Jump to content

WinUpdate detected as Spyware.PasswordStealer?


Recommended Posts

Did a scan earlier due to my twitter account being compromised but I don't know if it was just coincidence since this pc belongs to my dad and hasn't been scanned in ages.

 

Here's a copy of the scan results. I'm quite worried as although it's labeled as Spyware.PasswordStealer, It is a value in the registry and as can be seen I am sure that it is the WinUpdate/Windows Update key.

 

I see some other PUP's there too but I'm only most hesitant on the Spyware.PasswordStealer and Trojan.Malpack.VB which is a svchost.exe

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/17/2016
Scan Time: 1:26 PM
Logfile: scanned.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.16.05
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Torres
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 802981
Time Elapsed: 4 hr, 53 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\avaxvyyvyf, , [5df82119881163d36a05b17449bb9868], 
PUP.Optional.SProtector, HKLM\SOFTWARE\WOW6432NODE\SProtector, , [11440535b6e3fa3cd7b9e9bd7a89ff01], 
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASAPI32, , [1b3a89b1dbbe0b2bacbf9c89887cef11], 
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASMANCS, , [2431ae8c0d8c53e395d663c2c63e58a8], 
PUP.Optional.YahooVNM, HKU\S-1-5-21-819453736-4280033654-1804472810-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, , [68ede852f7a2082ec23bc91e62a109f7], 
 
Registry Values: 2
Spyware.PasswordStealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinUpdate, Wscript.exe //e:VBScript "C:\Windows\:Microsoft Office Update for Windows XP.sys", , [f46116241a7f360094a62febf50f50b0]
PUP.Optional.YahooVNM, HKU\S-1-5-21-819453736-4280033654-1804472810-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, https://ph.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151005__yaie&p={searchTerms},, [68ede852f7a2082ec23bc91e62a109f7]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.OpenCandy, C:\Users\Torres\AppData\Roaming\OpenCandy, , [8bca87b3d1c886b0c7c799fa0ef4718f], 
PUP.Optional.OpenCandy, C:\Users\Torres\AppData\Roaming\OpenCandy\878AA39A63914AD4A83B434E3BAEDE5B, , [8bca87b3d1c886b0c7c799fa0ef4718f], 
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect, , [84d121193a5fd85e37e87e4cd131b24e], 
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, , [84d121193a5fd85e37e87e4cd131b24e], 
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, , [84d121193a5fd85e37e87e4cd131b24e], 
 
Files: 38
Trojan.MalPack.VB, C:\Users\Torres\AppData\Local\svchost.exe, , [8ec73307465380b6298ba3a318e92ed2], 
Backdoor.Agent.E, C:\ProgramData\Microsoft\Microsoft.lnk, , [71e48eac27722e08d2391ac582803dc3], 
Worm.Agent, C:\ProgramData\autorun.inf, , [65f0d9611d7ce452c63d1470c53e9d63], 
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, , [89ccae8ceaafff37db81978e21e322de], 
PUP.Optional.OpenCandy, C:\Users\Torres\AppData\Roaming\OpenCandy\878AA39A63914AD4A83B434E3BAEDE5B\PCTU2015-EN-1day-AID1006075.exe, , [8bca87b3d1c886b0c7c799fa0ef4718f], 
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [84d121193a5fd85e37e87e4cd131b24e], 
PUP.Optional.Babylon, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0);), ,[68edd268079291a582ef48915ba953ad]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "ir_14_15_ch");), ,[8cc93307d6c3c86e8e9c93472cd86d93]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (es to this file while the application is running,
 * the changes will b manual change), ,[4b0a6fcbe7b2fc3aab7f7c5e49bbb44c]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (plication is running,
 * the changes will b manual change to preferences, you can visit the URL about:config
 */
 
user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);
useref("aol_toolbar.default.search.check", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);
user_pref("app6072876);
user_pref("app.update.last), ,[75e047f3554454e2c2680fcbc1436a96]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ground-update-timer", 1436073236);
user_pref("app), ,[b69f1129b8e1b77ff23886547d87f10f]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn), ,[83d2ef4b5a3f9c9adb4f25b53fc55da3]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn), ,[f362e159bbdeca6c7fab12c84aba2bd5]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is run), ,[96bfd961cacfba7cdb4fddfd45bffd03]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (changes to this file while the application is runn), ,[84d1d664217825119f8bcc0e27dd669a]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (e changes to this file while the application is running,
 * the changes will b manual change to preferences, you can visit the URL about:config
 */
 
user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);
useref("aol_toolbar.default.search.check", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);
user_pref("app6072876);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1436072996);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1436072636);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1436073116);
user_pref("app.update.lastUpd), ,[73e2d268b4e5c2749595b6246a9a5da3]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (timer", 1436073116);
user_pref("app.update.lastUpdat), ,[460f1d1d0e8bcb6b2a006e6c51b3af51]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (changes to this file while the application is running,
 * the changes will b man), ,[0a4bd7632772f83e73b7fae0c1432cd4]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (he application is running,
 * the changes will b), ,[cb8a9d9d9ffa72c4ae7c964463a1b54b]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ake changes to this file while the application is running,
 * the changes will b manual change to preferences, you can visit the URL about:config
 */
 
user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);
useref("aol_toolbar.default.search.check", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);
user_pref("app6072876);
user_pref("app.update.lastUpdateTime.blocklist-background-updat), ,[d28378c21e7bb87e33f73e9c3bc9f808]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (update.lastUpdateTime.blocklist-background-update-timer", 14), ,[7fd658e2b3e62e08999192489f6521df]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (to this file while the application is running,
 * the c), ,[2c295bdf1188b87e0a201fbb31d3738d]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (nges to this file while the application is running,
 * the), ,[57feee4c6138f93deb3f34a6aa5ab14f]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (s to this file while the application is running,
 * the changes will b manual change to preferences, you can visit the URL about:config
 */
 
user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);
useref("aol_toolbar.default.search.check", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);
user_pref("app6072876);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer"), ,[0352ee4c78211b1bcb5fbd1dd331e21e]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (p.update.lastUpdateTime.blocklist-background-update-timer", 1436072), ,[eb6a6ccef6a378bed35759814fb5ba46]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: ( file while the application is running,
 * the changes will b manual change to preferences, you can visit the URL about:config
 */
 
user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);
useref("aol_toolbar.default.search.check", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);
user_pref("app6072876);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1436072996)), ,[c590a298b1e872c40c1e15c59272f20e]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (date.lastUpdateTime.blocklist-background-update-timer", 1436072996);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1436072636);
user_pref("app.update.lastUpdateTime.), ,[e4711d1d6039072f181258827292f30d]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (t:config
 */
 
user_pref("DataMngr.Updater.Enabdfind.flashBa), ,[223387b39efb44f2ca600cce838137c9]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: ( to this file while the application is running,
 * the change), ,[81d4ff3b2079c17563c73c9ee71de818]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (o this file while the application is running,
 *), ,[3e1751e9d6c3d75f5ecc1dbd7b8951af]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ake changes to this file while the application is running,
 * t), ,[fc59e6542f6ab383e347eceeaf55f10f]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (this file while the application is running,
 * the c), ,[84d18dad544589ad64c68654e1233fc1]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (changes to this file while the application is running,
 * the changes will b manual change to preferences, you can visit the URL about:config
 */
 
user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);
useref("aol_toolbar.default.search.check", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);
user_pref("app6072876);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1), ,[99bccc6e53460630e1495189d4306a96]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (lastUpdateTime.blocklist-background-update-timer", 143), ,[a8ad42f8bbde44f284a623b73bc9728e]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (anges to this file while the application is running,
 *), ,[91c41d1df9a0b086b575cf0beb196997]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (nges to this file while the application is running,
 ), ,[1441dc5e9009bf77f5354b8f26de9c64]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (hanges to this file while the application is running,
 ), ,[96bf84b6f9a079bdc7637268be46ef11]
PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (nges to this file while the application is running,
 * the change), ,[d184ba8075243105c66486545ca8fd03]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Any input?
Link to post
Share on other sites

  • Replies 125
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

  • Staff

Hello,

 

Thank you for posting the report.

None of these look like false positives.. the svchost.exe you speak of is in your local application directory. You have a legit svchost.exe in system32 (which is not the one we are hitting)

 

You have quite a bit of nastiness going on there including backdoor activity.

You should allow MBAM to clean this up. Let MBAM clean it, reboot as it asks then re-scan to ensure everything is cleaned up.

 

You will want to change passwords to any sensitive sites/apps you use since your passwords & user info may have been stolen too.

 

If you still have troubles with the machine afterward or MBAM keeps detecting stuff, head over to the help forum here: 

https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/

 

The experts there will help clean out whatever is left & post some advise on future prevention/protection.

Kindly note, it sometimes takes a day or 2 for them to respond. Most of them are volunteers.

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites

Hello,

 

Thank you for posting the report.

None of these look like false positives.. the svchost.exe you speak of is in your local application directory. You have a legit svchost.exe in system32 (which is not the one we are hitting)

 

You have quite a bit of nastiness going on there including backdoor activity.

You should allow MBAM to clean this up. Let MBAM clean it, reboot as it asks then re-scan to ensure everything is cleaned up.

 

You will want to change passwords to any sensitive sites/apps you use since your passwords & user info may have been stolen too.

 

If you still have troubles with the machine afterward or MBAM keeps detecting stuff, head over to the help forum here: 

https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/

 

The experts there will help clean out whatever is left & post some advise on future prevention/protection.

Kindly note, it sometimes takes a day or 2 for them to respond. Most of them are volunteers.

Hello and thank you for the quick response,

 

May I be assured that the Spyware.PasswordStealer is not really Windows Update? or an important part of windows update?

 

Thank you 

Link to post
Share on other sites

  • Staff

Zinedane:
Windows update runs as a system service.. the registry entry being tagged by MBAM here is pointing to a file attached to the windows directory in the form of "Alternate Data Stream" which is NOT normal.

You can read about "Alternate Data Streams" here:
http://www.windowsecurity.com/articles-tutorials/windows_os_security/Alternate_Data_Streams.html(no need to download anything from the adverts on the page)

Carry on with what Kevin has you doing please, he'll get you cleaned up. :)

Link to post
Share on other sites

Zinedane:

Windows update runs as a system service.. the registry entry being tagged by MBAM here is pointing to a file attached to the windows directory in the form of "Alternate Data Stream" which is NOT normal.

You can read about "Alternate Data Streams" here:

http://www.windowsecurity.com/articles-tutorials/windows_os_security/Alternate_Data_Streams.html(no need to download anything from the adverts on the page)

Carry on with what Kevin has you doing please, he'll get you cleaned up. :)

Alright but should I remove those Malware detected by Malwarebytes first before running adwcleaner?

Link to post
Share on other sites

 

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

 

 

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply

      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)

  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.

Let me see those logs in your next reply...

Thank you,

Kevin...

 

 

This post is for AdwCleaner Log

 

I didn't "check" all of it since I don't know which files/folders should be deleted. Any Input? Farbar Recovery Scan Tool Log will follow, as it is still scanning.

 

# AdwCleaner v5.029 - Logfile created 17/01/2016 at 21:55:32
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Torres - TORRES-PC
# Running from : D:\downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[x] Service Not Deleted : YahooAUService
 
***** [ Folders ] *****
 
[x] Folder Not Deleted : C:\Program Files\Windows Sidebar\Shared Gadgets
 
\gadgetbox.gadget
[x] Folder Not Deleted : C:\Program Files (x86)\Yahoo!\Companion
[x] Folder Not Deleted : C:\Program Files (x86)\myfree codec
[x] Folder Not Deleted : C:\Program Files (x86)\BitLord
[x] Folder Not Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions
[x] Folder Not Deleted : C:\ProgramData\ytd video downloader
[x] Folder Not Deleted : C:\ProgramData\Yahoo! Companion
[x] Folder Not Deleted : C:\ProgramData\Innovative Solutions
[x] Folder Not Deleted : C:\ProgramData\BlocckUTuBeAd
[x] Folder Not Deleted : C:\ProgramData\SuaiveNewaAppPz
[x] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\myfree codec
[x] Folder Not Deleted : C:\Users\Torres\AppData\Local\Innovative Solutions
[x] Folder Not Deleted : C:\Users\Torres\AppData\Local\BitLord
[x] Folder Not Deleted : C:\Users\Torres\AppData\LocalLow\Yahoo! Companion
[x] Folder Not Deleted : C:\Users\Torres\AppData\LocalLow\Yahoo!\Companion
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\OpenCandy
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\RHEng
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\RPEng
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\Yahoo!\Companion
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\BitLord
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\Easeware
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\Microsoft\Windows\Start 
 
Menu\Programs\BitLord
[x] Folder Not Deleted : C:\Users\Torres\AppData\Roaming\Mozilla\Firefox
 
\Profiles\zw4v3fc7.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[x] Folder Not Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local
 
\SearchProtect
[x] Folder Not Deleted : D:\my documents\BitLord
 
***** [ Files ] *****
 
[x] File Not Deleted : C:\Users\Torres\AppData\Local\Google\Chrome\User Data
 
\Default\Local Storage\hxxps_static.olark.com_0.localstorage[x] File Not Deleted 
 
: C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Local Storage
 
\hxxps_static.olark.com_0.localstorage-journal[x] File Not Deleted : C:\Users
 
\Torres\AppData\Local\Google\Chrome\User Data\Default\Local Storage
 
\hxxp_st.chatango.com_0.localstorage[x] File Not Deleted : C:\Users\Torres
 
\AppData\Local\Google\Chrome\User Data\Default\Local Storage
 
\hxxp_st.chatango.com_0.localstorage-journal[x] File Not Deleted : C:\Users
 
\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\invalidprefs.js[x] File Not Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-
 
c64a-45ab-bdf4-804fe18ceafd}.sdb[x] File Not Deleted : C:\Windows
 
\SysWOW64\lavasofttcpservice.dll
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-
 
BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-
 
F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-
 
743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-
 
7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-
 
1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-
 
932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-
 
D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-
 
CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-
 
082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-
 
0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-
 
7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-
 
0F2F2D760E36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-
 
1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-
 
56FC5162A994}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
 
\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
 
\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved
 
\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved
 
\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89
 
-9713FBEDB671}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16
 
-617106245BB7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9
 
-A6CD64D4E636}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-
 
8B6B-CF637B2D465A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275
 
-A322A398D93F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-
 
AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-
 
8A5D-D1B7464B242D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779
 
-9F7378555A8F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07
 
-57B53D1C4215}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-
 
84DB-6F1514110BD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-
 
9FAE-4B1B2ADAF17B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7
 
-21485FA8390B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552
 
-B94356F39FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6
 
-21BF6525F3FE}
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\smarttweak
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\WEBAPP
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-
 
84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\SearchquSRTB
[-] Key Deleted : HKLM\SOFTWARE\SP Global
[-] Key Deleted : HKLM\SOFTWARE\SProtector
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
 
\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! 
 
Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! 
 
Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
 
\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
 
\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1
[-] Key Deleted : HKU\.DEFAULT\Software\AskToolbar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-
 
84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-
 
84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-
 
84D9848AE48B}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : useref("aol_toolbar.default.search.check", 
 
false);
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", 
 
"GadgetBox");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", 
 
"GadgetBox");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.50f833210204d.scode", 
 
"(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1)
 
{return};if(window.self==window.top){var a=function()
 
{window.PricePeepPartnerData={[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.8USpcTRVHXP.scode", 
 
"(function(){try{var url=(window.self.location.href + document.cookie);if
 
(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf
 
(\"sumo[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 
 
0);
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.Pp3JxM5MD.scode", 
 
"(function(){try{var url=(window.self.location.href + document.cookie);if
 
(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf
 
(\"sumoro[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.QvM7XH_isV0.scode", 
 
"(function(){try{var url=(window.self.location.href + document.cookie);if
 
(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf
 
(\"sumo[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.aflt", 
 
"ir_14_15_ch");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.cd", 
 
"2XzuyEtN2Y1L1QzuzytDtB0BtAyEzztA0EtAyDyDyDtAzy0FtN0D0Tzu0SzztBzytN1L2XzutBtFtCzz
 
tFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyC0F0BtDzytGzztCtByBt
 
[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.cr", 
 
"873249872");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.irmysearch.instlRef", 
 
"140305_b");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.kL1K.scode", "(function
 
(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-
 
1url.indexOf(\"txtlnkusaolp00000800\")>-1url.indexOf(\"sumorobo\")>-1url.indexO
 
[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.aflt", 
 
"ir_14_15_ch");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.appId", 
 
"{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.cd", 
 
"2XzuyEtN2Y1L1QzuzytDtB0BtAyEzztA0EtAyDyDyDtAzy0FtN0D0Tzu0SzztBzytN1L2XzutBtFtCzz
 
tFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyC0F0BtDzytGzztCtBy
 
[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.cntry", 
 
"PH");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.cr", 
 
"873249872");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dfltLng", 
 
"");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dfltSrch", 
 
true);
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dnsErr", 
 
true);
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.dpkLst", 
 
"3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,37549
 
50497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.excTlbr", 
 
false);
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.hdrMd5", 
 
"FF5CCFA9A861341AB474FCCC6BB02979");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.hmpg", 
 
true);
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.hmpgUrl", 
 
"hxxp://start.mysearchdial.com/?
 
f=1&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEzztA0EtAyDyDyDtAzy0FtN0D0Tzu0Szz
 
tBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtD[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.id", 
 
"902B3483E355539F");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.instlDay", 
 
"16169");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.instlRef", 
 
"140305_b");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.lastB", 
 
"hxxp://start.mysearchdial.com/?
 
f=1&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEzztA0EtAyDyDyDtAzy0FtN0D0Tzu0Szz
 
tBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtA[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", 
 
"1.8.29.014:54:7");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.newTabUrl", 
 
"hxxp://start.mysearchdial.com/?
 
f=2&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEzztA0EtAyDyDyDtAzy0FtN0D0Tzu0Szz
 
tBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.pnu_base", 
 
"{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false
 
\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.prdct", 
 
"mysearchdial");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.prtnrId", 
 
"mysearchdial");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.sg", 
 
"none");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.srchPrvdr", 
 
"Mysearchdial");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.tlbrId", 
 
"base");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref
 
("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?
 
