Jump to content

Immediate assistance needed


Recommended Posts

I installed malwarebytes but my computer is still infected. I'm following the further instruction on this page 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by DELL (administrator) on DELL-PC on 16-01-2015 12:16:32
Running from C:\Users\DELL\Downloads
Loaded Profiles: DELL (Available profiles: DELL)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-753559765-3055242358-4014993653-1000\...\MountPoints2: {6a6b7c8f-9fa0-11e2-b352-d067e508686d} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-21-753559765-3055242358-4014993653-1000\...\MountPoints2: {9ec820ca-b581-11e2-ae84-d067e508686d} - F:\LaunchU3.exe -a
HKU\S-1-5-21-753559765-3055242358-4014993653-1000\...\MountPoints2: {fd5adff6-5f50-11e3-9ab5-d067e508686d} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-753559765-3055242358-4014993653-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torforall.com/1gj3Y7z
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-753559765-3055242358-4014993653-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-753559765-3055242358-4014993653-1000 -> DefaultScope {BF397704-00E7-482E-9514-0EE815D2A253} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-753559765-3055242358-4014993653-1000 -> {BF397704-00E7-482E-9514-0EE815D2A253} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-753559765-3055242358-4014993653-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-753559765-3055242358-4014993653-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-28]
CHR Extension: (Adblock Plus) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-02]
CHR Extension: (Google Search) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Stylish) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-10-30]
CHR Extension: (XKit) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-07-08]
CHR Extension: (Hola Better Internet) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-11] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2013-03-01] (Broadcom Corporation)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-05] (Identive)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 12:16 - 2015-01-16 12:16 - 02125312 _____ (Farbar) C:\Users\DELL\Downloads\FRST64 (1).exe
2015-01-16 12:16 - 2015-01-16 12:16 - 00013358 _____ () C:\Users\DELL\Downloads\FRST.txt
2015-01-16 12:14 - 2015-01-16 12:15 - 02125312 _____ (Farbar) C:\Users\DELL\Downloads\FRST64.exe
2015-01-16 11:57 - 2015-01-16 11:57 - 00008562 _____ () C:\Users\DELL\HELP_DECRYPT.HTML
2015-01-16 11:57 - 2015-01-16 11:57 - 00008562 _____ () C:\Users\DELL\Documents\HELP_DECRYPT.HTML
2015-01-16 11:57 - 2015-01-16 11:57 - 00008562 _____ () C:\Users\DELL\Desktop\HELP_DECRYPT.HTML
2015-01-16 11:57 - 2015-01-16 11:57 - 00008562 _____ () C:\Users\DELL\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-16 11:57 - 2015-01-16 11:57 - 00008562 _____ () C:\Users\DELL\AppData\Local\HELP_DECRYPT.HTML
2015-01-16 11:57 - 2015-01-16 11:57 - 00008562 _____ () C:\Users\DELL\AppData\HELP_DECRYPT.HTML
2015-01-16 11:57 - 2015-01-16 11:57 - 00008562 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-16 11:57 - 2015-01-16 11:57 - 00004224 _____ () C:\Users\DELL\HELP_DECRYPT.TXT
2015-01-16 11:57 - 2015-01-16 11:57 - 00004224 _____ () C:\Users\DELL\Documents\HELP_DECRYPT.TXT
2015-01-16 11:57 - 2015-01-16 11:57 - 00004224 _____ () C:\Users\DELL\Desktop\HELP_DECRYPT.TXT
2015-01-16 11:57 - 2015-01-16 11:57 - 00004224 _____ () C:\Users\DELL\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-16 11:57 - 2015-01-16 11:57 - 00004224 _____ () C:\Users\DELL\AppData\Local\HELP_DECRYPT.TXT
2015-01-16 11:57 - 2015-01-16 11:57 - 00004224 _____ () C:\Users\DELL\AppData\HELP_DECRYPT.TXT
