2200
    2015-05-21 14:50:20.576 Component rkdisk.dll version 1.5.30.0
    2015-05-21 14:50:20.576 Version info: Product version 2.5.4
    2015-05-21 14:50:20.576 Version info: Detection engine 3.60.0
    2015-05-21 14:50:20.576 Version info: Detection data 5.14
    2015-05-21 14:50:20.576 Version info: Build date 4/28/2015
    2015-05-21 14:50:20.576 Version info: Data files added 308
    2015-05-21 14:50:20.576 Version info: Last successful update (not yet updated)
    2015-05-21 14:50:28.842 Downloading updates...
    2015-05-21 14:50:28.842 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-05-21 14:50:28.842 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-05-21 14:50:28.842 Update progress: [I49502] Found supplement IDE515 LATEST
    2015-05-21 14:50:28.842 Update progress: [I49502] Found supplement IDE516 LATEST
    2015-05-21 14:50:28.842 Update progress: [I49502] Found supplement IDE517 LATEST
    2015-05-21 14:50:28.842 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-05-21 14:50:28.842 Update progress: [I19463] Syncing product SAVIW32 54
    2015-05-21 14:50:30.248 Update progress: [I19463] Syncing product IDE515 171
    2015-05-21 14:50:30.811 Installing updates...
    2015-05-21 14:50:31.436 Error level 1
    2015-05-21 14:50:31.436 Update progress: [I19463] Syncing product IDE516 141
    2015-05-21 14:50:31.436 Update progress: [I19463] Syncing product IDE517 1
    2015-05-21 14:50:58.173 Update successful
    2015-05-21 14:51:09.957 Option all = no
    2015-05-21 14:51:09.957 Option recurse = yes
    2015-05-21 14:51:09.957 Option archive = no
    2015-05-21 14:51:09.957 Option service = yes
    2015-05-21 14:51:09.957 Option confirm = yes
    2015-05-21 14:51:09.957 Option sxl = yes
    2015-05-21 14:51:09.958 Option max-data-age = 35
    2015-05-21 14:51:09.958 Option EnableSafeClean = yes
    2015-05-21 14:51:10.374 Option vdl-logging = yes
    2015-05-21 14:51:10.374 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-05-21 14:51:10.374 Machine ID: 8c8eb98d9b874b23acc1203d2366a646
    2015-05-21 14:51:10.374 Component SVRTcli.exe version 2.5.4
    2015-05-21 14:51:10.374 Component control.dll version 2.5.4
    2015-05-21 14:51:10.374 Component SVRTservice.exe version 2.5.4
    2015-05-21 14:51:10.374 Component engine\osdp.dll version 1.44.1.2200
    2015-05-21 14:51:10.374 Component engine\veex.dll version 3.60.0.2200
    2015-05-21 14:51:10.374 Component engine\savi.dll version 8.1.7.2200
    2015-05-21 14:51:10.374 Component rkdisk.dll version 1.5.30.0
    2015-05-21 14:51:10.374 Version info: Product version 2.5.4
    2015-05-21 14:51:10.374 Version info: Detection engine 3.60.0
    2015-05-21 14:51:10.374 Version info: Detection data 5.14G
    2015-05-21 14:51:10.374 Version info: Build date 4/28/2015
    2015-05-21 14:51:10.374 Version info: Data files added 308
    2015-05-21 14:51:10.374 Version info: Last successful update 5/21/2015 9:50:58 AM