f=3&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEzztA0EtAyDyDyDtAzy0FtN0D0Tzu0Szz
 
tBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.vrsn", 
 
"1.8.29.0");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial.vrsni", 
 
"1.8.29.0");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial_i.newTab", 
 
false);
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial_i.smplGrp", 
 
"none");
[-] [C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
 
\prefs.js] [Preference] Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", 
 
"1.8.29.014:54:7");
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner.lnk - [746 bytes] - [17/01/2016 20:31:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17977 bytes] ##########
Link to post
Share on other sites

FRST.TXT: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Torres (administrator) on TORRES-PC (17-01-2016 22:08:35)
Running from D:\downloads
Loaded Profiles: Torres (Available Profiles: Torres)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Barracuda Networks) C:\Program Files\BarracudaNG\phionha.exe
(Barracuda Networks) C:\Program Files\BarracudaNG\phions.exe
(AMD) C:\Windows\System32\atieclxx.exe
(OPSWAT, Inc.) C:\Program Files\BarracudaNG\Opswat\32bitProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Barracuda Networks) C:\Program Files\BarracudaNG\phion.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
() D:\Games\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Windows\vsnpstd3.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII3E.EXE
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [phion] => C:\Program Files\BarracudaNG\phion.exe [5038464 2012-11-30] (Barracuda Networks)
HKLM\...\Run: [WinUpdate] => Wscript.exe //e:VBScript "C:\Windows\:Microsoft Office Update for Windows XP.sys"
HKLM-x32\...\Run: [uSB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [2048928 2011-11-04] (Zbshareware Lab)
HKLM-x32\...\Run: [Gaming mouse] => C:\Program Files (x86)\Gaming Mouse\Monitor.exe [495616 2013-12-02] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119360 2015-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-08] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Dropbox Update] => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-08] (Dropbox, Inc.)
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [CatalinaGroup Update] => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130928 2015-10-13] (Catalina Group Ltd.)
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII3E.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Google Update] => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Df5serv] => Wscript.exe //e:VBScript "D:\my documents\df5srvc.bfe"
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Explorer] => Wscript.exe //e:VBScript "C:\Users\Torres\AppData\Local\Microsoft\CD Burning\dekstop.ini"
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {16e8b783-1e38-11e2-a861-902b3483e355} - E:\iStudio.exe
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {54c1730e-5990-11e4-b696-902b3483e355} - H:\AutoRun.exe
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {af25da4a-edbe-11e1-8dc9-902b3483e355} - F:\Launch.exe
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {cbbeb12f-edbc-11e1-8b44-b5f093b8fca3} - F:\Run.exe
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {d08f2260-edcf-11e1-a5a7-902b3483e355} - H:\Autorun.exe main\assetup.exe
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {eb871a09-0fe2-11e3-8ad6-902b3483e355} - H:\AutoRun.exe
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {fb3ca839-785f-11e4-8f76-902b3483e355} - H:\bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
Startup: C:\Users\Torres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:46738bd5 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 122.2.167.6 122.2.166.161 192.168.1.1
Tcpip\..\Interfaces\{11D776A1-4646-4CB8-B26E-27BA5BA6EFA9}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{13687761-D3A2-47E2-9330-AC49589EBA1D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{A2F8C3A1-DF9A-411C-9EF4-A494660703EC}: [DhcpNameServer] 124.106.5.2 124.106.7.2
Tcpip\..\Interfaces\{C1511C99-F98B-45F5-A9DD-F8E686D52EA6}: [DhcpNameServer] 122.2.167.6 122.2.166.161 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-819453736-4280033654-1804472810-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bendot.co.nr
SearchScopes: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ph.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151005__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> {FD8E1371-F61A-42de-B27B-76AC9C791C75} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-16] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default
FF NewTab: hxxp://www.bendot.co.nr
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.bendot.co.nr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-09] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-24] (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\Torres\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-13] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\Torres\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-13] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Torres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Torres\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-24] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-21] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-22] (Apple Inc.)
FF SearchPlugin: C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\searchplugins\google-lavasoft.xml [2015-10-29]
FF Extension: SuaiveNewaAppPz - C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\Extensions\ouu0hrq@veoawj-.net [2014-01-02] [not signed]
FF Extension: BlocckUTuBeAd - C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\Extensions\sp821qe@uastmbkol-.org [2014-02-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-19]
CHR Extension: (Google Docs) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-19]
CHR Extension: (Google Drive) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-19]
CHR Extension: (Google Docs Offline) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Avast Online Security) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]
CHR Extension: (Skype) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-07-19]
CHR Extension: (Gmail) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-16] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128560 2012-12-20] (INCA Internet Co., Ltd.)
R2 phionha; C:\Program Files\BarracudaNG\phionha.exe [3323776 2012-11-30] (Barracuda Networks)
R2 phions; C:\Program Files\BarracudaNG\phions.exe [8348064 2012-11-30] (Barracuda Networks)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2987520 2014-10-29] (Microsoft Corporation) [File not signed]
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2967864 2015-05-15] (AVG Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-09-20] (Wellbia.com Co., Ltd.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2010-06-30] (Advanced Micro Devices Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-16] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-24] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 phionvpn; C:\Windows\System32\DRIVERS\phionvpn.sys [36688 2012-06-28] (Barracuda Networks Inc.)
R0 ProcMonD; C:\Windows\System32\DRIVERS\ProcMonD.sys [14320 2012-06-04] (phion AG)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R1 SPac; C:\Windows\System32\DRIVERS\spac.sys [145232 2012-06-04] (Barracuda Networks Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-01-23] () [File not signed]
S3 usbaudio; C:\Windows\SysWOW64\drivers\usbaudio.sys [39840 1998-08-21] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\SysWOW64\DRIVERS\usbhub.sys [27184 1998-08-21] (Microsoft Corporation) [File not signed]
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\D:\Games\Garena Plus\Room\safedrv.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 22:09 - 2016-01-17 22:09 - 00000730 _____ C:\Windows\SysWOW64\Microsoft.lnk
2016-01-17 22:08 - 2016-01-17 22:08 - 00000752 _____ C:\Users\Torres\Microsoft.lnk
2016-01-17 22:08 - 2016-01-17 22:08 - 00000752 _____ C:\Users\Public\Microsoft.lnk
2016-01-17 22:08 - 2016-01-17 22:08 - 00000752 _____ C:\Users\Public\Libraries.lnk
2016-01-17 22:08 - 2016-01-17 22:08 - 00000752 _____ C:\Users\Public\Downloads.lnk
2016-01-17 22:08 - 2016-01-17 22:08 - 00000752 _____ C:\Users\Default\Microsoft.lnk
2016-01-17 22:08 - 2016-01-17 22:08 - 00000728 _____ C:\Windows\AppCompat.lnk
2016-01-17 22:08 - 2016-01-17 22:08 - 00000000 ____D C:\FRST
2016-01-17 22:07 - 2016-01-17 22:07 - 00000597 _____ C:\ProgramData\trzFF79.tmp
2016-01-17 22:05 - 2016-01-17 22:05 - 00000746 _____ C:\Program Files (x86)\Microsoft.lnk
2016-01-17 22:01 - 2016-01-17 22:01 - 00003412 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Torres
2016-01-17 22:00 - 2016-01-17 22:08 - 00000746 _____ C:\Users\Microsoft.lnk
2016-01-17 22:00 - 2016-01-17 22:00 - 00007247 _____ C:\Windows\system32\rad1180A.tmp
2016-01-17 22:00 - 2016-01-17 22:00 - 00000746 _____ C:\Program Files\Microsoft.lnk
2016-01-17 22:00 - 2016-01-17 22:00 - 00000744 _____ C:\Microsoft.lnk
2016-01-17 22:00 - 2016-01-17 22:00 - 00000246 __RSH C:\Windows\system32\auto.exe
2016-01-17 20:43 - 2016-01-17 22:08 - 00000603 _____ C:\Users\Torres\.gimp-2.8.lnk
2016-01-17 20:43 - 2016-01-17 22:08 - 00000597 _____ C:\Users\All Users.lnk
2016-01-17 20:35 - 2016-01-17 20:35 - 00000752 _____ C:\Users\Torres\trz6E1A.tmp
2016-01-17 20:35 - 2016-01-17 20:35 - 00000752 _____ C:\Users\Public\trz6726.tmp
2016-01-17 20:35 - 2016-01-17 20:35 - 00000752 _____ C:\Users\Default\trz59BB.tmp
2016-01-17 20:35 - 2016-01-17 20:35 - 00000746 _____ C:\Users\trz5314.tmp
2016-01-17 20:34 - 2016-01-17 20:34 - 00000752 _____ C:\Users\Public\Desktop\trz98D8.tmp
2016-01-17 20:31 - 2016-01-17 22:00 - 00000746 _____ C:\AdwCleaner.lnk
2016-01-17 19:58 - 2016-01-17 22:00 - 00000000 ____D C:\AdwCleaner
2016-01-17 16:59 - 2016-01-17 16:51 - 00000710 _____ C:\Windows\system32\trzAEFB.tmp
2016-01-17 16:55 - 2016-01-17 16:55 - 00000752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\trz2C64.tmp
2016-01-17 16:51 - 2016-01-17 22:09 - 00000722 _____ C:\Windows\Tasks\Music.lnk
2016-01-17 16:51 - 2016-01-17 22:09 - 00000561 _____ C:\Windows\system32\Microsoft.lnk
2016-01-17 16:51 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\Tasks\dekstop.ini
2016-01-17 16:47 - 2016-01-17 22:08 - 00000000 _____ C:\ProgramData\Microsoft.lnk
2016-01-17 16:47 - 2016-01-17 22:07 - 00000744 _____ C:\Users\Public\Desktop\Music.lnk
2016-01-17 16:47 - 2016-01-17 16:47 - 00000746 _____ C:\ProgramData\trz84A2.tmp
2016-01-17 16:47 - 2006-02-04 19:30 - 00011330 __RSH C:\Users\Public\Desktop\dekstop.ini
2016-01-17 16:44 - 2016-01-17 22:00 - 00000762 _____ C:\Adjustment Program.lnk
2016-01-17 16:44 - 2016-01-17 22:00 - 00000762 _____ C:\@RestoreQuarantine.lnk
2016-01-17 16:44 - 2016-01-17 22:00 - 00000750 _____ C:\$Recycle.Bin.lnk
2016-01-17 16:44 - 2016-01-17 22:00 - 00000740 _____ C:\Backreg.lnk
2016-01-17 16:44 - 2016-01-17 22:00 - 00000736 _____ C:\Music.lnk
2016-01-17 16:44 - 2016-01-17 16:46 - 00000746 _____ C:\Config.Msi.lnk
2016-01-17 16:44 - 2016-01-17 16:44 - 00007247 _____ C:\Windows\system32\radAD1BE.tmp
2016-01-17 16:44 - 2016-01-17 16:44 - 00007247 _____ C:\Windows\system32\rad4C66D.tmp
2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\system32\rad108FB.tmp
2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\dekstop.ini
2016-01-17 13:23 - 2016-01-17 13:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-17 13:23 - 2016-01-17 13:23 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-17 13:23 - 2016-01-17 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-17 13:23 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-17 13:23 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-17 13:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-06 11:04 - 2016-01-06 11:04 - 00691644 _____ C:\Users\Torres\Desktop\MKTGRESEARCH.docx.pdf
2016-01-06 11:04 - 2016-01-06 11:04 - 00119421 _____ C:\Users\Torres\Desktop\MKTGRESEARCHFRONT.docx.pdf
2016-01-05 15:17 - 2016-01-17 22:00 - 00000000 __SHD C:\found.001
2016-01-05 00:11 - 2016-01-16 16:37 - 00000000 ____D C:\Users\Torres\Desktop\Neobux
2015-12-29 20:43 - 2016-01-03 12:43 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-29 18:18 - 2016-01-17 22:05 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-12-29 18:18 - 2016-01-17 20:34 - 00000000 ____D C:\HeroesData
2015-12-29 18:11 - 2016-01-17 22:07 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-12-29 18:11 - 2015-12-29 19:28 - 00000000 ____D C:\Users\Torres\AppData\Local\Battle.net
2015-12-29 18:11 - 2015-12-29 18:17 - 00000000 ____D C:\Users\Torres\AppData\Roaming\Battle.net
2015-12-29 18:11 - 2015-12-29 18:11 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2015-12-29 18:11 - 2015-12-29 18:11 - 00000000 ____D C:\Users\Torres\AppData\Local\Blizzard Entertainment
2015-12-29 18:11 - 2015-12-29 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-12-29 17:59 - 2016-01-17 22:08 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-21 00:57 - 2015-12-02 10:25 - 00000246 _____ C:\trz70F5.tmp
2015-12-21 00:57 - 2015-12-02 10:25 - 00000246 _____ C:\trz70F4.tmp
2015-12-21 00:52 - 2015-12-21 00:52 - 00112600 _____ C:\Users\Torres\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-21 00:50 - 2015-12-21 00:50 - 00007247 _____ C:\Windows\system32\rad14035.tmp
2015-12-21 00:49 - 2015-12-21 00:57 - 05044232 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-20 20:01 - 2015-12-20 20:01 - 00007247 _____ C:\Windows\system32\rad92C32.tmp
2015-12-20 17:52 - 2015-12-20 17:51 - 00000752 _____ C:\ProgramData\trzA245.tmp
2015-12-20 16:44 - 2015-12-20 16:37 - 00000752 _____ C:\Users\Default\trz42A7.tmp
2015-12-20 14:50 - 2015-12-20 12:06 - 00000746 _____ C:\Program Files (x86)\trzA70F.tmp
2015-12-20 12:04 - 2015-12-20 12:04 - 00007247 _____ C:\Windows\system32\rad00C55.tmp
2015-12-19 23:54 - 2015-12-19 23:54 - 00000746 _____ C:\Users\trzC941.tmp
2015-12-19 22:31 - 2015-12-19 22:31 - 00000603 _____ C:\ProgramData\Microsoft\Windows\Start Menu\trz999E.tmp
2015-12-19 22:31 - 2015-12-19 22:30 - 00000752 _____ C:\ProgramData\trzCE59.tmp
2015-12-19 18:44 - 2015-12-19 18:44 - 00000746 _____ C:\Users\trz2833.tmp
2015-12-19 13:06 - 2015-12-19 13:06 - 00000752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\trzC5FC.tmp
2015-12-19 12:58 - 2015-12-19 12:58 - 00007247 _____ C:\Windows\system32\rad8D611.tmp
2015-12-18 21:58 - 2015-12-18 21:58 - 00000746 _____ C:\Users\trz2550.tmp
2015-12-18 21:47 - 2015-12-18 21:47 - 00007247 _____ C:\Windows\system32\rad1A07C.tmp
2015-12-18 11:21 - 2015-12-18 11:21 - 00007247 _____ C:\Windows\system32\rad66A42.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 22:19 - 2012-08-24 16:14 - 00000000 ____D C:\ProgramData\Yahoo!
2016-01-17 22:14 - 2013-03-15 11:26 - 00000000 ____D C:\ProgramData\Sun
2016-01-17 22:13 - 2014-10-15 20:25 - 00000000 ____D C:\ProgramData\Nero
2016-01-17 22:13 - 2014-01-31 21:29 - 00000000 ____D C:\ProgramData\BlocckUTuBeAd
2016-01-17 22:13 - 2012-08-24 17:48 - 00000000 ____D C:\ProgramData\TP-LINK
2016-01-17 22:13 - 2012-08-24 16:07 - 00000000 ____D C:\ProgramData\Adobe
2016-01-17 22:12 - 2014-10-15 20:26 - 00000000 ____D C:\ProgramData\Ahead
2016-01-17 22:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Web
2016-01-17 22:09 - 2015-10-11 16:56 - 00000000 ____D C:\Windows\Downloaded Installations
2016-01-17 22:09 - 2015-10-11 16:10 - 00000000 ____D C:\Windows\en
2016-01-17 22:09 - 2015-08-17 21:35 - 00000748 _____ C:\Windows\SysWOW64\AdvancedInstallers.lnk
2016-01-17 22:09 - 2015-08-17 21:35 - 00000722 _____ C:\Windows\SysWOW64\ar-SA.lnk
2016-01-17 22:09 - 2015-08-17 21:35 - 00000722 _____ C:\Windows\SysWOW64\Adobe.lnk
2016-01-17 22:09 - 2015-08-17 21:35 - 00000720 _____ C:\Windows\SysWOW64\0409.lnk
2016-01-17 22:09 - 2015-08-17 08:34 - 00000722 _____ C:\Windows\SysWOW64\Music.lnk
2016-01-17 22:09 - 2015-08-17 08:34 - 00000722 _____ C:\Windows\SysWOW64\bg-BG.lnk
2016-01-17 22:09 - 2015-08-17 08:21 - 00000722 _____ C:\Windows\system\Music.lnk
2016-01-17 22:09 - 2015-07-19 13:03 - 00000716 _____ C:\Windows\system32\$RECYCLE.BIN.lnk
2016-01-17 22:09 - 2015-02-26 11:59 - 00000702 _____ C:\Windows\system32\Music.lnk
2016-01-17 22:09 - 2015-02-26 11:58 - 00000722 _____ C:\Windows\Minidump\Music.lnk
2016-01-17 22:09 - 2015-02-25 06:38 - 00000728 _____ C:\Windows\system32\AdvancedInstallers.lnk
2016-01-17 22:09 - 2015-02-25 06:38 - 00000708 _____ C:\Windows\system32\Aplikasi.lnk
2016-01-17 22:09 - 2015-02-25 06:38 - 00000706 _____ C:\Windows\system32\appmgmt.lnk
2016-01-17 22:09 - 2015-02-25 06:38 - 00000700 _____ C:\Windows\system32\0409.lnk
2016-01-17 22:09 - 2013-03-15 11:26 - 00000000 ____D C:\Windows\Sun
2016-01-17 22:09 - 2013-01-17 12:26 - 00000000 __SHD C:\Windows\ftpcache
2016-01-17 22:09 - 2012-10-26 01:13 - 00000000 ____D C:\Windows\Minidump
2016-01-17 22:09 - 2012-08-24 17:48 - 00000000 ____D C:\Windows\Options
2016-01-17 22:09 - 2012-08-24 16:22 - 00000000 ____D C:\Windows\PCHEALTH
2016-01-17 22:09 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\ShellNew
2016-01-17 22:09 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\RemotePackages
2016-01-17 22:09 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-01-17 22:09 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Performance
2016-01-17 22:09 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-01-17 22:09 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\Setup
2016-01-17 22:09 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Vss
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\tracing
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\TAPI
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\security
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SchCache
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PLA
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\L2Schemas
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\IME
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Help
2016-01-17 22:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Globalization
2016-01-17 22:08 - 2015-12-02 00:54 - 00000720 _____ C:\Windows\Music.lnk
2016-01-17 22:08 - 2015-11-27 06:51 - 00000740 _____ C:\Windows\.jagex_cache_32.lnk
2016-01-17 22:08 - 2015-11-27 06:51 - 00000726 _____ C:\Windows\assembly.lnk
2016-01-17 22:08 - 2015-11-27 06:51 - 00000726 _____ C:\Windows\AppPatch.lnk
2016-01-17 22:08 - 2015-11-27 06:51 - 00000722 _____ C:\Windows\addins.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000768 _____ C:\Users\Torres\.oracle_jre_usage.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000766 _____ C:\Users\Torres\Application Data.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000766 _____ C:\Users\Default\Application Data.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000756 _____ C:\Users\Torres\.thumbnails.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000752 _____ C:\Users\Default User.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Torres\AppData.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Public\Desktop.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Default\Desktop.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Default\Cookies.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Default\AppData.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\Users\Torres\Music.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\Users\Public\Music.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\Users\Default\Music.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Music.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000742 _____ C:\Users\Default.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000740 _____ C:\Users\Torres.lnk