2015-01-16 11:57 - 2015-01-16 11:57 - 00004224 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-16 11:57 - 2015-01-16 11:57 - 00000280 _____ () C:\Users\DELL\HELP_DECRYPT.URL
2015-01-16 11:57 - 2015-01-16 11:57 - 00000280 _____ () C:\Users\DELL\Documents\HELP_DECRYPT.URL
2015-01-16 11:57 - 2015-01-16 11:57 - 00000280 _____ () C:\Users\DELL\Desktop\HELP_DECRYPT.URL
2015-01-16 11:57 - 2015-01-16 11:57 - 00000280 _____ () C:\Users\DELL\AppData\Roaming\HELP_DECRYPT.URL
2015-01-16 11:57 - 2015-01-16 11:57 - 00000280 _____ () C:\Users\DELL\AppData\Local\HELP_DECRYPT.URL
2015-01-16 11:57 - 2015-01-16 11:57 - 00000280 _____ () C:\Users\DELL\AppData\HELP_DECRYPT.URL
2015-01-16 11:57 - 2015-01-16 11:57 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-15 15:29 - 2015-01-15 15:29 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-15 14:56 - 2015-01-16 11:57 - 00000000 ____D () C:\Users\DELL\Desktop\eqip
2015-01-08 22:29 - 2015-01-16 12:16 - 00000000 ____D () C:\FRST
2015-01-08 21:54 - 2015-01-16 12:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 21:53 - 2015-01-08 21:53 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-08 21:53 - 2015-01-08 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-08 21:53 - 2015-01-08 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 21:53 - 2015-01-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-08 21:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 21:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-08 21:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 19:46 - 2015-01-08 19:46 - 00000000 ____D () C:\Program Files\McAfee.com
2015-01-08 19:46 - 2012-04-13 14:13 - 00748392 ____R (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys.3345.deleteme
2015-01-08 19:46 - 2012-04-13 14:11 - 00169288 ____R (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys.1193.deleteme
2015-01-08 19:45 - 2012-04-13 14:16 - 00324696 ____R (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys.3345.deleteme
2015-01-08 11:29 - 2015-01-08 11:29 - 06220854 _____ () C:\Users\DELL\Documents\Decrypt All Files zcxrfcm.bmp
2015-01-08 11:29 - 2015-01-08 11:29 - 00169835 _____ () C:\ProgramData\qeagmgf.html
2015-01-08 11:29 - 2015-01-08 11:29 - 00001520 _____ () C:\Users\DELL\Documents\Decrypt All Files zcxrfcm.txt
2015-01-05 07:58 - 2015-01-05 07:58 - 00003004 _____ () C:\Windows\System32\Tasks\exsaxmn
2015-01-03 11:21 - 2015-01-08 22:07 - 00000000 ____D () C:\ProgramData\WuliMruc
2015-01-03 05:13 - 2015-01-03 05:13 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-28 08:35 - 2015-01-07 08:58 - 00397664 _____ () C:\Users\DELL\Documents\DORA POLICE REPORT.JPG.zcxrfcm
2014-12-28 08:35 - 2015-01-06 22:15 - 00299648 _____ () C:\Users\DELL\Documents\Scan0018.JPG.zcxrfcm
2014-12-28 08:35 - 2015-01-06 22:14 - 00313744 _____ () C:\Users\DELL\Documents\Scan0017.JPG.zcxrfcm
2014-12-28 08:35 - 2015-01-03 11:42 - 00484864 _____ () C:\Users\DELL\Documents\dora  11.JPG.zcxrfcm
2014-12-28 08:35 - 2015-01-03 11:39 - 00271344 _____ () C:\Users\DELL\Documents\Scan0016.JPG.zcxrfcm
2014-12-28 08:35 - 2014-12-29 09:48 - 00275408 _____ () C:\Users\DELL\Documents\Scan0015.JPG.zcxrfcm
2014-12-28 08:35 - 2014-12-29 09:47 - 00602864 _____ () C:\Users\DELL\Documents\Scan0014.JPG.zcxrfcm
2014-12-28 08:35 - 2014-12-08 20:50 - 00004128 _____ () C:\Users\DELL\Documents\resume.ODT.zcxrfcm
2014-12-28 08:35 - 2014-11-18 09:27 - 00007936 _____ () C:\Users\DELL\Documents\Application letter.DOCX.zcxrfcm
2014-12-28 08:35 - 2014-11-17 21:49 - 00352144 _____ () C:\Users\DELL\Documents\TEST.JPG.zcxrfcm
2014-12-28 08:35 - 2014-11-17 21:48 - 00789872 _____ () C:\Users\DELL\Documents\Scan0013.JPG.zcxrfcm
2014-12-28 08:35 - 2014-11-17 21:44 - 00457056 _____ () C:\Users\DELL\Documents\Scan0010.JPG.zcxrfcm