    2015-05-21 15:31:47.316 Could not open C:\hiberfil.sys
    2015-05-21 15:32:13.140 >>> Virus 'Troj/Agent-AJTQ' found in file C:\Media\The Sims 4\Crack\Game\Bin\RldOrigin.dll
    2015-05-21 15:32:13.140 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-05-21 15:32:13.140 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-05-21 15:32:16.531 Could not open C:\pagefile.sys
    2015-05-21 15:39:50.005 >>> Virus 'Mal/VMProtBad-A' found in file C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{724A1C37-348C-4B4E-1EEE-D6F9A0D05F08}-3dmgame.dll
    2015-05-21 15:39:50.005 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-05-21 15:39:50.006 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-05-21 15:39:55.105 >>> Virus 'Mal/VMProtBad-A' found in file C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{F990FA3C-ECCF-01F4-BD84-D462EA89D70D}-3dmgame.dll
    2015-05-21 15:39:55.106 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-05-21 15:39:55.106 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-05-21 15:40:07.512 Could not open C:\swapfile.sys
    2015-05-21 15:40:08.555 Could not open C:\System Volume Information\{08836cf4-e0db-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.555 Could not open C:\System Volume Information\{088370a8-e0db-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.555 Could not open C:\System Volume Information\{08837a21-e0db-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.556 Could not open C:\System Volume Information\{08837be8-e0db-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.556 Could not open C:\System Volume Information\{088387d3-e0db-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.556 Could not open C:\System Volume Information\{09993633-fb3e-11e4-829e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.557 Could not open C:\System Volume Information\{09993642-fb3e-11e4-829e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.557 Could not open C:\System Volume Information\{09993786-fb3e-11e4-829e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.557 Could not open C:\System Volume Information\{09993d63-fb3e-11e4-829e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.558 Could not open C:\System Volume Information\{09994d83-fb3e-11e4-829e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.558 Could not open C:\System Volume Information\{0f871f3e-d3c1-11e4-828e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.558 Could not open C:\System Volume Information\{11ccc8a7-f70a-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.559 Could not open C:\System Volume Information\{11ccd39d-f70a-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.559 Could not open C:\System Volume Information\{11ccdd07-f70a-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.559 Could not open C:\System Volume Information\{11ccdf57-f70a-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.560 Could not open C:\System Volume Information\{16f4e5f3-fa9f-11e4-829e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.560 Could not open C:\System Volume Information\{186c7861-fde1-11e4-82a2-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.560 Could not open C:\System Volume Information\{186c7d51-fde1-11e4-82a2-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.561 Could not open C:\System Volume Information\{1cab70d9-e5fd-11e4-8291-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.561 Could not open C:\System Volume Information\{1cab7685-e5fd-11e4-8291-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.561 Could not open C:\System Volume Information\{1cab868b-e5fd-11e4-8291-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.562 Could not open C:\System Volume Information\{1f558d94-aa54-11e4-827b-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.562 Could not open C:\System Volume Information\{20080001-e87d-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.562 Could not open C:\System Volume Information\{20080ba4-e87d-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.563 Could not open C:\System Volume Information\{20081522-e87d-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.563 Could not open C:\System Volume Information\{26c91225-f0d1-11e4-829c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.563 Could not open C:\System Volume Information\{26c924cc-f0d1-11e4-829c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.563 Could not open C:\System Volume Information\{26c93150-f0d1-11e4-829c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.564 Could not open C:\System Volume Information\{26c93543-f0d1-11e4-829c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.564 Could not open C:\System Volume Information\{29fbbc4e-c362-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.564 Could not open C:\System Volume Information\{29fbc410-c362-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.565 Could not open C:\System Volume Information\{29fbc539-c362-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.565 Could not open C:\System Volume Information\{29fbd04d-c362-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.565 