2016-01-17 22:08 - 2015-11-26 22:19 - 00000740 _____ C:\Users\Public.lnk
2016-01-17 22:08 - 2015-11-26 22:18 - 00000762 _____ C:\ProgramData\Apple Computer.lnk
2016-01-17 22:08 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Music.lnk
2016-01-17 22:08 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Apple.lnk
2016-01-17 22:08 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Ahead.lnk
2016-01-17 22:08 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Adobe.lnk
2016-01-17 22:08 - 2015-11-26 22:18 - 00000740 _____ C:\ProgramData\AMD.lnk
2016-01-17 22:08 - 2015-11-26 22:16 - 00000738 _____ C:\Users\Music.lnk
2016-01-17 22:08 - 2015-11-25 22:39 - 00000000 ____D C:\SWSetup
2016-01-17 22:08 - 2015-07-19 13:38 - 00000000 ____D C:\ProgramData\RegRun
2016-01-17 22:08 - 2015-02-25 06:33 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-01-17 22:08 - 2014-06-10 18:28 - 00000000 ____D C:\ProgramData\Oracle
2016-01-17 22:08 - 2014-05-18 11:49 - 00000000 ____D C:\ProgramData\SP_FT_Logs
2016-01-17 22:08 - 2014-04-02 23:32 - 00000000 ____D C:\ProgramData\Razer
2016-01-17 22:08 - 2014-01-31 21:29 - 00000000 ____D C:\ProgramData\nggiaomoijpbfonkpcefijihefpennji
2016-01-17 22:08 - 2013-12-30 17:46 - 00000000 ____D C:\ProgramData\SuaiveNewaAppPz
2016-01-17 22:08 - 2013-12-03 22:19 - 00000000 ____D C:\SWTOOLS
2016-01-17 22:08 - 2013-09-28 10:14 - 00000000 ____D C:\Windows\.jagex_cache_32
2016-01-17 22:08 - 2013-05-10 15:24 - 00000000 ____D C:\ProgramData\Sony
2016-01-17 22:08 - 2013-01-28 22:28 - 00000000 ____D C:\ProgramData\Samsung
2016-01-17 22:08 - 2012-12-30 00:22 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-01-17 22:08 - 2012-11-24 10:51 - 00000000 ____D C:\ProgramData\PMB Files
2016-01-17 22:08 - 2012-11-16 12:43 - 00000000 ____D C:\ProgramData\PopCap Games
2016-01-17 22:08 - 2012-10-24 15:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-17 22:08 - 2012-08-25 00:02 - 00000000 ____D C:\ProgramData\RoboForm
2016-01-17 22:08 - 2012-08-24 18:14 - 00000000 ____D C:\ProgramData\WEBZEN
2016-01-17 22:08 - 2012-08-24 16:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-17 22:08 - 2012-08-24 16:18 - 00000000 ____D C:\ProgramData\Mozilla
2016-01-17 22:08 - 2012-08-24 16:14 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2016-01-17 22:08 - 2012-08-24 16:02 - 00000000 ____D C:\ProgramData\Skype
2016-01-17 22:08 - 2012-08-24 15:47 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-01-17 22:08 - 2012-08-24 15:33 - 00000000 ____D C:\ProgramData\Splashtop
2016-01-17 22:08 - 2012-08-24 15:25 - 00000000 ____D C:\Users\Torres
2016-01-17 22:08 - 2009-07-14 15:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2016-01-17 22:08 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\CSC
2016-01-17 22:08 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\addins
2016-01-17 22:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Cursors
2016-01-17 22:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Branding
2016-01-17 22:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-17 22:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows
2016-01-17 22:07 - 2015-10-11 16:57 - 00000000 ____D C:\ProgramData\Free YouTube Downloader
2016-01-17 22:07 - 2015-10-11 16:08 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-01-17 22:07 - 2015-10-05 22:29 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-01-17 22:07 - 2015-10-03 14:34 - 00000000 ____D C:\ProgramData\AVG
2016-01-17 22:07 - 2015-09-22 14:12 - 00000000 __SHD C:\ProgramData\Hunt Systems Manager
2016-01-17 22:07 - 2015-07-20 03:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-17 22:07 - 2015-06-08 12:54 - 00000000 ____D C:\ProgramData\Dropbox
2016-01-17 22:07 - 2015-03-07 19:57 - 00000000 ____D C:\ProgramData\Linksys
2016-01-17 22:07 - 2014-11-08 19:16 - 00000000 ____D C:\Program Files (x86)\WTFast
2016-01-17 22:07 - 2014-10-22 22:00 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-17 22:07 - 2014-10-22 22:00 - 00000000 ____D C:\ProgramData\Apple
2016-01-17 22:07 - 2014-10-10 21:18 - 00000000 ____D C:\ProgramData\IObit
2016-01-17 22:07 - 2013-12-30 17:46 - 00000000 ____D C:\ProgramData\b445933ff7cc4de1
2016-01-17 22:07 - 2013-08-24 12:59 - 00000000 ____D C:\ProgramData\Garena
2016-01-17 22:07 - 2013-07-26 13:46 - 00000000 ____D C:\ProgramData\McAfee
2016-01-17 22:07 - 2013-01-17 12:34 - 00000000 ____D C:\ProgramData\Media Center Programs
2016-01-17 22:07 - 2013-01-10 15:48 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-01-17 22:07 - 2013-01-10 11:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-17 22:07 - 2012-12-31 17:06 - 00000000 ____D C:\ProgramData\EPSON
2016-01-17 22:07 - 2012-10-21 09:32 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-17 22:07 - 2012-10-02 10:42 - 00000000 ____D C:\ProgramData\Magic Submitter
2016-01-17 22:07 - 2012-08-24 16:32 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-17 22:07 - 2012-08-24 16:08 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-01-17 22:07 - 2012-08-24 15:49 - 00000000 ____D C:\ProgramData\DivX
2016-01-17 22:07 - 2012-08-24 15:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-17 22:07 - 2012-08-24 15:40 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-01-17 22:07 - 2012-08-24 15:35 - 00000000 ____D C:\ProgramData\ATI
2016-01-17 22:07 - 2012-08-24 15:32 - 00000000 ____D C:\ProgramData\AMD
2016-01-17 22:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-01-17 22:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-01-17 22:07 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-01-17 22:07 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-01-17 22:06 - 2015-10-05 22:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-17 22:06 - 2015-08-21 12:25 - 00000000 ____D C:\Program Files (x86)\WicReset
2016-01-17 22:06 - 2015-07-20 03:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-17 22:06 - 2015-07-19 16:25 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-01-17 22:06 - 2015-07-19 13:11 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-01-17 22:06 - 2015-06-24 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-17 22:06 - 2015-03-12 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-01-17 22:06 - 2015-03-12 10:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-01-17 22:06 - 2015-03-12 09:56 - 00000000 ____D C:\Program Files (x86)\PowerISO
2016-01-17 22:06 - 2014-10-23 04:59 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-01-17 22:06 - 2014-10-22 22:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-01-17 22:06 - 2014-10-22 21:02 - 00000000 ____D C:\Program Files (x86)\Sun Broadband Wireless
2016-01-17 22:06 - 2014-10-15 20:25 - 00000000 ____D C:\Program Files (x86)\Nero
2016-01-17 22:06 - 2014-08-11 15:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 22:06 - 2014-05-24 15:58 - 00000000 ____D C:\Program Files (x86)\RaidCall
2016-01-17 22:06 - 2014-05-18 11:33 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2016-01-17 22:06 - 2014-04-02 23:32 - 00000000 ____D C:\Program Files (x86)\Razer
2016-01-17 22:06 - 2013-10-02 10:31 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-01-17 22:06 - 2013-05-10 15:41 - 00000000 ____D C:\Program Files (x86)\Sony
2016-01-17 22:06 - 2013-04-11 17:42 - 00000000 ____D C:\Program Files\DIFX
2016-01-17 22:06 - 2013-03-21 21:17 - 00000000 ____D C:\Program Files (x86)\Vimicro Corporation
2016-01-17 22:06 - 2013-01-28 22:33 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2016-01-17 22:06 - 2013-01-28 22:28 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-01-17 22:06 - 2013-01-17 19:12 - 00000000 ____D C:\Program Files (x86)\THQ
2016-01-17 22:06 - 2013-01-10 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2016-01-17 22:06 - 2013-01-10 12:13 - 00000000 ____D C:\Program Files (x86)\OCSetup
2016-01-17 22:06 - 2012-11-24 10:49 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2016-01-17 22:06 - 2012-09-01 08:21 - 00000000 ____D C:\Program Files (x86)\WEBZENtest
2016-01-17 22:06 - 2012-08-24 18:11 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-17 22:06 - 2012-08-24 16:23 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2016-01-17 22:06 - 2012-08-24 16:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-17 22:06 - 2012-08-24 16:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-01-17 22:06 - 2012-08-24 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-01-17 22:06 - 2012-08-24 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-17 22:06 - 2012-08-24 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-17 22:06 - 2012-08-24 16:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-17 22:06 - 2012-08-24 15:33 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-01-17 22:06 - 2012-08-24 15:33 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-17 22:06 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-17 22:06 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-01-17 22:06 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-17 22:05 - 2015-11-26 22:17 - 00000770 _____ C:\Program Files (x86)\Apple Software Update.lnk
2016-01-17 22:05 - 2015-11-26 22:17 - 00000764 _____ C:\Program Files (x86)\Adobe Media Player.lnk
2016-01-17 22:05 - 2015-11-26 22:17 - 00000758 _____ C:\Program Files (x86)\Alexandr Krulik.lnk
2016-01-17 22:05 - 2015-11-26 22:17 - 00000742 _____ C:\Program Files (x86)\AMD APP.lnk
2016-01-17 22:05 - 2015-11-26 22:17 - 00000738 _____ C:\Program Files (x86)\Music.lnk
2016-01-17 22:05 - 2015-11-26 22:17 - 00000738 _____ C:\Program Files (x86)\Adobe.lnk
2016-01-17 22:05 - 2015-10-11 16:57 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-01-17 22:05 - 2015-10-03 14:35 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-17 22:05 - 2015-10-03 14:31 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2016-01-17 22:05 - 2015-06-08 12:54 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job
2016-01-17 22:05 - 2014-12-30 23:10 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-01-17 22:05 - 2014-12-03 08:49 - 00000000 ____D C:\Program Files (x86)\BitLord
2016-01-17 22:05 - 2014-12-03 08:48 - 00000000 ____D C:\Program Files (x86)\AppName
2016-01-17 22:05 - 2014-11-08 22:19 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-01-17 22:05 - 2014-10-22 22:00 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-17 22:05 - 2014-10-10 21:18 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-17 22:05 - 2014-09-22 17:30 - 00000000 ____D C:\Program Files\WinRAR
2016-01-17 22:05 - 2014-07-25 00:24 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2016-01-17 22:05 - 2014-06-17 12:35 - 00000000 ____D C:\Program Files (x86)\Gaming Mouse
2016-01-17 22:05 - 2014-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-01-17 22:05 - 2014-05-23 14:19 - 00000000 ____D C:\Program Files (x86)\MarkAny
2016-01-17 22:05 - 2013-03-21 21:16 - 00000000 ____D C:\Program Files (x86)\IM Magician
2016-01-17 22:05 - 2013-03-15 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-17 22:05 - 2013-01-02 14:08 - 00000000 ____D C:\Program Files (x86)\epson
2016-01-17 22:05 - 2012-11-30 01:14 - 00000000 ____D C:\Program Files (x86)\GUM1813.tmp
2016-01-17 22:05 - 2012-11-13 22:58 - 00000000 ____D C:\Program Files (x86)\Kalypso Media
2016-01-17 22:05 - 2012-10-24 14:30 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2016-01-17 22:05 - 2012-10-02 10:42 - 00000000 ____D C:\Program Files (x86)\Alexandr Krulik
2016-01-17 22:05 - 2012-09-06 14:02 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2016-01-17 22:05 - 2012-08-24 16:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-17 22:05 - 2012-08-24 15:57 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-01-17 22:05 - 2012-08-24 15:57 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-17 22:05 - 2012-08-24 15:51 - 00000000 ____D C:\Program Files (x86)\DivX
2016-01-17 22:05 - 2012-08-24 15:38 - 00000000 ____D C:\Program Files\GIGABYTE
2016-01-17 22:05 - 2012-08-24 15:38 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2016-01-17 22:05 - 2012-08-24 15:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-17 22:05 - 2012-08-24 15:33 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-01-17 22:05 - 2012-08-24 15:31 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-01-17 22:05 - 2009-07-14 15:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-17 22:05 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-01-17 22:05 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-01-17 22:05 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-01-17 22:05 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-17 22:05 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Windows NT
2016-01-17 22:04 - 2013-05-10 15:41 - 00000000 ____D C:\Program Files\Sony
2016-01-17 22:04 - 2012-10-12 01:37 - 00000000 ___RD C:\Users\Torres\Dropbox
2016-01-17 22:04 - 2012-10-12 01:35 - 00000000 ____D C:\Users\Torres\AppData\Roaming\Dropbox
2016-01-17 22:04 - 2012-08-24 15:34 - 00000000 ____D C:\Program Files\Realtek
2016-01-17 22:04 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-01-17 22:04 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\MSBuild
2016-01-17 22:02 - 2014-08-11 15:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-17 22:02 - 2013-01-10 12:15 - 00000000 ____D C:\Program Files\Microsoft Lync
2016-01-17 22:02 - 2013-01-10 12:13 - 00000000 ____D C:\Users\Torres\Tracing
2016-01-17 22:02 - 2012-09-11 19:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-17 22:02 - 2012-08-24 16:20 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-17 22:02 - 2012-08-24 15:55 - 00000000 ____D C:\Program Files\DivX
2016-01-17 22:02 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-01-17 22:02 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-01-17 22:01 - 2015-11-26 22:16 - 00000766 _____ C:\Program Files\Common Files\Microsoft Shared.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000760 _____ C:\Program Files\ATI Technologies.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000756 _____ C:\Program Files\Common Files\INCA Shared.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000756 _____ C:\Program Files\AVAST Software.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000750 _____ C:\Program Files\BarracudaNG.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000744 _____ C:\Program Files\Common Files\Music.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000744 _____ C:\Program Files\Common Files\EPSON.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000744 _____ C:\Program Files\Common Files\Adobe.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000738 _____ C:\Program Files\Common Files\AV.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000738 _____ C:\Program Files\Adobe.lnk
2016-01-17 22:01 - 2015-11-26 22:16 - 00000734 _____ C:\Program Files\ATI.lnk
2016-01-17 22:01 - 2015-07-20 00:27 - 00000000 ____D C:\Program Files\Bitdefender
2016-01-17 22:01 - 2014-10-14 21:30 - 00000000 ____D C:\Program Files\Adobe
2016-01-17 22:01 - 2012-08-24 16:32 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-17 22:01 - 2012-08-24 15:41 - 00000000 ____D C:\Program Files\CCleaner
2016-01-17 22:01 - 2012-08-24 15:32 - 00000000 ____D C:\Program Files\ATI Technologies
2016-01-17 22:01 - 2012-08-24 15:32 - 00000000 ____D C:\Program Files\ATI
2016-01-17 22:00 - 2015-11-26 22:16 - 00000738 _____ C:\Program Files\Music.lnk
2016-01-17 22:00 - 2015-08-21 19:07 - 00000000 ____D C:\Adjustment Program
2016-01-17 22:00 - 2015-07-24 04:07 - 00000000 __SHD C:\found.000
2016-01-17 22:00 - 2015-07-19 15:33 - 00000000 ____D C:\Backreg
2016-01-17 22:00 - 2015-07-19 14:17 - 00000000 ____D C:\@RestoreQuarantine
2016-01-17 22:00 - 2015-02-25 06:35 - 00000000 _____ C:\Windows\system32\Serv60d.dll
2016-01-17 22:00 - 2014-10-23 05:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-17 22:00 - 2014-10-06 13:53 - 00000000 ____D C:\divx
2016-01-17 22:00 - 2014-06-21 19:32 - 00000000 ____D C:\Games
2016-01-17 22:00 - 2013-08-24 13:00 - 00000000 ____D C:\GarenaDownload
2016-01-17 22:00 - 2012-08-24 16:19 - 00000000 __RHD C:\MSOCache
2016-01-17 21:59 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-17 21:56 - 2014-10-23 05:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-17 21:44 - 2012-08-24 16:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-17 21:43 - 2015-07-19 16:47 - 00000942 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job
2016-01-17 21:05 - 2015-07-19 16:25 - 00000000 __SHD C:\[smad-Cage]
2016-01-17 20:59 - 2012-11-30 01:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job
2016-01-17 20:43 - 2012-08-24 16:23 - 00000000 ____D C:\ProgramData\Zbshareware Lab
2016-01-17 20:35 - 2013-04-11 17:42 - 00000000 ____D C:\Program Files\BarracudaNG
2016-01-17 20:35 - 2009-07-14 11:20 - 00000000 ____D C:\PerfLogs
2016-01-17 17:43 - 2015-07-19 16:47 - 00000890 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job
2016-01-17 16:58 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\schemas
2016-01-17 16:57 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-17 15:59 - 2012-11-30 01:14 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job
2016-01-17 13:13 - 2012-08-25 08:09 - 00000000 ____D C:\Users\Torres\AppData\Local\Adobe
2016-01-17 13:12 - 2009-07-14 12:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-17 13:12 - 2009-07-14 12:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-17 13:05 - 2015-06-08 12:54 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job
2016-01-17 13:04 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-16 16:43 - 2014-12-29 09:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 00:23 - 2015-02-24 22:36 - 00000000 ____D C:\Users\Torres\AppData\Local\Steam
2016-01-11 13:30 - 2014-04-06 08:42 - 00000000 ____D C:\Users\Torres\AppData\Local\CrashDumps
2016-01-10 13:57 - 2015-11-22 17:20 - 00003242 _____ C:\Windows\System32\Tasks\smadav
2016-01-03 12:44 - 2012-08-24 16:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-03 12:43 - 2012-08-24 15:56 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 12:43 - 2012-08-24 15:56 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 21:10 - 2014-10-23 07:37 - 00484374 _____ C:\Windows\system32\perfh00B.dat
2015-12-31 21:10 - 2014-10-23 07:37 - 00101844 _____ C:\Windows\system32\perfc00B.dat
2015-12-31 21:10 - 2009-07-14 13:13 - 01362316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-19 23:55 - 2015-12-04 20:12 - 00000728 _____ C:\Windows\SysWOW64\Aplikasi.lnk
2015-12-19 23:55 - 2015-12-04 20:12 - 00000728 _____ C:\Windows\system\Aplikasi.lnk
2015-12-19 23:55 - 2015-02-25 06:38 - 00000728 _____ C:\Windows\Minidump\Aplikasi.lnk
2015-12-19 23:54 - 2015-12-04 20:11 - 00000750 _____ C:\Users\Torres\Aplikasi.lnk
2015-12-19 23:54 - 2015-12-04 20:11 - 00000750 _____ C:\Users\Public\Aplikasi.lnk
2015-12-19 23:54 - 2015-12-04 20:11 - 00000750 _____ C:\Users\Default\Aplikasi.lnk
2015-12-19 23:54 - 2015-12-04 20:11 - 00000726 _____ C:\Windows\Aplikasi.lnk
2015-12-19 23:54 - 2015-12-04 20:10 - 00000750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Aplikasi.lnk
2015-12-19 23:54 - 2015-12-04 10:53 - 00000750 _____ C:\ProgramData\Aplikasi.lnk
2015-12-19 23:54 - 2015-12-04 10:50 - 00000744 _____ C:\Users\Aplikasi.lnk
2015-12-19 23:52 - 2015-12-04 10:51 - 00000744 _____ C:\Program Files (x86)\Aplikasi.lnk
2015-12-19 23:51 - 2015-12-04 10:51 - 00000750 _____ C:\Program Files\Common Files\Aplikasi.lnk
2015-12-19 23:51 - 2015-12-04 10:50 - 00000744 _____ C:\Program Files\Aplikasi.lnk
 