2014-12-28 08:35 - 2014-11-16 17:54 - 00326448 _____ () C:\Users\DELL\Documents\JENNIFER's DIPLOMA.JPG.zcxrfcm
2014-12-28 08:35 - 2014-11-07 23:46 - 00023936 _____ () C:\Users\DELL\Documents\human service specialist 1.DOCX.zcxrfcm
2014-12-28 08:35 - 2014-10-23 04:36 - 00497664 _____ () C:\Users\DELL\Documents\Central de extratos.DOCX.zcxrfcm
2014-12-28 08:35 - 2014-10-22 19:05 - 00338192 _____ () C:\Users\DELL\Documents\uea.JPG.zcxrfcm
2014-12-28 08:35 - 2014-10-07 20:04 - 00002608 _____ () C:\Users\DELL\Documents\CONSULADO 2014.DOC.zcxrfcm
2014-12-28 08:35 - 2014-10-05 12:36 - 00052784 _____ () C:\Users\DELL\Documents\papae2.JPG.zcxrfcm
2014-12-28 08:35 - 2014-10-05 12:35 - 00050592 _____ () C:\Users\DELL\Documents\papae.JPG.zcxrfcm
2014-12-28 08:35 - 2014-10-04 19:19 - 00485152 _____ () C:\Users\DELL\Documents\Random Pics 010.JPG.zcxrfcm
2014-12-28 08:35 - 2014-09-28 15:15 - 00609280 _____ () C:\Users\DELL\Documents\2823.JPG.zcxrfcm
2014-12-28 08:35 - 2014-08-18 18:29 - 00165744 _____ () C:\Users\DELL\Documents\HR0102.PDF.zcxrfcm
2014-12-28 08:35 - 2014-08-17 17:32 - 00012784 _____ () C:\Users\DELL\Documents\SupplyTech Resume.DOCX.zcxrfcm
2014-12-28 08:35 - 2014-08-01 20:49 - 00103056 _____ () C:\Users\DELL\Documents\LIFE.DOCX.zcxrfcm
2014-12-28 08:35 - 2014-07-31 20:23 - 01728880 _____ () C:\Users\DELL\Documents\transcript 2.JPG.zcxrfcm
2014-12-28 08:35 - 2014-07-31 20:22 - 01668560 _____ () C:\Users\DELL\Documents\transcript 1.JPG.zcxrfcm
2014-12-28 08:35 - 2014-07-05 15:17 - 00007296 _____ () C:\Users\DELL\Documents\leida.doc.DOCX.zcxrfcm
2014-12-28 08:35 - 2014-07-05 06:21 - 00002752 _____ () C:\Users\DELL\Documents\The Great Sallie Mae Giveaway will end on 7.DOC.zcxrfcm
2014-12-28 08:35 - 2014-07-05 05:14 - 01558928 _____ () C:\Users\DELL\Documents\moreira5.DOC.zcxrfcm
2014-12-28 08:35 - 2014-06-10 05:14 - 00285424 _____ () C:\Users\DELL\Documents\Scan0012.JPG.zcxrfcm
2014-12-28 08:35 - 2014-05-17 07:11 - 00002080 _____ () C:\Users\DELL\Documents\INFORMATION FOR  SOCIAL SECURITY SITE.DOC.zcxrfcm
2014-12-28 08:35 - 2014-04-19 18:14 - 00380800 _____ () C:\Users\DELL\Documents\utah.DOC.zcxrfcm
2014-12-28 08:35 - 2014-03-29 19:52 - 00003120 _____ () C:\Users\DELL\Documents\O USO DO VÍDEO COMO INSTRUMENTO COMPLEMENTAR AO PROCESSO DE ENSINO E APRENDIZAGEM.DOC.zcxrfcm
2014-12-28 08:35 - 2014-03-28 13:03 - 77177248 _____ () C:\Users\DELL\Documents\CASA NA FLORIDA.ZIP.zcxrfcm
2014-12-28 08:35 - 2014-03-25 05:21 - 00330192 _____ () C:\Users\DELL\Documents\Scan0011.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-20 17:47 - 00002592 _____ () C:\Users\DELL\Documents\Bolo de Cenoura.DOC.zcxrfcm
2014-12-28 08:35 - 2014-03-17 19:41 - 00160752 _____ () C:\Users\DELL\Documents\Florida D Licence.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-16 17:02 - 00774304 _____ () C:\Users\DELL\Documents\leida.DOC.zcxrfcm
2014-12-28 08:35 - 2014-03-16 17:02 - 00163520 _____ () C:\Users\DELL\Documents\CARD  1.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-16 16:48 - 00164656 _____ () C:\Users\DELL\Documents\LEIDA'S BIS.CRD.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-04 21:28 - 00176432 _____ () C:\Users\DELL\Documents\military id 2.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-04 21:27 - 00101632 _____ () C:\Users\DELL\Documents\military id.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-04 20:57 - 00362832 _____ () C:\Users\DELL\Documents\JENN'S SSC.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-04 19:56 - 00879072 _____ () C:\Users\DELL\Documents\Leter  2.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-04 19:51 - 00681376 _____ () C:\Users\DELL\Documents\Introduction Leter.JPG.zcxrfcm