Could not open C:\System Volume Information\{29fbd0f7-c362-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.566 Could not open C:\System Volume Information\{29fbdcd3-c362-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.566 Could not open C:\System Volume Information\{2af9f0eb-ca7d-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.566 Could not open C:\System Volume Information\{2af9f19b-ca7d-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.567 Could not open C:\System Volume Information\{2af9fd3e-ca7d-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.567 Could not open C:\System Volume Information\{2afa0bfa-ca7d-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.567 Could not open C:\System Volume Information\{2afa0ed5-ca7d-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.568 Could not open C:\System Volume Information\{31058314-b59c-11e4-8286-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.568 Could not open C:\System Volume Information\{379d6496-e302-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.568 Could not open C:\System Volume Information\{379d7249-e302-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.569 Could not open C:\System Volume Information\{379d7d77-e302-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.569 Could not open C:\System Volume Information\{379d7ef1-e302-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.569 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.570 Could not open C:\System Volume Information\{39b0f26e-f4d4-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.570 Could not open C:\System Volume Information\{39b0fd32-f4d4-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.570 Could not open C:\System Volume Information\{3af901e4-e792-11e4-8295-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.570 Could not open C:\System Volume Information\{488ddc19-de65-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.571 Could not open C:\System Volume Information\{488deb54-de65-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.571 Could not open C:\System Volume Information\{488df71f-de65-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.571 Could not open C:\System Volume Information\{5f3a0d85-ae46-11e4-8250-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.572 Could not open C:\System Volume Information\{6c6f46ad-ad38-11e4-827e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.572 Could not open C:\System Volume Information\{786a2472-f94c-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.572 Could not open C:\System Volume Information\{786a351b-f94c-11e4-829d-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.573 Could not open C:\System Volume Information\{7f3e9379-c8d9-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.573 Could not open C:\System Volume Information\{7f3e9fc7-c8d9-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.573 Could not open C:\System Volume Information\{93b8bd41-d164-11e4-828e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.574 Could not open C:\System Volume Information\{93b8c859-d164-11e4-828e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.574 Could not open C:\System Volume Information\{93b8d02e-d164-11e4-828e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.574 Could not open C:\System Volume Information\{93b8d3f7-d164-11e4-828e-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.575 Could not open C:\System Volume Information\{97be09fc-d94d-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.575 Could not open C:\System Volume Information\{97be16f0-d94d-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.575 Could not open C:\System Volume Information\{97be1b99-d94d-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.576 Could not open C:\System Volume Information\{9985c8d2-b7a2-11e4-8287-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.576 Could not open C:\System Volume Information\{a11ac772-bf27-11e4-8287-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.576 Could not open C:\System Volume Information\{a11ac9b1-bf27-11e4-8287-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.576 Could not open C:\System Volume Information\{a11ad5c7-bf27-11e4-8287-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.577 Could not open C:\System Volume Information\{a11adb32-bf27-11e4-8287-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.577 Could not open C:\System Volume Information\{a11ae675-bf27-11e4-8287-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.577 Could not open C:\System Volume Information\{a9ec1bca-eb1d-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.578 Could not open C:\System Volume Information\{a9ec2478-eb1d-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.578 Could not open C:\System Volume Information\{a9ec2ec3-eb1d-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.578 Could not open C:\System Volume Information\{a9ec377e-eb1d-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.579 Could not open C:\System Volume Information\{bb1062fa-fef3-11e4-82a4-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.579 