==================== Files in the root of some directories =======
 
2015-11-26 22:16 - 2016-01-17 22:01 - 0000738 _____ () C:\Program Files\Adobe.lnk
2015-12-04 10:50 - 2015-12-19 23:51 - 0000744 _____ () C:\Program Files\Aplikasi.lnk
2015-11-26 22:16 - 2016-01-17 22:01 - 0000760 _____ () C:\Program Files\ATI Technologies.lnk
2015-11-26 22:16 - 2016-01-17 22:01 - 0000734 _____ () C:\Program Files\ATI.lnk
2015-11-26 22:16 - 2016-01-17 22:01 - 0000756 _____ () C:\Program Files\AVAST Software.lnk
2015-11-26 22:16 - 2016-01-17 22:01 - 0000750 _____ () C:\Program Files\BarracudaNG.lnk
2015-11-26 22:16 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files\dekstop.ini
2015-04-01 10:36 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files\Lirik.rtf
2015-11-26 22:16 - 2016-01-17 22:00 - 0000738 _____ () C:\Program Files\Music.lnk
2015-07-19 22:46 - 2015-03-10 14:51 - 0000246 __RSH () C:\Program Files\trz1DEB.tmp
2015-07-25 05:20 - 2015-07-20 03:08 - 0000246 __RSH () C:\Program Files\trzC987.tmp
2015-11-26 22:17 - 2016-01-17 22:05 - 0000764 _____ () C:\Program Files (x86)\Adobe Media Player.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000738 _____ () C:\Program Files (x86)\Adobe.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000758 _____ () C:\Program Files (x86)\Alexandr Krulik.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000742 _____ () C:\Program Files (x86)\AMD APP.lnk
2015-12-04 10:51 - 2015-12-19 23:52 - 0000744 _____ () C:\Program Files (x86)\Aplikasi.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000770 _____ () C:\Program Files (x86)\Apple Software Update.lnk
2015-11-26 22:17 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files (x86)\dekstop.ini
2015-04-01 10:37 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files (x86)\Lirik.rtf
2015-11-26 22:17 - 2016-01-17 22:05 - 0000738 _____ () C:\Program Files (x86)\Music.lnk
2015-07-19 23:58 - 2015-03-10 14:51 - 0000246 __RSH () C:\Program Files (x86)\trz107A.tmp
2015-07-25 06:00 - 2015-07-20 03:08 - 0000246 __RSH () C:\Program Files (x86)\trz78FE.tmp
2015-12-20 14:50 - 2015-12-20 12:06 - 0000746 _____ () C:\Program Files (x86)\trzA70F.tmp
2015-11-26 22:16 - 2016-01-17 22:01 - 0000744 _____ () C:\Program Files\Common Files\Adobe.lnk
2015-12-04 10:51 - 2015-12-19 23:51 - 0000750 _____ () C:\Program Files\Common Files\Aplikasi.lnk
2015-11-26 22:16 - 2016-01-17 22:01 - 0000738 _____ () C:\Program Files\Common Files\AV.lnk
2015-11-26 22:16 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files\Common Files\dekstop.ini
2015-11-26 22:16 - 2016-01-17 22:01 - 0000744 _____ () C:\Program Files\Common Files\EPSON.lnk
2015-11-26 22:16 - 2016-01-17 22:01 - 0000756 _____ () C:\Program Files\Common Files\INCA Shared.lnk
2015-04-01 10:37 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files\Common Files\Lirik.rtf
2015-11-26 22:16 - 2016-01-17 22:01 - 0000766 _____ () C:\Program Files\Common Files\Microsoft Shared.lnk
2015-11-26 22:16 - 2016-01-17 22:01 - 0000744 _____ () C:\Program Files\Common Files\Music.lnk
2015-07-25 05:25 - 2015-03-10 14:51 - 0000246 __RSH () C:\Program Files\Common Files\trz285A.tmp
2015-11-27 06:25 - 2015-11-27 05:56 - 0000752 _____ () C:\Program Files\Common Files\trzC05F.tmp
2016-01-17 22:05 - 2016-01-17 22:05 - 0000752 _____ () C:\Program Files (x86)\Common Files\Adobe AIR.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000744 _____ () C:\Program Files (x86)\Common Files\Adobe.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000744 _____ () C:\Program Files (x86)\Common Files\Ahead.lnk
2015-12-04 10:52 - 2015-12-19 23:52 - 0000750 _____ () C:\Program Files (x86)\Common Files\Aplikasi.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000744 _____ () C:\Program Files (x86)\Common Files\Apple.lnk
2016-01-17 22:05 - 2016-01-17 22:00 - 0000246 __RSH () C:\Program Files (x86)\Common Files\autorun.inf
2015-11-26 22:17 - 2016-01-17 22:05 - 0000738 _____ () C:\Program Files (x86)\Common Files\AV.lnk
2015-11-26 22:17 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files (x86)\Common Files\dekstop.ini
2015-04-01 10:37 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files (x86)\Common Files\Lirik.rtf
2016-01-17 22:05 - 2016-01-17 22:05 - 0000752 _____ () C:\Program Files (x86)\Common Files\Microsoft.lnk
2015-11-26 22:17 - 2016-01-17 22:05 - 0000744 _____ () C:\Program Files (x86)\Common Files\Music.lnk
2015-07-25 06:19 - 2015-03-14 10:57 - 0000246 __RSH () C:\Program Files (x86)\Common Files\trz1115.tmp
2015-11-26 22:19 - 2015-11-26 22:19 - 0000752 _____ () C:\Program Files (x86)\Common Files\trz546D.tmp
2015-12-16 11:53 - 2015-12-16 11:53 - 0000752 _____ () C:\Program Files (x86)\Common Files\trzEA42.tmp
2014-11-04 22:42 - 2014-11-04 23:04 - 0000132 _____ () C:\Users\Torres\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-09-06 14:03 - 2014-03-24 22:35 - 0000000 _____ () C:\Users\Torres\AppData\Roaming\bitlord_log.txt
2012-12-30 00:59 - 2013-03-18 04:55 - 0045270 _____ () C:\Users\Torres\AppData\Roaming\room_v3.dat
2014-04-02 23:52 - 2014-04-05 10:39 - 0034816 _____ () C:\Users\Torres\AppData\Roaming\RZR_0060ac6648b595ee2e37dcc6204b.db
2014-04-09 15:54 - 2014-10-23 00:54 - 0000136 _____ () C:\Users\Torres\AppData\Roaming\WB.CFG
2013-01-28 20:58 - 2013-01-28 20:58 - 0021687 _____ () C:\Users\Torres\AppData\Local\recently-used.xbel
2012-09-01 00:53 - 2012-09-01 00:53 - 0007599 _____ () C:\Users\Torres\AppData\Local\Resmon.ResmonCfg
2015-09-23 11:19 - 2015-09-23 11:20 - 0573440 ___SH (PreSonus) C:\Users\Torres\AppData\Local\svchost.exe
2015-07-20 00:29 - 2015-07-20 00:29 - 0182442 _____ () C:\ProgramData\1437323223.bdinstall.bin
2015-07-20 02:42 - 2015-07-20 02:42 - 0037823 _____ () C:\ProgramData\1437331326.bdinstall.bin
2015-07-20 02:47 - 2015-07-20 02:47 - 0059141 _____ () C:\ProgramData\1437331358.bdinstall.bin
2015-07-20 03:21 - 2015-07-20 03:21 - 0037690 _____ () C:\ProgramData\1437333689.bdinstall.bin
2015-07-20 03:22 - 2015-07-20 03:22 - 0097253 _____ () C:\ProgramData\1437333691.bdinstall.bin
2015-11-26 22:18 - 2016-01-17 22:08 - 0000744 _____ () C:\ProgramData\Adobe.lnk
2015-11-26 22:18 - 2016-01-17 22:08 - 0000744 _____ () C:\ProgramData\Ahead.lnk
2015-11-26 22:18 - 2016-01-17 22:08 - 0000740 _____ () C:\ProgramData\AMD.lnk
2015-12-04 10:53 - 2015-12-19 23:54 - 0000750 _____ () C:\ProgramData\Aplikasi.lnk
2015-11-26 22:18 - 2016-01-17 22:08 - 0000762 _____ () C:\ProgramData\Apple Computer.lnk
2015-11-26 22:18 - 2016-01-17 22:08 - 0000744 _____ () C:\ProgramData\Apple.lnk
2015-07-20 11:44 - 2015-07-20 11:44 - 0000000 __RSH () C:\ProgramData\autorun.inf
2015-11-26 22:18 - 2006-02-04 19:30 - 0011330 __RSH () C:\ProgramData\dekstop.ini
2013-01-14 21:13 - 2012-11-15 21:13 - 0000032 ____R () C:\ProgramData\hash.dat
2015-04-01 10:39 - 2015-07-01 22:50 - 0000729 _____ () C:\ProgramData\Lirik.rtf
2016-01-17 16:47 - 2016-01-17 22:08 - 0000000 _____ () C:\ProgramData\Microsoft.lnk
2012-10-02 10:42 - 2011-07-24 12:13 - 0993792 _____ () C:\ProgramData\MSRecovery.exe
2015-11-26 22:18 - 2016-01-17 22:08 - 0000744 _____ () C:\ProgramData\Music.lnk
2012-10-02 10:42 - 2012-08-23 15:51 - 0000691 _____ () C:\ProgramData\settings.ini
2015-12-12 03:41 - 2015-12-12 03:33 - 0000752 _____ () C:\ProgramData\trz160E.tmp
2015-11-27 07:22 - 2015-11-27 07:20 - 0000752 _____ () C:\ProgramData\trz400.tmp
2016-01-17 16:47 - 2016-01-17 16:47 - 0000746 _____ () C:\ProgramData\trz84A2.tmp
2015-12-15 08:26 - 2015-12-15 08:26 - 0000752 _____ () C:\ProgramData\trz85B3.tmp
2015-12-20 17:52 - 2015-12-20 17:51 - 0000752 _____ () C:\ProgramData\trzA245.tmp
2015-12-19 22:31 - 2015-12-19 22:30 - 0000752 _____ () C:\ProgramData\trzCE59.tmp
2015-11-26 22:24 - 2015-11-26 22:22 - 0000752 _____ () C:\ProgramData\trzDBF.tmp
2015-07-20 11:44 - 2015-07-20 11:35 - 0000246 __RSH () C:\ProgramData\trzEB28.tmp
2016-01-17 22:07 - 2016-01-17 22:07 - 0000597 _____ () C:\ProgramData\trzFF79.tmp
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\MSRecovery.exe
 
 
Some files in TEMP:
====================
C:\Users\Torres\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Serv60d.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-10 15:16
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by Torres (2016-01-17 22:22:34)

Running from D:\downloads

Windows 7 Ultimate (X64) (2012-08-24 07:24:18)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-819453736-4280033654-1804472810-500 - Administrator - Disabled)

Guest (S-1-5-21-819453736-4280033654-1804472810-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-819453736-4280033654-1804472810-1005 - Limited - Enabled)

Torres (S-1-5-21-819453736-4280033654-1804472810-1000 - Administrator - Enabled) => C:\Users\Torres

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: Barracuda Personal Firewall (Enabled) {359AB737-38BF-B875-9860-26722624EDDC}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)

AMD Catalyst Install Manager (HKLM\...\{AE196FD4-5109-21C4-6B2D-C8B60E188EC7}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)

Barracuda Network Access Client 3.2 x64 (HKLM\...\{5BD3B34D-87CC-4148-BC3D-336D3315F55A}) (Version: 7.03.053 - Barracuda Networks, Inc)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.0-270 - House of Life)

CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

Citrio (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Citrio) (Version: 46.0.2490.267 - © Catalinagroup Ltd.)

Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden

Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.300.0 - THQ Inc.)

Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)

Components Setup (x32 Version: 1.00.0000 - Vimicro Corporation) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dropbox (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)

EPSON L110 Series Printer Uninstall (HKLM\...\EPSON L110 Series) (Version:  - SEIKO EPSON Corporation)

EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)

Gaming Mouse Driver (HKLM-x32\...\{2F9C99E1-A1D2-4ADB-AFA0-3A1ED9471811}) (Version:  - )

Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)

Google Photos Backup (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

K-Lite Codec Pack 9.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.1.0 - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Magic Submitter version 3.09 (HKLM-x32\...\{9629C88B-66A7-4EB3-84E4-D2847F683DDA}_is1) (Version: 3.09 - Alexandr Krulik)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4478 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Program version 1.5 (HKLM-x32\...\My Program_is1) (Version: 1.5 - )

Nero 7 Ultra Edition (HKLM-x32\...\{26D3E377-1DCA-4043-9410-B4A9BACF1033}) (Version: 7.02.9888 - Nero AG)

NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)

ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)

SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)

Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

STOnline (HKLM-x32\...\{14FE48DA-E172-4CC5-B397-92ECA4B0E088}) (Version: 1.0000 - koramgame)

Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 16.001.06.05.256 - Huawei Technologies Co.,Ltd)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)

Unity Web Player (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)

WicReset version 3.0.80.50 (HKLM-x32\...\{20379D3A-321B-4830-96A6-37183B713AE8}_is1) (Version: 3.0.80.50 - WWW.WIC.SUPPORT)

Windows Driver Package - Barracuda Networks Inc. Secure Personal Access Client Filter (10/28/2011 4.0.2.19) (HKLM\...\615CE0F8DE761895C3EC574A4B8F7A6B709F6A76) (Version: 10/28/2011 4.0.2.19 - Barracuda Networks Inc.)