2014-12-28 08:35 - 2014-03-03 19:41 - 00002848 _____ () C:\Users\DELL\Documents\COUNTY OF HUDSON.DOC.zcxrfcm
2014-12-28 08:35 - 2014-02-25 21:24 - 00002480 _____ () C:\Users\DELL\Documents\Please confirm your attendance by 5.DOC.zcxrfcm
2014-12-28 08:35 - 2014-02-14 10:27 - 04006032 _____ () C:\Users\DELL\Documents\015.JPG.zcxrfcm
2014-12-28 08:35 - 2014-01-31 22:09 - 00387088 _____ () C:\Users\DELL\Documents\CAR INS & REG.JPG.zcxrfcm
2014-12-28 08:35 - 2014-01-14 17:59 - 00002560 _____ () C:\Users\DELL\Documents\USAA.DOC.zcxrfcm
2014-12-28 08:35 - 2013-12-21 09:37 - 00144832 _____ () C:\Users\DELL\Documents\Scan0009.JPG.zcxrfcm
2014-12-28 08:35 - 2013-12-07 10:59 - 00001936 _____ () C:\Users\DELL\Documents\BOA motorhead24.DOC.zcxrfcm
2014-12-28 08:35 - 2013-11-24 13:40 - 00007856 _____ () C:\Users\DELL\Documents\2.DOC.zcxrfcm
2014-12-28 08:35 - 2013-11-23 19:38 - 00002720 _____ () C:\Users\DELL\Documents\taxes hernando county.DOC.zcxrfcm
2014-12-28 08:35 - 2013-11-23 13:23 - 00003360 _____ () C:\Users\DELL\Documents\taxes for house in FL.DOC.zcxrfcm
2014-12-28 08:35 - 2013-11-13 16:10 - 01515888 _____ () C:\Users\DELL\Documents\Para Tina (2).JPG.zcxrfcm
2014-12-28 08:35 - 2013-11-02 11:45 - 00001792 _____ () C:\Users\DELL\Documents\pw for chase is  mamaepapae50.DOC.zcxrfcm
2014-12-28 08:35 - 2013-10-30 17:49 - 00643296 _____ () C:\Users\DELL\Documents\Para Tina.JPG.zcxrfcm
2014-12-28 08:35 - 2013-10-07 04:04 - 00299664 _____ () C:\Users\DELL\Documents\Scan0008.JPG.zcxrfcm
2014-12-28 08:35 - 2013-10-07 04:04 - 00299664 _____ () C:\Users\DELL\Documents\B America.JPG.zcxrfcm
2014-12-28 08:35 - 2013-10-07 04:02 - 01092016 _____ () C:\Users\DELL\Documents\BBT (2).JPG.zcxrfcm
2014-12-28 08:35 - 2013-10-06 08:07 - 00159120 _____ () C:\Users\DELL\Documents\Scan0007.JPG.zcxrfcm
2014-12-28 08:35 - 2013-10-05 06:32 - 00002896 _____ () C:\Users\DELL\Documents\para Marcinho.DOC.zcxrfcm
2014-12-28 08:35 - 2013-09-30 08:48 - 00530560 _____ () C:\Users\DELL\Documents\Cadence Bank.JPG.zcxrfcm
2014-12-28 08:35 - 2013-09-09 19:36 - 00059488 _____ () C:\Users\DELL\Documents\Scan0006.JPG.zcxrfcm
2014-12-28 08:35 - 2013-09-09 19:11 - 00289888 _____ () C:\Users\DELL\Documents\Scan0005.JPG.zcxrfcm
2014-12-28 08:35 - 2013-09-03 18:40 - 00002352 _____ () C:\Users\DELL\Documents\Reference questionnaire  for Jessica.DOC.zcxrfcm
2014-12-28 08:35 - 2013-08-29 10:58 - 00001888 _____ () C:\Users\DELL\Documents\vishnu sahasranamam ms subbulakshmi.DOC.zcxrfcm
2014-12-28 08:35 - 2013-08-16 15:59 - 00783376 _____ () C:\Users\DELL\Documents\Atestado de vida.JPG.zcxrfcm
2014-12-28 08:35 - 2013-08-11 22:22 - 00942160 _____ () C:\Users\DELL\Documents\UNENPLOYMENT.DOC.zcxrfcm
2014-12-28 08:35 - 2013-08-11 22:18 - 00951712 _____ () C:\Users\DELL\Documents\UIB.JPG.zcxrfcm
2014-12-28 08:35 - 2013-07-17 08:16 - 00931552 _____ () C:\Users\DELL\Documents\Scan0004.JPG.zcxrfcm
2014-12-28 08:35 - 2013-07-15 16:46 - 00003280 _____ () C:\Users\DELL\Documents\trip to fl.DOC.zcxrfcm
2014-12-28 08:35 - 2013-07-10 04:34 - 00840160 _____ () C:\Users\DELL\Documents\Scan0002.JPG.zcxrfcm
2014-12-28 08:35 - 2013-07-10 04:34 - 00840160 _____ () C:\Users\DELL\Documents\bbt.JPG.zcxrfcm
2014-12-28 08:35 - 2013-07-10 04:34 - 00487824 _____ () C:\Users\DELL\Documents\Scan0003.JPG.zcxrfcm
2014-12-28 08:35 - 2013-06-02 16:02 - 00002576 _____ () C:\Users\DELL\Documents\HTML.DOC.zcxrfcm
2014-12-28 08:35 - 2013-06-01 18:33 - 00885456 _____ () C:\Users\DELL\Documents\Lee&Jen.DOC.zcxrfcm
2014-12-28 08:35 - 2013-05-25 07:28 - 00009024 _____ () C:\Users\DELL\Documents\(College Cost.DOC.zcxrfcm
2014-12-28 08:35 - 2013-05-16 20:36 - 00156416 _____ () C:\Users\DELL\Documents\Florida inf for members in the service.PDF.zcxrfcm