Could not open C:\System Volume Information\{bc7b13ac-dbad-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.579 Could not open C:\System Volume Information\{bc7b1f28-dbad-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.580 Could not open C:\System Volume Information\{bc7b2a9b-dbad-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.580 Could not open C:\System Volume Information\{bccff9c9-d652-11e4-828f-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.580 Could not open C:\System Volume Information\{bcd00581-d652-11e4-828f-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.581 Could not open C:\System Volume Information\{bf1aa2b2-c7df-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.581 Could not open C:\System Volume Information\{bf1aa975-c7df-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.581 Could not open C:\System Volume Information\{bf1ab1a5-c7df-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.581 Could not open C:\System Volume Information\{c7f6f6c1-f2b6-11e4-829c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.582 Could not open C:\System Volume Information\{c7f70045-f2b6-11e4-829c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.582 Could not open C:\System Volume Information\{c7f70d24-f2b6-11e4-829c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.582 Could not open C:\System Volume Information\{cc6ad293-a8ec-11e4-827a-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.583 Could not open C:\System Volume Information\{cf161f1d-c5ba-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.583 Could not open C:\System Volume Information\{cf16219d-c5ba-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.583 Could not open C:\System Volume Information\{cf162b48-c5ba-11e4-8289-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.584 Could not open C:\System Volume Information\{d7c27672-d7ba-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.584 Could not open C:\System Volume Information\{d7c28ee5-d7ba-11e4-8290-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.584 Could not open C:\System Volume Information\{d9916e55-b208-11e4-8281-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.585 Could not open C:\System Volume Information\{dba4c216-fcd8-11e4-829f-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.585 Could not open C:\System Volume Information\{e17e3330-ee53-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.585 Could not open C:\System Volume Information\{e17e3d30-ee53-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.585 Could not open C:\System Volume Information\{e17e48a9-ee53-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.586 Could not open C:\System Volume Information\{e17e48c9-ee53-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.586 Could not open C:\System Volume Information\{e17e48d2-ee53-11e4-8296-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.586 Could not open C:\System Volume Information\{e4872b9f-d489-11e4-828f-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.587 Could not open C:\System Volume Information\{e4873591-d489-11e4-828f-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.587 Could not open C:\System Volume Information\{e4873fcb-d489-11e4-828f-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.587 Could not open C:\System Volume Information\{e7d2f557-bd13-11e4-8287-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:40:08.588 Could not open C:\System Volume Information\{f996d266-ccce-11e4-828c-90489a6cfd84}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-21 15:55:41.171 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Administrative\Staff\PMP Process\2011\Data Integrity_Paredes 2011.xlsx
    2015-05-21 15:55:41.728 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Administrative\Staff\PMP Process\2011\Year End GL Alignment Paredes 2011 - B35 Draft.xlsx
    2015-05-21 15:55:42.098 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Administrative\Staff\PMP Process\2012\Sales Incentive\AS 2012 Mid Year Payment Summary_Approvals_Herve Sedky_WO_LD.XLSM
    2015-05-21 15:55:42.116 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Administrative\Staff\PMP Process\2012\Sales Incentive\AS 2012 Year End Payment Summary Herve Sedky.xlsm
    2015-05-21 15:55:42.539 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Administrative\Staff\PMP Process\2013\GBCS YE Calibration_B35_40 population_November 2013_FINAL_Post Meeting.pptx
    2015-05-21 15:55:56.350 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Contacts\LAC Mgr List FY 2002 (except Mexico).xls
    2015-05-21 15:58:27.115 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Financials\2013\Pipeline\2013 Business Consulting April YTD Performance.xlsm
    2015-05-21 15:59:01.379 Password protected file C:\Users\Pedro\Documents\Work\AMEX\Products\Hotel Sourcing\Hotel eXpert Tiered Solution v9_GBP_ppp.xlsx
    2015-05-21 16:03:49.711 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-05-21 16:03:49.712 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-05-21 16:03:51.011 Could not open C:\Windows\System32\config\BBI