Windows Driver Package - phion AG phion Virtual Adapter (11/02/2011 4.0.2.5) (HKLM\...\0A32017DF2E22534FE35FDBED6D12FA25A6370A8) (Version: 11/02/2011 4.0.2.5 - phion AG)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0283E56A-1C85-4642-9C01-AD561479D6E5} - System32\Tasks\{BAF031B3-1F4F-46D0-8689-4DFA27ED0C68} => pcalua.exe -a C:\SWTOOLS\DRIVERS\CAMERA\8m01kc36g07\setup.exe -d C:\SWTOOLS\DRIVERS\CAMERA\8m01kc36g07

Task: {031E5D91-DD5F-4517-9F63-CB45A9BD3347} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)

Task: {0E4ED233-C11C-411A-B374-7C76C5042371} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {236665E2-86AE-4788-B58C-6501EEAEB164} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)

Task: {29AE785A-0C32-4E99-952E-867E01FAF9FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {2AE05C30-B4DD-40EC-9B99-ED85577705AF} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-08-20] (Smadsoft)

Task: {2D36F670-2688-4B19-A384-ACB6921B4A27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {2DFA6C6E-121E-469A-A1C1-37A2F40B3C99} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)

Task: {35A2AFBF-9939-4096-B5C6-5D15B24ADD09} - System32\Tasks\{273F32B9-3406-4636-95B1-270119CC8C13} => pcalua.exe -a F:\Setup.exe -d F:\

Task: {401ED0CA-C5C9-4332-B07B-9D9A760BD47D} - System32\Tasks\{4CF2DE34-5AF5-407D-8A94-E97A95D82119} => pcalua.exe -a D:\downloads\chromeinstall-7u60.exe -d D:\downloads

Task: {496EE128-E19C-4295-99EF-7A9E0CC6991D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)

Task: {4AFAD03D-E91F-4226-8B9B-C4E1E9A3C468} - System32\Tasks\{6E656910-B3D3-43BB-B373-48CB4C3BE536} => pcalua.exe -a "D:\Games\Cabal Rising Force\CabalOnlinePH-Episode VIII-3rdAwakening.exe" -d "D:\Games\Cabal Rising Force"

Task: {537F319D-4B8D-4CE6-A448-39E3D6F4A910} - System32\Tasks\{C6C67EE3-755C-42D8-BDDD-01B6EFA74C03} => pcalua.exe -a D:\Barracuda\install.exe -d D:\Barracuda

Task: {5556D353-E574-4BDE-BF3B-210F98A960AE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)

Task: {592301B9-3750-43C7-8A1E-71B7AA63F8BC} - System32\Tasks\{4E774B79-20D0-48BA-A680-2BEBB658783C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {652177F4-C044-49D1-8200-63711C5F7D2E} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-13] (Catalina Group Ltd.)

Task: {6695986E-6FB8-4E18-AFBE-6336A9BEEDB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)

Task: {6BF9E79B-3D7E-424E-B653-63256E4358A3} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-13] (Catalina Group Ltd.)

Task: {6C9B05B0-E3E4-41EC-96CD-8B27F4AB5DE6} - System32\Tasks\{2CB8692B-08E2-419C-91E3-9E88625EA479} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{14FE48DA-E172-4CC5-B397-92ECA4B0E088}\setup.exe"

Task: {7F2BF7BD-F077-4C26-85DD-A1C5F6066685} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe

Task: {7F7A4266-F12E-4EA4-937B-F58C327C7F3B} - System32\Tasks\{18AD5277-3E29-4CF9-96D3-5BB28DD9610E} => pcalua.exe -a "D:\Webcam Driver\Vista\Drivers\English\CtDrvStp.exe" -d "D:\Webcam Driver\Vista\Drivers\English"

Task: {805F94AE-74B4-42EA-81E6-B9B6D140A49B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {8455AB5D-8B60-47D0-AB8F-5DCDED51BC12} - System32\Tasks\{A56ED4C3-C739-4A9E-935A-C16D2157865F} => pcalua.exe -a D:\downloads\epson375687eu.exe -d D:\downloads

Task: {846F5A17-9FF3-4FA9-8C4B-7D79FDC987DA} - \avaxvyyvyf -> No File <==== ATTENTION

Task: {8F294040-8A4A-4954-A099-BB7D67AFC43C} - System32\Tasks\{F245BA23-9150-4255-9848-542306A8DD2E} => pcalua.exe -a "D:\Webcam Driver\Vista\Drivers\English\VfwUpd.EXE" -d "D:\Webcam Driver\Vista\Drivers\English"

Task: {93BDCA13-E3F0-4B0C-AA1E-3265B8013323} - System32\Tasks\gg_uac_daemon_Torres => D:\Games\Garena Plus\ggdllhost.exe [2015-01-20] ()

Task: {982E1BC8-FC59-4DBD-AA6E-1A3B17D1E420} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-08] (Dropbox, Inc.)

Task: {99A6F9DE-1D68-4E47-9DE2-7B570E41A790} - System32\Tasks\{7A15CCAE-651F-491A-9E26-9AAE94FE0AF0} => pcalua.exe -a "D:\Webcam Driver\Vista\Drivers\English\CtDrvIns.exe" -d "D:\Webcam Driver\Vista\Drivers\English"

Task: {A584FC6A-C08F-495D-8DC7-741EB1117F3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-08] (Dropbox, Inc.)

Task: {AB6A41F8-CBB7-4785-9D64-3DD44B75E4F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-18] (Piriform Ltd)

Task: {AD98B18C-A2D4-4CBA-BC5A-B920CA7E494B} - System32\Tasks\{8C040167-F2FA-491A-8586-799BC39D794E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsMain

Task: {B59C2953-A46C-4BB6-B0D1-D9E732B24918} - System32\Tasks\{89E1BC08-C1E5-4DFF-B334-74E2BADE5FA9} => pcalua.exe -a D:\downloads\CABALInstaller.exe -d D:\downloads

Task: {BBA15BD0-CAC7-4EAA-9C28-A0B6E249D885} - System32\Tasks\AdobeAAMUpdater-1.0-Torres-PC-Torres => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {C332D01D-A5A8-4C34-BE51-CEA6CC5E5271} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-10-10] ()

Task: {CA923B88-F8E2-4F62-BF21-FC14DE4B28CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-16] (AVAST Software)

Task: {D0FD261A-D942-489E-A17C-B16684026F40} - System32\Tasks\Google Update => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {E4B9B4FB-6961-4715-AF4C-23E468DE5B30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {EAF9F39A-1067-4028-BD60-B8E0AB532790} - System32\Tasks\{781374A5-72F1-4BE3-8769-744F2297AADD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe

Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2012-11-30 11:17 - 2012-11-30 11:17 - 01145216 _____ () C:\Program Files\BarracudaNG\vortexlib.dll

2012-11-30 11:17 - 2012-11-30 11:17 - 00114560 _____ () C:\Program Files\BarracudaNG\axl.dll

2014-12-16 12:19 - 2015-01-20 20:20 - 00055896 _____ () D:\Games\Garena Plus\ggdllhost.exe

2006-09-19 09:07 - 2006-09-19 09:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe

2014-06-17 12:35 - 2013-12-02 18:15 - 00495616 _____ () C:\Program Files (x86)\Gaming Mouse\Monitor.exe

2015-08-16 19:21 - 2015-08-16 19:21 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-08-16 19:20 - 2015-08-16 19:20 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-01-17 13:09 - 2016-01-17 13:09 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011607\algo.dll

2016-01-17 22:05 - 2016-01-17 22:05 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011703\algo.dll

2014-12-16 12:19 - 2015-03-23 18:17 - 00797120 _____ () D:\Games\Garena Plus\ggspawn.dll

2015-12-09 10:50 - 2015-10-31 08:59 - 00034768 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00019408 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\faulthandler.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00022848 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00023352 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00042296 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00116688 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2015-12-09 10:50 - 2015-10-31 08:59 - 00093640 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00018376 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\select.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00019760 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00105928 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32api.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00392144 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2015-12-09 10:50 - 2015-12-09 05:36 - 00381752 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00692688 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020816 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00109520 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 01737032 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020808 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020800 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00021840 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00038696 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\fastpath.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00024528 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32event.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00020936 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00114640 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32security.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00021320 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00124880 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32file.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00030160 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00043472 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32process.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00175560 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32gui.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00028616 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32ts.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00024016 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00048592 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32service.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00024392 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00036296 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\librsync.dll

2015-12-09 10:50 - 2015-10-31 09:00 - 00024016 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32profile.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00117056 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00023376 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00134608 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_elementtree.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00134088 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00240584 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\jpegtran.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020280 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00052024 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00021304 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00350152 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00084792 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2015-12-09 10:50 - 2015-12-09 05:36 - 01826608 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00083912 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\sip.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 03891504 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 01950000 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00519984 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00133936 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00225080 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00207672 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00024904 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00486704 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00357680 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2015-03-05 05:45 - 2015-10-31 09:01 - 00019920 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-03-05 05:45 - 2015-10-31 09:00 - 00786904 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-07-31 21:00 - 2015-10-31 09:00 - 00063448 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-03-05 05:45 - 2015-10-31 09:00 - 00019408 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2014-06-17 12:35 - 2013-11-29 15:11 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll

2014-06-17 12:35 - 2013-11-01 12:57 - 00049152 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll

2015-08-16 19:22 - 2015-08-16 19:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2016-01-16 17:02 - 2016-01-13 00:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll

2016-01-16 17:02 - 2016-01-13 00:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\webcompanion.com -> hxxp://webcompanion.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 10:34 - 2013-07-18 10:28 - 00000622 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Torres\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 122.2.167.6 - 122.2.166.161

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is disabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: AdobeBridge => 

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

MSCONFIG\startupreg: CatalinaGroup Update => "C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c

MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

MSCONFIG\startupreg: Facebook Update => "C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: GarenaPlus => "D:\Games\Garena Plus\GarenaMessenger.exe" -autolaunch

MSCONFIG\startupreg: Google Update => "C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Torres\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: phion => C:\Program Files\BarracudaNG\phion.exe

MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe

MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{33FBBF3C-CB1D-4B97-97C8-E029FB4E81A9}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{AFC56F0E-D87E-4102-A96C-FF16D02A6F56}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{95BB0F77-78D6-4A12-AC44-4627C32D4CA7}] => (Allow) LPort=443

FirewallRules: [{B1ECE8BA-0C01-447C-987D-724CD520BA13}] => (Allow) LPort=443

FirewallRules: [{42CA94F0-F4A2-4982-9778-B66F0A33243E}] => (Allow) LPort=37674

FirewallRules: [{FD389ED7-C8A2-48F4-AD20-8A21291B0E06}] => (Allow) LPort=37674

FirewallRules: [{238F61B0-1796-4076-959A-14BA14C51B36}] => (Allow) LPort=37675

FirewallRules: [{9A9F93EB-9087-4659-95B3-BFBDD8DD1DC3}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{0C357875-2212-49A3-B90D-FEED233274E9}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{0E76CA4B-BE5B-4F1F-976C-C46DFE459BF6}] => (Allow) LPort=443

FirewallRules: [{25A0CAE3-5D70-4C6A-B6DA-4803FA7FF7DD}] => (Allow) LPort=443

FirewallRules: [{48616C34-1D69-4FA2-965A-60EA1B32B13F}] => (Allow) LPort=37674

FirewallRules: [{B7421A75-D886-4433-B792-892995685388}] => (Allow) LPort=37674

FirewallRules: [{FBF6656E-45F0-402B-B5A7-C0A6B8154A8D}] => (Allow) LPort=37675

FirewallRules: [{1AACE588-2B81-45F5-9F98-DC9895E78657}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{297FA7B3-4A59-499D-9C2A-0A482F960B66}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{AF435D19-1CCA-4348-941B-59B1176ABD48}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{F6EAB0DE-2E15-4847-95BB-2A245AA8F345}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{91817CEE-3C8F-459C-942E-57A549C03335}] => (Allow) LPort=56808

FirewallRules: [{62DB19DE-471A-4D0E-A78D-453374974624}] => (Allow) LPort=56808

FirewallRules: [{D47BCF60-27AF-433B-8C38-408033CDF8CC}] => (Allow) LPort=56808

FirewallRules: [{58A6164C-F430-46C4-A295-B1D593C9DC02}] => (Allow) LPort=56808

FirewallRules: [{7CE693F4-41B6-4F75-9055-8DC23BC69BDF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [TCP Query User{4816A6F6-2E64-4AA2-A494-5D433B3B0E6C}D:\games\k.o.s\game_sting_pak\sting.exe] => (Allow) D:\games\k.o.s\game_sting_pak\sting.exe

FirewallRules: [uDP Query User{11D0C0FA-0478-4B51-AB00-F7E8D2CE2916}D:\games\k.o.s\game_sting_pak\sting.exe] => (Allow) D:\games\k.o.s\game_sting_pak\sting.exe

FirewallRules: [TCP Query User{769776F7-655E-4455-83BC-6C2172C75C46}D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe] => (Allow) D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe

FirewallRules: [uDP Query User{D5E0C231-634A-41B0-9F17-6BC4075B0EE1}D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe] => (Allow) D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe

FirewallRules: [{1E647DAA-9165-4CC4-AB67-0D576503296C}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{EFD8A307-64E0-48C3-B5A9-27F5B01AD1C8}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

FirewallRules: [{5C0FAAAE-EB5D-4E80-A6A4-2114E20A0297}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe

FirewallRules: [{90367168-D757-41B3-9DE0-8CC9ABE64471}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{AC2144AA-5A9C-4A62-8791-16F0F13DBA2B}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{D0AE176C-DA37-41E4-9E23-88E5E167AB4C}] => (Allow) C:\Program Files (x86)\THQ\Company of Heroes\RelicCOH.exe

FirewallRules: [{D7BF0D69-0A2B-411B-BF6B-ED8EE7DD6F02}] => (Allow) C:\Program Files (x86)\THQ\Company of Heroes\RelicCOH.exe

FirewallRules: [{F76B8F86-C9C0-4238-BF2E-EC22A81C604B}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{C22F938D-21B7-4E0E-B623-CFE4F0E2C766}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{3BD0F4EB-8D73-4E13-8502-A842731F8BEC}] => (Allow) C:\Windows\SysWOW64\rundll32.exe

FirewallRules: [{10A4E3FD-175E-4B9E-BB37-C43FC464F369}] => (Allow) D:\Games\Garena Plus\ggdllhost.exe

FirewallRules: [{36A47DFF-FF75-482A-B374-632473868F7C}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{A2CA2C95-455E-42C7-A9CD-C9D09B5D4120}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{E36A4659-9E0E-4FC0-96A1-024250B55119}] => (Allow) LPort=8370

FirewallRules: [{E99D3851-9FBD-48E2-B06C-14E4FF0625D4}] => (Allow) LPort=8370

FirewallRules: [{19FFA938-D798-4F5F-B9C3-DE5CCEADE42D}] => (Allow) D:\Games\Steam\Steam.exe

FirewallRules: [{855A70D3-7DEA-4C4D-AFAD-B561E1A5CB7C}] => (Allow) D:\Games\Steam\Steam.exe

FirewallRules: [{88990187-78E0-4C50-B34C-AA20E26C5D18}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{0E30A994-5B0A-43CF-94B1-9832641B32DE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{B89C8401-4C71-4128-942C-4DE915794951}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{100F1AFC-9B43-4784-B743-A7D5A85E846E}] => (Allow) C:\Users\Torres\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [{A95F2D7B-01D3-4C47-BC5A-084962FC93DE}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{10AFECB0-24A5-482E-A980-0537FD0DC244}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{A81DC20D-2C9F-4958-9C9B-0288AB6F19FC}] => (Allow) D:\downloads\LoLInstaller.exe

FirewallRules: [{E37A124F-10D9-49AB-BB0A-D7E750B94D1C}] => (Allow) D:\downloads\LoLInstaller.exe

FirewallRules: [{2248BDD5-8B92-4637-9A80-2D33B812FE3D}] => (Allow) LPort=6933

FirewallRules: [{830FD84C-B0F4-4BCD-A24B-7F16D51ED67E}] => (Allow) LPort=6933

FirewallRules: [{E02EF7AC-F30E-453D-81B5-E064669CBAF1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{3C130A86-5F06-45DE-A11A-B8BDAE3630FC}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{DC5357CC-4106-46E9-BC2B-1C24486743CD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{2A0B1887-33D1-42FA-AA74-CA10C504CD33}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{F5483D5B-CC67-4ECD-B3BC-6D1173D384B8}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{9C0BB90E-C76E-4D94-B50E-2688C0314559}] => (Allow) LPort=1542

FirewallRules: [{3EDF24DC-0C49-43A2-9D4E-C153EB3F6E32}] => (Allow) LPort=1542

FirewallRules: [{0F7B8058-5B81-4E64-A489-81CC291D2C88}] => (Allow) LPort=53

FirewallRules: [{DD41B869-3C7A-4570-BAB4-91C1696C1CD3}] => (Allow) D:\Games\Steam\SteamApps\common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe

FirewallRules: [{35D3AB0B-C998-4B6A-AE3D-4B467CDBFB38}] => (Allow) D:\Games\Steam\SteamApps\common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe

FirewallRules: [{5FCA8D50-0870-4B12-8F2C-A34BE2DEF5D3}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe

FirewallRules: [{829AA936-DBBB-467D-B260-6F2FB4160E96}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe

FirewallRules: [{AA6D60A1-F9F9-4931-90D7-899750DEADF4}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{3DA654B6-0E25-45D5-B765-E7BFEFAC2762}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{69658059-50A3-41E6-B6B5-79DFDAD5CA7D}] => (Allow) LPort=8370

FirewallRules: [{3AF7518F-B303-49F8-97CD-9C04AB3F68B0}] => (Allow) LPort=8370

FirewallRules: [{36FFEC73-6729-42BB-9DEB-6FD1CD7761B8}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{35AC7E7C-75D4-4471-B63B-784D0C96D61F}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{7DBFC0BD-86B2-4D50-81E5-32BDFE965504}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{AB988F4B-E268-4FC5-81D8-D3DFAB59356C}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{63216052-8C3B-4C6D-A08B-25DC60057CFD}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\lol.exe

FirewallRules: [{4F1C67B7-E5BC-4E8C-9CC6-B01CB1363F9A}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\lol.exe

FirewallRules: [{8390F017-B006-4E05-99E6-AB148C065C92}] => (Allow) LPort=8393

FirewallRules: [{B05C8134-7A41-42D9-927B-C98982CCA70A}] => (Allow) LPort=8393

FirewallRules: [{9117FE6D-E1DF-4E7D-9988-7343EF4E8997}] => (Allow) LPort=8390

FirewallRules: [{2B8B638F-81C8-4C91-A7BC-1A69D78FA578}] => (Allow) LPort=8390

FirewallRules: [{2C966E55-CCEF-4EBE-A979-B173EA1026F1}] => (Allow) LPort=6995

FirewallRules: [{633040B4-7908-4CBD-AF67-2D0FCAB2FD5A}] => (Allow) LPort=6995

FirewallRules: [{25FC00A9-47D6-4C06-8FF7-CC71B156A6E1}] => (Allow) LPort=6883

FirewallRules: [{C4A10C0E-5FC6-47BF-A751-8E1B54B7E070}] => (Allow) LPort=6883

FirewallRules: [{8C2A912B-C546-4AF7-AA10-F32C2B0BD68E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0D52DA2B-2CBC-42B7-A918-4A8A74174284}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1A3CB009-5569-48B5-B512-4F3C91228C24}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{4117F4E3-9D78-4BB9-BD4A-544E2B39761B}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{0D8996BC-5A66-4C06-B2AE-D29B04796E55}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{A403DEBA-CC8A-4A34-8A95-259FE8F861C7}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{86B45705-2EA4-45F8-95C3-96E972362551}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{863229B7-A6FB-4BA2-B463-7519A2FA73D6}] => (Allow) LPort=2869