2014-12-28 08:35 - 2013-05-07 17:22 - 00001760 _____ () C:\Users\DELL\Documents\password for salie mae is mamae555.DOC.zcxrfcm
2014-12-28 08:35 - 2013-05-04 20:23 - 00004240 _____ () C:\Users\DELL\Documents\Company Overview jobs for Leida.DOC.zcxrfcm
2014-12-28 08:35 - 2013-04-30 16:35 - 00302272 _____ () C:\Users\DELL\Documents\Scan0001.JPG.zcxrfcm
2014-12-28 08:35 - 2013-04-30 16:33 - 00311824 _____ () C:\Users\DELL\Documents\vovo FULO.JPG.zcxrfcm
2014-12-28 08:35 - 2013-04-19 13:46 - 00002448 _____ () C:\Users\DELL\Documents\Pension fund inf.DOC.zcxrfcm
2014-12-28 08:35 - 2013-04-17 11:19 - 05420544 _____ () C:\Users\DELL\Documents\Doc2.DOC.zcxrfcm
2014-12-28 08:35 - 2013-04-17 10:59 - 00519920 _____ () C:\Users\DELL\Documents\Mr. nordby's rec.letter.JPG.zcxrfcm
2014-12-28 08:35 - 2013-04-17 10:39 - 00224752 _____ () C:\Users\DELL\Documents\Insurance card.JPG.zcxrfcm
2014-12-28 08:35 - 2013-04-14 18:50 - 00020032 _____ () C:\Users\DELL\Documents\Single.DOC.zcxrfcm
2014-12-23 06:27 - 2014-12-20 14:20 - 02028906 _____ () C:\Users\DELL\Documents\untit80-1s3.bmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 12:15 - 2013-03-01 19:13 - 01308036 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 12:13 - 2013-03-01 23:24 - 00000000 ____D () C:\ProgramData\GbPlugin
2015-01-16 12:12 - 2013-03-28 20:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 12:12 - 2013-03-18 22:09 - 00047366 _____ () C:\Windows\PFRO.log
2015-01-16 12:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 12:12 - 2009-07-13 23:51 - 00083683 _____ () C:\Windows\setupact.log
2015-01-16 12:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-01-16 12:09 - 2009-07-13 23:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:09 - 2009-07-13 23:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:08 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 11:57 - 2014-09-02 10:12 - 00000000 ____D () C:\Users\DELL\AppData\Local\Origin
2015-01-16 11:57 - 2014-09-02 09:58 - 00000000 ____D () C:\ProgramData\Origin
2015-01-16 11:57 - 2013-03-28 20:07 - 00000000 ____D () C:\Users\DELL\AppData\Local\Google
2015-01-16 11:57 - 2013-03-01 21:49 - 00000000 ____D () C:\Users\DELL\AppData\Local\Microsoft Games
2015-01-16 11:57 - 2013-03-01 20:39 - 00000000 ____D () C:\Users\DELL\AppData\Roaming\Adobe
2015-01-16 11:57 - 2013-03-01 19:13 - 00000000 ____D () C:\Users\DELL
2015-01-16 11:33 - 2013-03-01 19:13 - 00000000 ____D () C:\Users\DELL\AppData\Local\VirtualStore
2015-01-16 11:32 - 2013-03-01 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 11:22 - 2013-03-28 20:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 20:33 - 2013-03-01 19:49 - 00004286 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{13330538-8D81-4040-98DD-2ED5034636A3}
2015-01-14 09:33 - 2013-03-01 20:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 09:33 - 2013-03-01 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 09:33 - 2013-03-01 20:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 15:18 - 2014-09-02 10:51 - 00001338 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2015-01-11 15:14 - 2014-09-02 09:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-09 10:22 - 2014-01-24 19:51 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2015-01-09 08:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-08 22:08 - 2013-03-13 10:46 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-08 19:46 - 2013-03-13 10:46 - 00000000 ____D () C:\Program Files\McAfee
2015-01-08 19:46 - 2013-03-13 10:14 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-08 19:43 - 2013-03-13 10:46 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-06 04:36 - 2013-03-01 19:36 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 07:58 - 2014-09-02 09:58 - 00000000 ____D () C:\ProgramData\Electronic Arts
 