    2015-05-21 16:03:51.055 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-05-21 16:03:51.056 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-05-21 16:03:51.058 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-05-21 16:03:51.058 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-05-21 16:03:51.059 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-05-21 16:14:40.395 The following items will be cleaned up:
    2015-05-21 16:14:40.395 Troj/Agent-AJTQ
    2015-05-21 16:14:40.395 Mal/VMProtBad-A
    2015-05-21 17:10:44.607 Threat 'Troj/Agent-AJTQ' has been cleaned up.
    2015-05-21 17:10:44.608 File "C:\Media\The Sims 4\Crack\Game\Bin\RldOrigin.dll" belongs to 'Troj/Agent-AJTQ'.
    2015-05-21 17:10:44.608 File "C:\Media\The Sims 4\Crack\Game\Bin\RldOrigin.dll" has been cleaned up.
    2015-05-21 17:10:44.608 Registry value "HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" belongs to 'Troj/Agent-AJTQ'.
    2015-05-21 17:10:44.608 Registry value "HKU\S-1-5-21-1752789045-980292033-1344979022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" has been cleaned up.
    2015-05-21 17:10:44.608 Removal successful
    2015-05-21 17:10:51.158 Threat 'Mal/VMProtBad-A' has been cleaned up.
    2015-05-21 17:10:51.158 File "C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{724A1C37-348C-4B4E-1EEE-D6F9A0D05F08}-3dmgame.dll" belongs to malware 'Mal/VMProtBad-A'.
    2015-05-21 17:10:51.158 File "C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{724A1C37-348C-4B4E-1EEE-D6F9A0D05F08}-3dmgame.dll" has been cleaned up.
    2015-05-21 17:10:51.158 File "C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{F990FA3C-ECCF-01F4-BD84-D462EA89D70D}-3dmgame.dll" belongs to malware 'Mal/VMProtBad-A'.
    2015-05-21 17:10:51.158 File "C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{F990FA3C-ECCF-01F4-BD84-D462EA89D70D}-3dmgame.dll" has been cleaned up.
    2015-05-21 17:10:51.158 Removal successful
    2015-05-21 17:10:51.436 Contents of SafeClean bin directory:
    2015-05-21 17:10:51.436 {
    2015-05-21 17:10:51.436 RecordID : "0000000000000001",
    2015-05-21 17:10:51.436 ItemType : "1",
    2015-05-21 17:10:51.436 Location : "C:\Media\The Sims 4\Crack\Game\Bin\",
    2015-05-21 17:10:51.436 FileName : "RldOrigin.dll",
    2015-05-21 17:10:51.437 ThreatName : "Troj/Agent-AJTQ",
    2015-05-21 17:10:51.437 Checksum : "9deeab20ca6a90054523d5bec761a3fdb9fb16273d9b51915e4636a765c979b8",
    2015-05-21 17:10:51.437 TimeStamp : "Thu May 21 12:10:40 2015"
    2015-05-21 17:10:51.437 }
    2015-05-21 17:10:51.437 {
    2015-05-21 17:10:51.437 RecordID : "0000000000000002",
    2015-05-21 17:10:51.437 ItemType : "1",
    2015-05-21 17:10:51.437 Location : "C:\ProgramData\Microsoft\Windows Defender\LocalCopy\",
    2015-05-21 17:10:51.437 FileName : "{724A1C37-348C-4B4E-1EEE-D6F9A0D05F08}-3dmgame.dll",
    2015-05-21 17:10:51.437 ThreatName : "Mal/VMProtBad-A",
    2015-05-21 17:10:51.437 Checksum : "ab4c1cb0e8a035d84ade05acdef937b1a59d9a1713a9ff05b05c75502322b6c7",
    2015-05-21 17:10:51.437 TimeStamp : "Thu May 21 12:10:44 2015"
    2015-05-21 17:10:51.437 }
    2015-05-21 17:10:51.437 {
    2015-05-21 17:10:51.437 RecordID : "0000000000000003",
    2015-05-21 17:10:51.437 ItemType : "1",
    2015-05-21 17:10:51.437 Location : "C:\ProgramData\Microsoft\Windows Defender\LocalCopy\",
    2015-05-21 17:10:51.437 FileName : "{F990FA3C-ECCF-01F4-BD84-D462EA89D70D}-3dmgame.dll",
    2015-05-21 17:10:51.437 ThreatName : "Mal/VMProtBad-A",
    2015-05-21 17:10:51.437 Checksum : "fd422f7b7050a7b1a88fce40517647b330681c274062637b35728554bfc5e313",
    2015-05-21 17:10:51.437 TimeStamp : "Thu May 21 12:10:44 2015"
    2015-05-21 17:10:51.437 }
    2015-05-21 17:10:52.144 Error level 0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    =============================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  19. PParedes

    PParedes TS Rookie Topic Starter

    Hi, I ran DelFix, and Windows update (updated optional items), checked my plugins, and ran malwarebytes. The computer is running better, however the only concern is that when I rebooted I'm still getting very strange errors in my windows log. For example
    I'm getting dCom errors:
    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    and many service failure starts:
    The Apple Mobile USB Driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    and
    The Windows Driver Foundation - User-mode Driver Framework Reflector service failed to start due to the following error:
    The system cannot find the file specified.

    Could anything else be causing all these random failures? Just want to make sure that nothing else is lingering...

    Thanks again for your continued follow up.

    Pedro P.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    If the computer is running fine there is no reason to dig through Event Viewer logs.
    Every computer has some errors listed there.
     
  21. PParedes

    PParedes TS Rookie Topic Starter

    OK thanks Broni for all your help!
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...