FirewallRules: [{D9098DD5-095E-493E-97A4-87A849754D21}] => (Allow) LPort=1900

FirewallRules: [{0782C351-9DE4-4DE9-930C-1E1EE2F213A9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe

FirewallRules: [{E5C9D132-7A3D-4208-8C6F-45D1E855033B}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe

FirewallRules: [{6148DE01-D86D-4849-B415-9D454B8A4CA9}] => (Allow) D:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{0115E4B1-18AE-45B0-9F56-32E56D8CAFF7}] => (Allow) D:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{568237E1-9A66-4651-B7D5-971B1DB9AC69}] => (Allow) C:\Users\Torres\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe

FirewallRules: [{0079DB57-14EA-4552-831F-29DCC56583D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

26-12-2015 10:24:24 Scheduled Checkpoint

05-01-2016 15:52:57 Scheduled Checkpoint

16-01-2016 20:12:03 Scheduled Checkpoint

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: phion Virtual Adapter (VPN)

Description: phion Virtual Adapter (VPN)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: phion AG

Service: phionvpn

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/17/2016 04:49:00 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SMΔRTP.exe version 4.103.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 8a4

 

Start Time: 01d150e458049a8e

 

Termination Time: 289

 

Application Path: C:\Program Files (x86)\Smadav\SMΔRTP.exe

 

Report Id: 2446b0e3-bcf7-11e5-8076-902b3483e355

 

Error: (01/16/2016 04:43:12 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)

Description: Product: Adobe Refresh Manager -- Error 1704.An installation for Microsoft Silverlight is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

 

Error: (01/11/2016 01:17:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Exception code: 0x40000015

Fault offset: 0x00052d24

Faulting process id: 0x5d0

Faulting application start time: 0xjucheck.exe0

Faulting application path: jucheck.exe1

Faulting module path: jucheck.exe2

Report Id: jucheck.exe3

 

Error: (01/05/2016 12:11:58 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Exception code: 0x40000015

Fault offset: 0x00052d24

Faulting process id: 0x133c

Faulting application start time: 0xjucheck.exe0

Faulting application path: jucheck.exe1

Faulting module path: jucheck.exe2

Report Id: jucheck.exe3

 

Error: (12/29/2015 05:19:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9bb

Faulting module name: wwanapi.dll, version: 6.1.7600.16385, time stamp: 0x4a5be0a8

Exception code: 0xc0000005

Fault offset: 0x00000000000333eb

Faulting process id: 0x7dc

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (12/26/2015 09:57:21 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".

Dependent Assembly Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/20/2015 07:38:40 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program WINWORD.EXE version 12.0.6612.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 53c

 

Start Time: 01d13b1ac293d8a6

 

Termination Time: 3

 

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

 

Report Id: 27a6c800-a70e-11e5-8f01-902b3483e355

 

Error: (12/19/2015 03:25:09 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

 

Error: (12/15/2015 01:14:31 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SMΔRTP.exe version 4.103.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 7c0

 

Start Time: 01d136ce00dd4db3

 

Termination Time: 457

 

Application Path: C:\Program Files (x86)\Smadav\SMΔRTP.exe

 

Report Id: a312d587-a2ea-11e5-836e-902b3483e355

 

Error: (12/14/2015 09:49:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

 

 

System errors:

=============

Error: (01/17/2016 10:05:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

 

Error: (01/17/2016 10:02:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

 

Error: (01/17/2016 09:55:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (01/17/2016 09:55:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (01/17/2016 09:55:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/17/2016 09:55:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/17/2016 09:55:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (01/17/2016 09:55:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The EPSON V3 Service4(05) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/17/2016 09:55:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/17/2016 09:55:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Skype Click to Call Updater service terminated unexpectedly.  It has done this 1 time(s).

 

 

CodeIntegrity:

===================================

  Date: 2015-10-05 22:39:39.222

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 22:39:39.002

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.725

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.583

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.441

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.298

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.131

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:43.984

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:43.833

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:43.670

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD A6-3500 APU with Radeon HD Graphics

Percentage of memory in use: 62%

Total physical RAM: 3581.43 MB

Available physical RAM: 1327.46 MB

Total Virtual: 7161 MB

Available Virtual: 4695 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.56 GB) (Free:31.98 GB) NTFS

Drive d: () (Fixed) (Total:368.1 GB) (Free:151.77 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 55A45567)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

Run Malwarebytes and remove all listed entries....

 

Run AdwCleaner and remove all listed entries.....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Post those ne logs....

 

Thank you,

 

Kevin..
 

Link to post
Share on other sites

Run Malwarebytes and remove all listed entries....

 

Run AdwCleaner and remove all listed entries.....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Post those ne logs....

 

Thank you,

 

Kevin..

 

Doing it now, Malwarebytes scan taking longer than the earlier scan though. It's now been up for 12 hours.

 

Thanks! :) 

Link to post
Share on other sites

Run Malwarebytes and remove all listed entries....

 

Run AdwCleaner and remove all listed entries.....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Post those ne logs....

 

Thank you,

 

Kevin..

 

Will formatting and clean installing Windows 7 or another Version of Windows also remove the malware?

Link to post
Share on other sites

Yes if you format the HD and install Windows 7 or another version you should be ok, I would also reset your router http://setuprouter.com/networking/how-to-reset-your-router/

 

Please let us know if that is your choice so we can close the thread...

 

Thank you,

 

Kevin...

 

 

Will still ask permission for this :) , may I ask why I should reset my router?

Link to post
Share on other sites

Yes is a common means of infecting PC`s and other devices, always a good option to periodically reset your router or at least change the password...

AdwCleaner Log

 

# AdwCleaner v5.030 - Logfile created 18/01/2016 at 22:47:45
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Torres - TORRES-PC
# Running from : D:\downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : YahooAUService
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget
[#] Folder Deleted : C:\Program Files (x86)\myfree codec
[#] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[#] Folder Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions
[#] Folder Deleted : C:\ProgramData\Innovative Solutions
[#] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\ytd video downloader
[#] Folder Deleted : C:\ProgramData\BlocckUTuBeAd
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[#] Folder Deleted : C:\Users\Torres\AppData\Local\BitLord
[#] Folder Deleted : C:\Users\Torres\AppData\Local\Innovative Solutions
[#] Folder Deleted : C:\Users\Torres\AppData\LocalLow\Yahoo! Companion
[#] Folder Deleted : C:\Users\Torres\AppData\LocalLow\Yahoo!\Companion
[#] Folder Deleted : C:\Users\Torres\AppData\Roaming\BitLord
[#] Folder Deleted : C:\Users\Torres\AppData\Roaming\Easeware
[#] Folder Deleted : C:\Users\Torres\AppData\Roaming\RHEng
[#] Folder Deleted : C:\Users\Torres\AppData\Roaming\RPEng
[#] Folder Deleted : C:\Users\Torres\AppData\Roaming\Yahoo!\Companion
[#] Folder Deleted : C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[#] Folder Deleted : D:\my documents\BitLord
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\invalidprefs.js
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner.lnk - [746 bytes] - [17/01/2016 20:31:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2831 bytes] ##########
 
 
by the router password do you mean the passphrase or the admin password? So there might also be a chance that my/our other devices might have been compromised do to this problem?
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016

Ran by Torres (administrator) on TORRES-PC (19-01-2016 08:53:02)

Running from D:\downloads

Loaded Profiles: Torres (Available Profiles: Torres)

Platform: Windows 7 Ultimate (X64) Language: English (United States)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Barracuda Networks) C:\Program Files\BarracudaNG\phionha.exe

(Barracuda Networks) C:\Program Files\BarracudaNG\phions.exe

(AMD) C:\Windows\System32\atieclxx.exe

(OPSWAT, Inc.) C:\Program Files\BarracudaNG\Opswat\32bitProxy.exe

(Barracuda Networks) C:\Program Files\BarracudaNG\phion.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Windows\vsnpstd3.exe

(Dropbox, Inc.) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe

() D:\Games\Garena Plus\ggdllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe

() C:\Program Files (x86)\Gaming Mouse\Monitor.exe

(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) D:\downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()

HKLM\...\Run: [phion] => C:\Program Files\BarracudaNG\phion.exe [5038464 2012-11-30] (Barracuda Networks)

HKLM\...\Run: [WinUpdate] => Wscript.exe //e:VBScript "C:\Windows\:Microsoft Office Update for Windows XP.sys"

HKLM-x32\...\Run: [uSB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [2048928 2011-11-04] (Zbshareware Lab)

HKLM-x32\...\Run: [Gaming mouse] => C:\Program Files (x86)\Gaming Mouse\Monitor.exe [495616 2013-12-02] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119360 2015-07-21] (Microsoft Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-08] (AVAST Software)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Dropbox Update] => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-08] (Dropbox, Inc.)

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [CatalinaGroup Update] => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130928 2015-10-13] (Catalina Group Ltd.)

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII3E.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Google Update] => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Df5serv] => Wscript.exe //e:VBScript "D:\my documents\df5srvc.bfe"

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Run: [Explorer] => Wscript.exe //e:VBScript "C:\Users\Torres\AppData\Local\Microsoft\CD Burning\dekstop.ini"

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {16e8b783-1e38-11e2-a861-902b3483e355} - E:\iStudio.exe

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {54c1730e-5990-11e4-b696-902b3483e355} - H:\AutoRun.exe

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {af25da4a-edbe-11e1-8dc9-902b3483e355} - F:\Launch.exe

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {cbbeb12f-edbc-11e1-8b44-b5f093b8fca3} - F:\Run.exe

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {d08f2260-edcf-11e1-a5a7-902b3483e355} - H:\Autorun.exe main\assetup.exe

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {eb871a09-0fe2-11e3-8ad6-902b3483e355} - H:\AutoRun.exe

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\MountPoints2: {fb3ca839-785f-11e4-8f76-902b3483e355} - H:\bootstrap.exe

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-13] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-16] (AVAST Software)

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)

Startup: C:\Users\Torres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-09]

ShortcutTarget: Dropbox.lnk -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

BootExecute: autocheck autochk * aswBoot.exe /M:43989292 /wow /dir:"C:\Program Files\AVAST Software\Avast"

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 122.2.167.6 122.2.166.161 192.168.1.1

Tcpip\..\Interfaces\{11D776A1-4646-4CB8-B26E-27BA5BA6EFA9}: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{13687761-D3A2-47E2-9330-AC49589EBA1D}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip\..\Interfaces\{A2F8C3A1-DF9A-411C-9EF4-A494660703EC}: [DhcpNameServer] 124.106.5.2 124.106.7.2

Tcpip\..\Interfaces\{C1511C99-F98B-45F5-A9DD-F8E686D52EA6}: [DhcpNameServer] 122.2.167.6 122.2.166.161 192.168.1.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bendot.co.nr

SearchScopes: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> {FD8E1371-F61A-42de-B27B-76AC9C791C75} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-16] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-16] (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)

Toolbar: HKU\S-1-5-21-819453736-4280033654-1804472810-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default

FF NewTab: hxxp://www.bendot.co.nr

FF DefaultSearchUrl: 

FF SearchEngineOrder.1: Google

FF SelectedSearchEngine: Google

FF DefaultSearchEngine: Google

FF Homepage: hxxp://www.bendot.co.nr

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-09] (Adobe Systems, Inc.)

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [No File]

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-24] (Pando Networks)

FF Plugin-x32: @t.garena.com/garenatalk -> D:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\Torres\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-13] (Catalina Group Ltd.)

FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\Torres\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-10-13] (Catalina Group Ltd.)

FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Torres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Torres\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-19] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-819453736-4280033654-1804472810-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-24] (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-21] ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-22] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-22] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-22] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-22] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-22] (Apple Inc.)

FF SearchPlugin: C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\searchplugins\google-lavasoft.xml [2015-10-29]

FF Extension: SuaiveNewaAppPz - C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\Extensions\ouu0hrq@veoawj-.net [2014-01-02] [not signed]

FF Extension: BlocckUTuBeAd - C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\Extensions\sp821qe@uastmbkol-.org [2014-02-07] [not signed]

FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-24] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

 

Chrome: 

=======

CHR Profile: C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-19]

CHR Extension: (Google Docs) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-19]

CHR Extension: (Google Drive) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (YouTube) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (Google Search) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]

CHR Extension: (Google Sheets) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-19]

CHR Extension: (Google Docs Offline) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]

CHR Extension: (Avast Online Security) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]

CHR Extension: (Skype) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-07-19]

CHR Extension: (Gmail) - C:\Users\Torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-19]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-16]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-16] (AVAST Software)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)

R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128560 2012-12-20] (INCA Internet Co., Ltd.)

R2 phionha; C:\Program Files\BarracudaNG\phionha.exe [3323776 2012-11-30] (Barracuda Networks)

R2 phions; C:\Program Files\BarracudaNG\phions.exe [8348064 2012-11-30] (Barracuda Networks)

S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2987520 2014-10-29] (Microsoft Corporation) [File not signed]

S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2967864 2015-05-15] (AVG Technologies)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-09-20] (Wellbia.com Co., Ltd.) [File not signed]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2010-06-30] (Advanced Micro Devices Inc.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-16] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-16] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-16] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-16] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-08] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-16] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-16] (AVAST Software)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-24] (DT Soft Ltd)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

S3 phionvpn; C:\Windows\System32\DRIVERS\phionvpn.sys [36688 2012-06-28] (Barracuda Networks Inc.)

R0 ProcMonD; C:\Windows\System32\DRIVERS\ProcMonD.sys [14320 2012-06-04] (phion AG)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)

S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)

R1 SPac; C:\Windows\System32\DRIVERS\spac.sys [145232 2012-06-04] (Barracuda Networks Inc.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-01-23] () [File not signed]

S3 usbaudio; C:\Windows\SysWOW64\drivers\usbaudio.sys [39840 1998-08-21] (Microsoft Corporation) [File not signed]

R3 usbhub; C:\Windows\SysWOW64\DRIVERS\usbhub.sys [27184 1998-08-21] (Microsoft Corporation) [File not signed]

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 GGSAFERDriver; \??\D:\Games\Garena Plus\Room\safedrv.sys [X]

U0 Partizan; system32\drivers\Partizan.sys [X]

S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-19 08:37 - 2016-01-19 08:37 - 00000730 _____ C:\Windows\SysWOW64\Microsoft.lnk

2016-01-19 08:37 - 2016-01-19 08:37 - 00000728 _____ C:\Windows\Tasks\Aplikasi.lnk

2016-01-19 08:35 - 2016-01-19 08:35 - 00000750 _____ C:\Users\Public\Desktop\Aplikasi.lnk

2016-01-19 08:29 - 2016-01-19 08:29 - 00003412 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Torres

2016-01-19 08:29 - 2016-01-19 08:29 - 00000746 _____ C:\Program Files (x86)\Microsoft.lnk

2016-01-19 08:28 - 2016-01-19 08:28 - 00000752 _____ C:\Program Files\Common Files\Microsoft.lnk

2016-01-19 08:28 - 2016-01-19 08:28 - 00000746 _____ C:\Program Files\Microsoft.lnk

2016-01-19 08:27 - 2016-01-19 08:27 - 00007247 _____ C:\Windows\system32\radF1A44.tmp

2016-01-19 08:27 - 2016-01-19 08:27 - 00000742 _____ C:\Aplikasi.lnk

2016-01-18 21:50 - 2016-01-19 08:27 - 00000744 _____ C:\Microsoft.lnk

2016-01-18 21:50 - 2016-01-19 08:27 - 00000246 __RSH C:\Windows\system32\auto.exe

2016-01-18 21:50 - 2016-01-18 21:50 - 00007247 _____ C:\Windows\system32\radD60A0.tmp

2016-01-18 13:13 - 2016-01-18 12:56 - 00000728 _____ C:\Windows\trz2423.tmp

2016-01-18 13:13 - 2016-01-18 12:56 - 00000728 _____ C:\Windows\trz1D6D.tmp

2016-01-18 13:12 - 2016-01-18 12:56 - 00000752 _____ C:\Users\Public\trzF4FE.tmp

2016-01-18 12:59 - 2016-01-18 12:59 - 00007247 _____ C:\Windows\system32\radFB046.tmp

2016-01-18 12:56 - 2016-01-18 12:56 - 00000603 _____ C:\Users\Default\trzBF2.tmp

2016-01-18 12:51 - 2016-01-18 12:51 - 00007247 _____ C:\Windows\system32\radB6A10.tmp

2016-01-18 10:53 - 2016-01-17 22:00 - 00000246 __RSH C:\Program Files\trz4C78.tmp

2016-01-18 10:26 - 2016-01-18 02:07 - 00000752 _____ C:\Users\Default\trz88C.tmp

2016-01-17 22:08 - 2016-01-19 08:53 - 00000000 ____D C:\FRST

2016-01-17 22:07 - 2016-01-17 22:07 - 00000597 _____ C:\ProgramData\trzFF79.tmp

2016-01-17 22:00 - 2016-01-17 22:00 - 00007247 _____ C:\Windows\system32\rad1180A.tmp

2016-01-17 20:35 - 2016-01-17 20:35 - 00000752 _____ C:\Users\Torres\trz6E1A.tmp

2016-01-17 20:35 - 2016-01-17 20:35 - 00000752 _____ C:\Users\Public\trz6726.tmp

2016-01-17 20:35 - 2016-01-17 20:35 - 00000752 _____ C:\Users\Default\trz59BB.tmp

2016-01-17 20:35 - 2016-01-17 20:35 - 00000746 _____ C:\Users\trz5314.tmp

2016-01-17 20:34 - 2016-01-17 20:34 - 00000752 _____ C:\Users\Public\Desktop\trz98D8.tmp