Some content of TEMP:
====================
C:\Users\DELL\AppData\Local\Temp\.gbas64.dll
C:\Users\DELL\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\DELL\AppData\Local\Temp\oi_{04A876B9-1F91-4F8E-99E5-6B5705994771}.exe
C:\Users\DELL\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 08:15
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by DELL at 2015-01-16 12:17:11
Running from C:\Users\DELL\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-753559765-3055242358-4014993653-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
01-01-2015 07:51:52 Scheduled Checkpoint
01-01-2015 09:45:16 Windows Backup
04-01-2015 19:00:03 Windows Backup
08-01-2015 19:01:23 Windows Backup
08-01-2015 19:11:19 Windows Backup
11-01-2015 19:00:02 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1052D269-058A-4E68-AB55-35502CBDD506} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {14B9364E-3636-419A-A282-C492EC4812EA} - System32\Tasks\exsaxmn => C:\Users\DELL\AppData\Local\Temp\jhhywqe.exe <==== ATTENTION
Task: {8095E766-5298-4E56-A209-EB5EB254EE72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {DA634D9F-DEE2-4F87-9431-BBC1CAD555BA} - System32\Tasks\{5A35B007-4922-45C0-BE8F-1F6440A4EF3E} => pcalua.exe -a C:\Users\DELL\Downloads\DJ3050A_J611_1315.exe -d C:\Users\DELL\Downloads
Task: {F792656F-BEA5-41B1-ABCF-3CA5F656D912} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-14 05:42 - 2012-12-14 05:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
1996-11-17 03:00 - 1996-11-17 03:00 - 00111376 _____ () C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
1996-11-17 03:00 - 1996-11-17 03:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
1996-11-17 03:00 - 1996-11-17 03:00 - 00022016 _____ () C:\Windows\SysWow64\docobj.dll
1996-11-17 03:00 - 1996-11-17 03:00 - 03774224 _____ () C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
2014-12-09 21:26 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-09 21:26 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-09 21:26 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-09 21:26 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\System32:920333CE_Bb.gbp
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-753559765-3055242358-4014993653-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-753559765-3055242358-4014993653-500 - Administrator - Disabled)
DELL (S-1-5-21-753559765-3055242358-4014993653-1000 - Administrator - Enabled) => C:\Users\DELL
Guest (S-1-5-21-753559765-3055242358-4014993653-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Network Controller
Description: Network Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2015 11:44:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (01/16/2015 11:44:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (01/16/2015 11:44:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (01/16/2015 11:44:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (01/16/2015 11:44:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (01/16/2015 11:40:57 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (01/15/2015 03:29:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 2.3.0.0, time stamp: 0x541f41ff
Faulting module name: SHELL32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb01
Exception code: 0xc0000409
Fault offset: 0x000a8530
Faulting process id: 0x9d8
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3
 