2016-01-17 20:31 - 2016-01-19 08:27 - 00000746 _____ C:\AdwCleaner.lnk

2016-01-17 19:58 - 2016-01-19 08:28 - 00000000 ____D C:\AdwCleaner

2016-01-17 16:59 - 2016-01-17 16:51 - 00000710 _____ C:\Windows\system32\trzAEFB.tmp

2016-01-17 16:55 - 2016-01-17 16:55 - 00000752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\trz2C64.tmp

2016-01-17 16:51 - 2016-01-17 22:09 - 00000722 _____ C:\Windows\Tasks\Music.lnk

2016-01-17 16:51 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\Tasks\dekstop.ini

2016-01-17 16:47 - 2016-01-17 22:07 - 00000744 _____ C:\Users\Public\Desktop\Music.lnk

2016-01-17 16:47 - 2016-01-17 16:47 - 00000746 _____ C:\ProgramData\trz84A2.tmp

2016-01-17 16:47 - 2006-02-04 19:30 - 00011330 __RSH C:\Users\Public\Desktop\dekstop.ini

2016-01-17 16:44 - 2016-01-19 08:27 - 00000762 _____ C:\Adjustment Program.lnk

2016-01-17 16:44 - 2016-01-19 08:27 - 00000762 _____ C:\@RestoreQuarantine.lnk

2016-01-17 16:44 - 2016-01-19 08:27 - 00000750 _____ C:\$Recycle.Bin.lnk

2016-01-17 16:44 - 2016-01-19 08:27 - 00000740 _____ C:\Backreg.lnk

2016-01-17 16:44 - 2016-01-17 22:00 - 00000736 _____ C:\Music.lnk

2016-01-17 16:44 - 2016-01-17 16:46 - 00000746 _____ C:\Config.Msi.lnk

2016-01-17 16:44 - 2016-01-17 16:44 - 00007247 _____ C:\Windows\system32\radAD1BE.tmp

2016-01-17 16:44 - 2016-01-17 16:44 - 00007247 _____ C:\Windows\system32\rad4C66D.tmp

2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\system32\radB2312.tmp

2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\system32\rad92CE1.tmp

2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\system32\rad8D325.tmp

2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\system32\rad44708.tmp

2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\Windows\system32\rad108FB.tmp

2016-01-17 16:44 - 2006-02-04 19:30 - 00011330 __RSH C:\dekstop.ini

2016-01-17 13:23 - 2016-01-18 13:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-17 13:23 - 2016-01-17 13:23 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-01-17 13:23 - 2016-01-17 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-01-17 13:23 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-01-17 13:23 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-01-17 13:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-01-06 11:04 - 2016-01-06 11:04 - 00691644 _____ C:\Users\Torres\Desktop\MKTGRESEARCH.docx.pdf

2016-01-06 11:04 - 2016-01-06 11:04 - 00119421 _____ C:\Users\Torres\Desktop\MKTGRESEARCHFRONT.docx.pdf

2016-01-05 15:17 - 2016-01-19 08:28 - 00000000 __SHD C:\found.001

2016-01-05 00:11 - 2016-01-16 16:37 - 00000000 ____D C:\Users\Torres\Desktop\Neobux

2015-12-29 20:43 - 2016-01-03 12:43 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-12-29 18:18 - 2016-01-19 08:38 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2015-12-29 18:18 - 2016-01-19 08:28 - 00000000 ____D C:\HeroesData

2015-12-29 18:11 - 2016-01-19 08:53 - 00000000 ____D C:\ProgramData\Blizzard Entertainment

2015-12-29 18:11 - 2015-12-29 19:28 - 00000000 ____D C:\Users\Torres\AppData\Local\Battle.net

2015-12-29 18:11 - 2015-12-29 18:17 - 00000000 ____D C:\Users\Torres\AppData\Roaming\Battle.net

2015-12-29 18:11 - 2015-12-29 18:11 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk

2015-12-29 18:11 - 2015-12-29 18:11 - 00000000 ____D C:\Users\Torres\AppData\Local\Blizzard Entertainment

2015-12-29 18:11 - 2015-12-29 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2015-12-29 17:59 - 2016-01-19 08:35 - 00000000 ____D C:\ProgramData\Battle.net

2015-12-21 00:57 - 2015-12-02 10:25 - 00000246 _____ C:\trz70F5.tmp

2015-12-21 00:57 - 2015-12-02 10:25 - 00000246 _____ C:\trz70F4.tmp

2015-12-21 00:52 - 2015-12-21 00:52 - 00112600 _____ C:\Users\Torres\AppData\Local\GDIPFONTCACHEV1.DAT

2015-12-21 00:50 - 2015-12-21 00:50 - 00007247 _____ C:\Windows\system32\rad14035.tmp

2015-12-21 00:49 - 2015-12-21 00:57 - 05044232 _____ C:\Windows\system32\FNTCACHE.DAT

2015-12-20 20:01 - 2015-12-20 20:01 - 00007247 _____ C:\Windows\system32\rad92C32.tmp

2015-12-20 17:52 - 2015-12-20 17:51 - 00000752 _____ C:\ProgramData\trzA245.tmp

2015-12-20 16:44 - 2015-12-20 16:37 - 00000752 _____ C:\Users\Default\trz42A7.tmp

2015-12-20 14:50 - 2015-12-20 12:06 - 00000746 _____ C:\Program Files (x86)\trzA70F.tmp

2015-12-20 12:04 - 2015-12-20 12:04 - 00007247 _____ C:\Windows\system32\rad00C55.tmp

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-19 09:00 - 2012-08-24 15:32 - 00000000 ____D C:\ProgramData\AMD

2016-01-19 08:59 - 2015-06-08 12:54 - 00000000 ____D C:\ProgramData\Dropbox

2016-01-19 08:59 - 2014-10-15 20:25 - 00000000 ____D C:\ProgramData\Nero

2016-01-19 08:59 - 2013-05-10 15:24 - 00000000 ____D C:\ProgramData\Sony

2016-01-19 08:59 - 2012-08-24 17:48 - 00000000 ____D C:\ProgramData\TP-LINK

2016-01-19 08:59 - 2012-08-24 16:23 - 00000000 ____D C:\ProgramData\Zbshareware Lab

2016-01-19 08:58 - 2012-08-24 16:02 - 00000000 ____D C:\ProgramData\Skype

2016-01-19 08:57 - 2013-08-24 12:59 - 00000000 ____D C:\ProgramData\Garena

2016-01-19 08:56 - 2015-10-03 14:34 - 00000000 ____D C:\ProgramData\AVG

2016-01-19 08:56 - 2014-10-23 05:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-19 08:56 - 2012-10-21 09:32 - 00000000 ____D C:\ProgramData\boost_interprocess

2016-01-19 08:56 - 2012-09-01 08:21 - 00000000 ____D C:\Program Files (x86)\WEBZENtest

2016-01-19 08:56 - 2012-08-24 16:07 - 00000000 ____D C:\ProgramData\Adobe

2016-01-19 08:55 - 2015-10-03 14:31 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4

2016-01-19 08:55 - 2015-08-21 12:25 - 00000000 ____D C:\Program Files (x86)\WicReset

2016-01-19 08:55 - 2012-11-24 10:49 - 00000000 ____D C:\Program Files (x86)\Pando Networks

2016-01-19 08:55 - 2012-11-16 12:43 - 00000000 ____D C:\ProgramData\PopCap Games

2016-01-19 08:55 - 2012-08-24 15:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite

2016-01-19 08:55 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\ShellNew

2016-01-19 08:55 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

2016-01-19 08:54 - 2015-07-20 03:24 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-01-19 08:54 - 2014-04-02 23:32 - 00000000 ____D C:\ProgramData\Razer

2016-01-19 08:54 - 2012-11-13 22:58 - 00000000 ____D C:\Program Files (x86)\Kalypso Media

2016-01-19 08:54 - 2012-08-24 16:14 - 00000000 ____D C:\ProgramData\Yahoo!

2016-01-19 08:54 - 2012-08-24 15:49 - 00000000 ____D C:\ProgramData\DivX

2016-01-19 08:54 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\DigitalLocker

2016-01-19 08:53 - 2014-06-17 12:35 - 00000000 ____D C:\Program Files (x86)\Gaming Mouse

2016-01-19 08:53 - 2014-01-31 21:29 - 00000000 ____D C:\ProgramData\nggiaomoijpbfonkpcefijihefpennji

2016-01-19 08:53 - 2013-03-15 11:24 - 00000000 ____D C:\Program Files (x86)\Java

2016-01-19 08:53 - 2012-12-30 00:22 - 00000000 ____D C:\ProgramData\GarenaMessenger

2016-01-19 08:53 - 2012-08-24 15:33 - 00000000 ____D C:\ProgramData\Splashtop

2016-01-19 08:53 - 2012-08-24 15:25 - 00000000 ____D C:\Users\Torres

2016-01-19 08:52 - 2015-09-22 14:12 - 00000000 __SHD C:\ProgramData\Hunt Systems Manager

2016-01-19 08:52 - 2013-12-30 17:46 - 00000000 ____D C:\ProgramData\SuaiveNewaAppPz

2016-01-19 08:52 - 2013-01-10 12:13 - 00000000 ____D C:\Program Files (x86)\OCSetup

2016-01-19 08:52 - 2012-10-26 01:13 - 00000000 ____D C:\Windows\Minidump

2016-01-19 08:52 - 2012-08-25 00:02 - 00000000 ____D C:\ProgramData\RoboForm

2016-01-19 08:52 - 2012-08-24 16:19 - 00000000 ____D C:\ProgramData\Microsoft Help

2016-01-19 08:52 - 2012-08-24 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-19 08:52 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files

2016-01-19 08:52 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppCompat

2016-01-19 08:51 - 2015-06-24 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-01-19 08:51 - 2014-10-22 22:00 - 00000000 ____D C:\ProgramData\Apple

2016-01-19 08:51 - 2014-10-22 22:00 - 00000000 ____D C:\Program Files (x86)\QuickTime

2016-01-19 08:51 - 2013-07-26 13:46 - 00000000 ____D C:\ProgramData\McAfee

2016-01-19 08:51 - 2012-08-24 18:11 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2016-01-19 08:51 - 2012-08-24 16:22 - 00000000 ____D C:\Windows\PCHEALTH

2016-01-19 08:51 - 2012-08-24 15:57 - 00000000 ____D C:\Program Files (x86)\Google

2016-01-19 08:51 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources

2016-01-19 08:51 - 2009-07-14 11:20 - 00000000 ____D C:\Windows

2016-01-19 08:50 - 2015-11-25 22:39 - 00000000 ____D C:\SWSetup

2016-01-19 08:50 - 2015-10-11 16:56 - 00000000 ____D C:\Windows\Downloaded Installations

2016-01-19 08:50 - 2014-11-08 22:19 - 00000000 ____D C:\Program Files (x86)\Cisco

2016-01-19 08:50 - 2012-08-24 16:18 - 00000000 ____D C:\ProgramData\Mozilla

2016-01-19 08:50 - 2012-08-24 15:47 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite

2016-01-19 08:50 - 2012-08-24 15:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-01-19 08:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\security

2016-01-19 08:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Cursors

2016-01-19 08:49 - 2015-10-11 16:08 - 00000000 ____D C:\Program Files (x86)\Windows Live

2016-01-19 08:49 - 2014-10-22 22:00 - 00000000 ____D C:\ProgramData\Apple Computer

2016-01-19 08:49 - 2014-06-10 18:28 - 00000000 ____D C:\ProgramData\Oracle

2016-01-19 08:49 - 2012-08-24 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8

2016-01-19 08:49 - 2012-08-24 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-01-19 08:49 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2016-01-19 08:49 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2016-01-19 08:49 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\LiveKernelReports

2016-01-19 08:49 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\L2Schemas

2016-01-19 08:48 - 2015-07-20 03:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-01-19 08:48 - 2015-07-19 13:38 - 00000000 ____D C:\ProgramData\RegRun

2016-01-19 08:48 - 2014-10-15 20:25 - 00000000 ____D C:\Program Files (x86)\Nero

2016-01-19 08:48 - 2014-05-18 11:49 - 00000000 ____D C:\ProgramData\SP_FT_Logs

2016-01-19 08:48 - 2013-01-28 22:28 - 00000000 ____D C:\ProgramData\Samsung

2016-01-19 08:48 - 2012-08-24 16:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio

2016-01-19 08:48 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Offline Web Pages

2016-01-19 08:48 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\addins

2016-01-19 08:47 - 2012-08-24 16:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Works

2016-01-19 08:47 - 2012-08-24 16:08 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2016-01-19 08:47 - 2012-08-24 15:40 - 00000000 ____D C:\Program Files (x86)\WinRAR

2016-01-19 08:47 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\ServiceProfiles

2016-01-19 08:46 - 2015-07-19 16:25 - 00000000 ____D C:\Program Files (x86)\SMADAV

2016-01-19 08:46 - 2014-10-15 20:26 - 00000000 ____D C:\ProgramData\Ahead

2016-01-19 08:46 - 2013-03-15 11:26 - 00000000 ____D C:\Windows\Sun

2016-01-19 08:46 - 2013-01-28 22:28 - 00000000 ____D C:\Program Files (x86)\Samsung

2016-01-19 08:46 - 2013-01-10 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync

2016-01-19 08:46 - 2012-08-24 16:02 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-01-19 08:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system

2016-01-19 08:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\ModemLogs

2016-01-19 08:45 - 2015-03-07 19:57 - 00000000 ____D C:\ProgramData\Linksys

2016-01-19 08:45 - 2014-05-24 15:58 - 00000000 ____D C:\Program Files (x86)\RaidCall

2016-01-19 08:45 - 2013-10-02 10:31 - 00000000 ____D C:\Program Files (x86)\MSECache

2016-01-19 08:45 - 2012-10-02 10:42 - 00000000 ____D C:\ProgramData\Magic Submitter

2016-01-19 08:45 - 2012-08-24 15:35 - 00000000 ____D C:\ProgramData\ATI

2016-01-19 08:45 - 2009-07-14 15:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents

2016-01-19 08:45 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\TAPI

2016-01-19 08:44 - 2013-01-17 19:12 - 00000000 ____D C:\Program Files (x86)\THQ

2016-01-19 08:44 - 2013-01-17 12:34 - 00000000 ____D C:\ProgramData\Media Center Programs

2016-01-19 08:44 - 2012-08-24 17:48 - 00000000 ____D C:\Windows\Options

2016-01-19 08:43 - 2015-07-19 16:47 - 00000942 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job

2016-01-19 08:43 - 2012-08-24 16:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-19 08:43 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Web

2016-01-19 08:39 - 2012-11-24 10:51 - 00000000 ____D C:\ProgramData\PMB Files

2016-01-19 08:39 - 2009-07-14 12:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-19 08:39 - 2009-07-14 12:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-19 08:39 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\Setup

2016-01-19 08:38 - 2014-04-02 23:32 - 00000000 ____D C:\Program Files (x86)\Razer

2016-01-19 08:38 - 2013-03-15 11:26 - 00000000 ____D C:\ProgramData\Sun

2016-01-19 08:38 - 2013-01-10 15:48 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2016-01-19 08:38 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Performance

2016-01-19 08:38 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media

2016-01-19 08:38 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\tracing

2016-01-19 08:38 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SchCache

2016-01-19 08:38 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration

2016-01-19 08:38 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\IME

2016-01-19 08:37 - 2015-12-04 20:12 - 00000728 _____ C:\Windows\SysWOW64\Aplikasi.lnk

2016-01-19 08:37 - 2015-12-04 20:12 - 00000728 _____ C:\Windows\system\Aplikasi.lnk

2016-01-19 08:37 - 2015-08-17 21:35 - 00000748 _____ C:\Windows\SysWOW64\AdvancedInstallers.lnk

2016-01-19 08:37 - 2015-08-17 21:35 - 00000722 _____ C:\Windows\SysWOW64\ar-SA.lnk

2016-01-19 08:37 - 2015-08-17 21:35 - 00000722 _____ C:\Windows\SysWOW64\Adobe.lnk

2016-01-19 08:37 - 2015-08-17 21:35 - 00000720 _____ C:\Windows\SysWOW64\0409.lnk

2016-01-19 08:37 - 2015-08-17 08:34 - 00000722 _____ C:\Windows\SysWOW64\bg-BG.lnk

2016-01-19 08:37 - 2015-07-19 16:25 - 00000000 __SHD C:\[smad-Cage]

2016-01-19 08:37 - 2015-07-19 13:03 - 00000716 _____ C:\Windows\system32\$RECYCLE.BIN.lnk

2016-01-19 08:37 - 2015-02-25 06:38 - 00000728 _____ C:\Windows\system32\AdvancedInstallers.lnk

2016-01-19 08:37 - 2015-02-25 06:38 - 00000728 _____ C:\Windows\Minidump\Aplikasi.lnk

2016-01-19 08:37 - 2015-02-25 06:38 - 00000708 _____ C:\Windows\system32\Aplikasi.lnk

2016-01-19 08:37 - 2015-02-25 06:38 - 00000706 _____ C:\Windows\system32\appmgmt.lnk

2016-01-19 08:37 - 2015-02-25 06:38 - 00000700 _____ C:\Windows\system32\0409.lnk

2016-01-19 08:37 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\RemotePackages

2016-01-19 08:37 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\CSC

2016-01-19 08:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Vss

2016-01-19 08:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\schemas

2016-01-19 08:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2016-01-19 08:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PLA

2016-01-19 08:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Branding

2016-01-19 08:36 - 2015-12-04 20:11 - 00000750 _____ C:\Users\Torres\Aplikasi.lnk

2016-01-19 08:36 - 2015-12-04 20:11 - 00000750 _____ C:\Users\Public\Aplikasi.lnk

2016-01-19 08:36 - 2015-12-04 20:11 - 00000750 _____ C:\Users\Default\Aplikasi.lnk

2016-01-19 08:36 - 2015-12-04 20:11 - 00000726 _____ C:\Windows\Aplikasi.lnk

2016-01-19 08:36 - 2015-12-04 20:10 - 00000750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Aplikasi.lnk