Error: (01/15/2015 03:29:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 2.3.0.0, time stamp: 0x541f41ff
Faulting module name: SHELL32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb01
Exception code: 0xc0000409
Fault offset: 0x000a8530
Faulting process id: 0x11b0
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3
 
Error: (01/15/2015 08:39:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: gbieh.dll_unloaded, version: 0.0.0.0, time stamp: 0x53cd2344
Exception code: 0xc0000005
Fault offset: 0x751373e6
Faulting process id: 0xffc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/11/2015 03:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS4.exe, version: 1.3.18.1010, time stamp: 0x548b7c45
Faulting module name: python33.dll, version: 3.3.5150.1013, time stamp: 0x53c41008
Exception code: 0xc0000005
Fault offset: 0x0002eaed
Faulting process id: 0x1704
Faulting application start time: 0xTS4.exe0
Faulting application path: TS4.exe1
Faulting module path: TS4.exe2
Report Id: TS4.exe3
 
 
System errors:
=============
Error: (01/16/2015 00:14:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Network Agent service depends the following service: mfefire. This service might not be installed.
 
Error: (01/16/2015 00:12:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Proxy Service service depends the following service: mfefire. This service might not be installed.
 
Error: (01/16/2015 00:12:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee AP Service service depends the following service: mfevtp. This service might not be installed.
 
Error: (01/16/2015 00:06:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/16/2015 00:04:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Network Agent service depends the following service: mfefire. This service might not be installed.
 
Error: (01/16/2015 00:03:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/16/2015 00:02:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Proxy Service service depends the following service: mfefire. This service might not be installed.
 
Error: (01/16/2015 00:02:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee AP Service service depends the following service: mfevtp. This service might not be installed.
 
Error: (01/16/2015 11:59:42 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (01/16/2015 11:57:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 21%
Total physical RAM: 8104.63 MB
Available physical RAM: 6357.37 MB
Total Pagefile: 16207.41 MB
Available Pagefile: 14424.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:876.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 320ED2D0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy. 
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and upload your next reply.
 
 
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.