2016-01-19 08:36 - 2015-12-04 10:53 - 00000750 _____ C:\ProgramData\Aplikasi.lnk

2016-01-19 08:36 - 2015-12-04 10:50 - 00000744 _____ C:\Users\Aplikasi.lnk

2016-01-19 08:36 - 2015-11-27 06:51 - 00000740 _____ C:\Windows\.jagex_cache_32.lnk

2016-01-19 08:36 - 2015-11-27 06:51 - 00000726 _____ C:\Windows\assembly.lnk

2016-01-19 08:36 - 2015-11-27 06:51 - 00000726 _____ C:\Windows\AppPatch.lnk

2016-01-19 08:36 - 2015-11-27 06:51 - 00000722 _____ C:\Windows\addins.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000768 _____ C:\Users\Torres\.oracle_jre_usage.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000766 _____ C:\Users\Torres\Application Data.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000766 _____ C:\Users\Default\Application Data.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000756 _____ C:\Users\Torres\.thumbnails.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000752 _____ C:\Users\Default User.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Torres\AppData.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Public\Desktop.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Default\Desktop.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Default\Cookies.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000748 _____ C:\Users\Default\AppData.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000742 _____ C:\Users\Default.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000740 _____ C:\Users\Torres.lnk

2016-01-19 08:36 - 2015-11-26 22:19 - 00000740 _____ C:\Users\Public.lnk

2016-01-19 08:36 - 2015-11-26 22:18 - 00000762 _____ C:\ProgramData\Apple Computer.lnk

2016-01-19 08:36 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Apple.lnk

2016-01-19 08:36 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Ahead.lnk

2016-01-19 08:36 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Adobe.lnk

2016-01-19 08:36 - 2015-11-26 22:18 - 00000740 _____ C:\ProgramData\AMD.lnk

2016-01-19 08:36 - 2015-10-11 16:57 - 00000000 ____D C:\ProgramData\Free YouTube Downloader

2016-01-19 08:36 - 2015-10-11 16:10 - 00000000 ____D C:\Windows\en

2016-01-19 08:36 - 2014-05-23 14:19 - 00000000 ____D C:\Program Files (x86)\MarkAny

2016-01-19 08:36 - 2013-12-03 22:19 - 00000000 ____D C:\SWTOOLS

2016-01-19 08:36 - 2013-09-28 10:14 - 00000000 ____D C:\Windows\.jagex_cache_32

2016-01-19 08:36 - 2013-01-17 12:26 - 00000000 __SHD C:\Windows\ftpcache

2016-01-19 08:36 - 2012-12-31 17:06 - 00000000 ____D C:\ProgramData\EPSON

2016-01-19 08:36 - 2012-10-24 15:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2016-01-19 08:36 - 2012-08-24 18:14 - 00000000 ____D C:\ProgramData\WEBZEN

2016-01-19 08:36 - 2012-08-24 16:32 - 00000000 ____D C:\ProgramData\AVAST Software

2016-01-19 08:36 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\MSBuild

2016-01-19 08:36 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf

2016-01-19 08:36 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Help

2016-01-19 08:36 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Globalization

2016-01-19 08:36 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Windows NT

2016-01-19 08:35 - 2015-10-05 22:32 - 00000000 ____D C:\Program Files (x86)\Opera

2016-01-19 08:35 - 2015-07-19 13:11 - 00000000 ____D C:\Program Files (x86)\UnHackMe

2016-01-19 08:35 - 2015-03-12 09:56 - 00000000 ____D C:\Program Files (x86)\PowerISO

2016-01-19 08:35 - 2014-11-08 19:16 - 00000000 ____D C:\Program Files (x86)\WTFast

2016-01-19 08:35 - 2014-10-23 04:59 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0

2016-01-19 08:35 - 2014-10-22 21:02 - 00000000 ____D C:\Program Files (x86)\Sun Broadband Wireless

2016-01-19 08:35 - 2014-10-10 21:18 - 00000000 ____D C:\ProgramData\IObit

2016-01-19 08:35 - 2014-10-10 21:18 - 00000000 ____D C:\Program Files (x86)\IObit

2016-01-19 08:35 - 2014-08-11 15:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-01-19 08:35 - 2014-05-18 11:33 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android

2016-01-19 08:35 - 2013-12-30 17:46 - 00000000 ____D C:\ProgramData\b445933ff7cc4de1

2016-01-19 08:35 - 2013-05-10 15:41 - 00000000 ____D C:\Program Files (x86)\Sony

2016-01-19 08:35 - 2013-03-21 21:17 - 00000000 ____D C:\Program Files (x86)\Vimicro Corporation

2016-01-19 08:35 - 2013-01-10 11:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2016-01-19 08:35 - 2012-11-30 01:14 - 00000000 ____D C:\Program Files (x86)\GUM1813.tmp

2016-01-19 08:35 - 2012-08-24 16:23 - 00000000 ____D C:\Program Files (x86)\USB Disk Security

2016-01-19 08:35 - 2012-08-24 15:33 - 00000000 ___HD C:\Program Files (x86)\Temp

2016-01-19 08:35 - 2012-08-24 15:33 - 00000000 ____D C:\Program Files (x86)\Realtek

2016-01-19 08:35 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

2016-01-19 08:35 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2016-01-19 08:34 - 2015-10-11 16:57 - 00000000 ____D C:\Program Files (x86)\Lenovo

2016-01-19 08:34 - 2015-03-12 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2016-01-19 08:34 - 2015-03-12 10:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2016-01-19 08:34 - 2014-07-25 00:24 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity

2016-01-19 08:34 - 2014-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\EPSON Software

2016-01-19 08:34 - 2013-03-21 21:16 - 00000000 ____D C:\Program Files (x86)\IM Magician

2016-01-19 08:34 - 2013-01-02 14:08 - 00000000 ____D C:\Program Files (x86)\epson

2016-01-19 08:34 - 2012-08-24 15:57 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack

2016-01-19 08:34 - 2012-08-24 15:51 - 00000000 ____D C:\Program Files (x86)\DivX

2016-01-19 08:34 - 2012-08-24 15:38 - 00000000 ____D C:\Program Files (x86)\GIGABYTE

2016-01-19 08:33 - 2015-10-03 14:35 - 00000000 ____D C:\Program Files (x86)\AVG

2016-01-19 08:33 - 2014-12-30 23:10 - 00000000 ____D C:\Program Files (x86)\Audacity

2016-01-19 08:33 - 2014-12-03 08:48 - 00000000 ____D C:\Program Files (x86)\AppName

2016-01-19 08:33 - 2012-09-06 14:02 - 00000000 ____D C:\Program Files (x86)\BitLord 2

2016-01-19 08:33 - 2012-08-24 15:31 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2016-01-19 08:32 - 2014-10-22 22:00 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-01-19 08:32 - 2012-10-24 14:30 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player

2016-01-19 08:32 - 2012-10-02 10:42 - 00000000 ____D C:\Program Files (x86)\Alexandr Krulik

2016-01-19 08:32 - 2012-08-24 15:33 - 00000000 ____D C:\Program Files (x86)\AMD APP

2016-01-19 08:31 - 2012-10-12 01:37 - 00000000 ___RD C:\Users\Torres\Dropbox

2016-01-19 08:31 - 2012-10-12 01:35 - 00000000 ____D C:\Users\Torres\AppData\Roaming\Dropbox

2016-01-19 08:31 - 2012-09-11 19:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-01-19 08:29 - 2015-12-04 10:51 - 00000744 _____ C:\Program Files (x86)\Aplikasi.lnk

2016-01-19 08:29 - 2015-11-26 22:17 - 00000770 _____ C:\Program Files (x86)\Apple Software Update.lnk

2016-01-19 08:29 - 2015-11-26 22:17 - 00000764 _____ C:\Program Files (x86)\Adobe Media Player.lnk

2016-01-19 08:29 - 2015-11-26 22:17 - 00000758 _____ C:\Program Files (x86)\Alexandr Krulik.lnk

2016-01-19 08:29 - 2015-11-26 22:17 - 00000742 _____ C:\Program Files (x86)\AMD APP.lnk

2016-01-19 08:29 - 2015-11-26 22:17 - 00000738 _____ C:\Program Files (x86)\Adobe.lnk

2016-01-19 08:28 - 2015-12-04 10:51 - 00000750 _____ C:\Program Files\Common Files\Aplikasi.lnk

2016-01-19 08:28 - 2015-12-04 10:50 - 00000744 _____ C:\Program Files\Aplikasi.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000766 _____ C:\Program Files\Common Files\Microsoft Shared.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000760 _____ C:\Program Files\ATI Technologies.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000756 _____ C:\Program Files\Common Files\INCA Shared.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000756 _____ C:\Program Files\AVAST Software.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000750 _____ C:\Program Files\BarracudaNG.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000744 _____ C:\Program Files\Common Files\EPSON.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000744 _____ C:\Program Files\Common Files\Adobe.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000738 _____ C:\Program Files\Common Files\AV.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000738 _____ C:\Program Files\Adobe.lnk

2016-01-19 08:28 - 2015-11-26 22:16 - 00000734 _____ C:\Program Files\ATI.lnk

2016-01-19 08:28 - 2014-10-23 05:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-19 08:28 - 2013-01-10 12:13 - 00000000 ____D C:\Users\Torres\Tracing

2016-01-19 08:27 - 2015-02-25 06:35 - 00000000 _____ C:\Windows\system32\Serv60d.dll

2016-01-19 08:27 - 2012-08-24 16:14 - 00000000 ____D C:\Users\Torres\AppData\Roaming\Yahoo!

2016-01-19 08:27 - 2012-08-24 16:14 - 00000000 ____D C:\Users\Torres\AppData\LocalLow\Yahoo!

2016-01-19 08:27 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-19 08:05 - 2015-06-08 12:54 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job

2016-01-19 07:59 - 2012-11-30 01:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job

2016-01-19 02:00 - 2012-08-25 08:09 - 00000000 ____D C:\Users\Torres\AppData\Local\Adobe

2016-01-18 21:51 - 2015-07-20 00:27 - 00000000 ____D C:\Program Files\Bitdefender

2016-01-18 21:51 - 2014-09-22 17:30 - 00000000 ____D C:\Program Files\WinRAR

2016-01-18 21:51 - 2014-08-11 15:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-01-18 21:51 - 2013-04-11 17:42 - 00000000 ____D C:\Program Files\BarracudaNG

2016-01-18 21:51 - 2012-08-24 15:55 - 00000000 ____D C:\Program Files\DivX

2016-01-18 21:51 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2016-01-18 21:51 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Portable Devices

2016-01-18 21:51 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Reference Assemblies

2016-01-18 21:51 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Microsoft Games

2016-01-18 21:51 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\DVD Maker

2016-01-18 21:51 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Windows NT

2016-01-18 21:50 - 2015-07-24 04:07 - 00000000 __SHD C:\found.000

2016-01-18 21:50 - 2015-07-19 14:17 - 00000000 ____D C:\@RestoreQuarantine

2016-01-18 21:50 - 2012-08-24 16:19 - 00000000 __RHD C:\MSOCache

2016-01-18 17:43 - 2015-07-19 16:47 - 00000890 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job

2016-01-18 16:09 - 2012-11-30 01:14 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job

2016-01-18 15:02 - 2012-08-24 16:08 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-01-18 15:02 - 2009-07-14 15:46 - 00000000 ____D C:\Program Files\Windows Journal

2016-01-18 15:02 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2016-01-18 15:01 - 2013-05-10 15:41 - 00000000 ____D C:\Program Files\Sony

2016-01-18 15:01 - 2013-04-11 17:42 - 00000000 ____D C:\Program Files\DIFX

2016-01-18 15:01 - 2013-01-10 12:15 - 00000000 ____D C:\Program Files\Microsoft Lync

2016-01-18 15:01 - 2012-08-24 16:20 - 00000000 ____D C:\Program Files\Microsoft Office

2016-01-18 15:01 - 2012-08-24 15:38 - 00000000 ____D C:\Program Files\GIGABYTE

2016-01-18 15:01 - 2012-08-24 15:34 - 00000000 ____D C:\Program Files\Realtek

2016-01-18 15:01 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Defender

2016-01-18 15:01 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\MSBuild

2016-01-18 15:00 - 2014-10-14 21:30 - 00000000 ____D C:\Program Files\Adobe

2016-01-18 15:00 - 2014-06-21 19:32 - 00000000 ____D C:\Games

2016-01-18 15:00 - 2013-08-24 13:00 - 00000000 ____D C:\GarenaDownload

2016-01-18 15:00 - 2012-08-24 16:32 - 00000000 ____D C:\Program Files\AVAST Software

2016-01-18 15:00 - 2012-08-24 15:41 - 00000000 ____D C:\Program Files\CCleaner

2016-01-18 15:00 - 2012-08-24 15:32 - 00000000 ____D C:\Program Files\ATI Technologies

2016-01-18 15:00 - 2012-08-24 15:32 - 00000000 ____D C:\Program Files\ATI

2016-01-18 15:00 - 2009-07-14 11:20 - 00000000 ____D C:\PerfLogs

2016-01-18 14:59 - 2015-08-21 19:07 - 00000000 ____D C:\Adjustment Program

2016-01-18 14:59 - 2015-07-19 15:33 - 00000000 ____D C:\Backreg

2016-01-18 14:59 - 2014-10-06 13:53 - 00000000 ____D C:\divx

2016-01-18 13:05 - 2015-06-08 12:54 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job

2016-01-18 11:29 - 2014-04-06 08:42 - 00000000 ____D C:\Users\Torres\AppData\Local\CrashDumps

2016-01-17 22:09 - 2015-08-17 08:34 - 00000722 _____ C:\Windows\SysWOW64\Music.lnk

2016-01-17 22:09 - 2015-08-17 08:21 - 00000722 _____ C:\Windows\system\Music.lnk

2016-01-17 22:09 - 2015-02-26 11:59 - 00000702 _____ C:\Windows\system32\Music.lnk

2016-01-17 22:09 - 2015-02-26 11:58 - 00000722 _____ C:\Windows\Minidump\Music.lnk

2016-01-17 22:08 - 2015-12-02 00:54 - 00000720 _____ C:\Windows\Music.lnk

2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\Users\Torres\Music.lnk

2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\Users\Public\Music.lnk

2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\Users\Default\Music.lnk

2016-01-17 22:08 - 2015-11-26 22:19 - 00000744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Music.lnk

2016-01-17 22:08 - 2015-11-26 22:18 - 00000744 _____ C:\ProgramData\Music.lnk

2016-01-17 22:08 - 2015-11-26 22:16 - 00000738 _____ C:\Users\Music.lnk

2016-01-17 22:05 - 2015-11-26 22:17 - 00000738 _____ C:\Program Files (x86)\Music.lnk

2016-01-17 22:01 - 2015-11-26 22:16 - 00000744 _____ C:\Program Files\Common Files\Music.lnk

2016-01-17 22:00 - 2015-11-26 22:16 - 00000738 _____ C:\Program Files\Music.lnk

2016-01-17 13:04 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2016-01-16 16:43 - 2014-12-29 09:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-01-15 00:23 - 2015-02-24 22:36 - 00000000 ____D C:\Users\Torres\AppData\Local\Steam

2016-01-10 13:57 - 2015-11-22 17:20 - 00003242 _____ C:\Windows\System32\Tasks\smadav

2016-01-03 12:44 - 2012-08-24 16:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-03 12:43 - 2012-08-24 15:56 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-03 12:43 - 2012-08-24 15:56 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-12-31 21:10 - 2014-10-23 07:37 - 00484374 _____ C:\Windows\system32\perfh00B.dat

2015-12-31 21:10 - 2014-10-23 07:37 - 00101844 _____ C:\Windows\system32\perfc00B.dat

2015-12-31 21:10 - 2009-07-14 13:13 - 01362316 _____ C:\Windows\system32\PerfStringBackup.INI

 

==================== Files in the root of some directories =======

 

2015-11-26 22:16 - 2016-01-19 08:28 - 0000738 _____ () C:\Program Files\Adobe.lnk

2015-12-04 10:50 - 2016-01-19 08:28 - 0000744 _____ () C:\Program Files\Aplikasi.lnk

2015-11-26 22:16 - 2016-01-19 08:28 - 0000760 _____ () C:\Program Files\ATI Technologies.lnk

2015-11-26 22:16 - 2016-01-19 08:28 - 0000734 _____ () C:\Program Files\ATI.lnk

2015-11-26 22:16 - 2016-01-19 08:28 - 0000756 _____ () C:\Program Files\AVAST Software.lnk

2015-11-26 22:16 - 2016-01-19 08:28 - 0000750 _____ () C:\Program Files\BarracudaNG.lnk

2015-11-26 22:16 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files\dekstop.ini

2015-04-01 10:36 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files\Lirik.rtf

2015-11-26 22:16 - 2016-01-17 22:00 - 0000738 _____ () C:\Program Files\Music.lnk

2015-07-19 22:46 - 2015-03-10 14:51 - 0000246 __RSH () C:\Program Files\trz1DEB.tmp

2016-01-18 10:53 - 2016-01-17 22:00 - 0000246 __RSH () C:\Program Files\trz4C78.tmp

2015-07-25 05:20 - 2015-07-20 03:08 - 0000246 __RSH () C:\Program Files\trzC987.tmp

2015-11-26 22:17 - 2016-01-19 08:29 - 0000764 _____ () C:\Program Files (x86)\Adobe Media Player.lnk

2015-11-26 22:17 - 2016-01-19 08:29 - 0000738 _____ () C:\Program Files (x86)\Adobe.lnk

2015-11-26 22:17 - 2016-01-19 08:29 - 0000758 _____ () C:\Program Files (x86)\Alexandr Krulik.lnk

2015-11-26 22:17 - 2016-01-19 08:29 - 0000742 _____ () C:\Program Files (x86)\AMD APP.lnk

2015-12-04 10:51 - 2016-01-19 08:29 - 0000744 _____ () C:\Program Files (x86)\Aplikasi.lnk

2015-11-26 22:17 - 2016-01-19 08:29 - 0000770 _____ () C:\Program Files (x86)\Apple Software Update.lnk

2015-11-26 22:17 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files (x86)\dekstop.ini

2015-04-01 10:37 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files (x86)\Lirik.rtf

2015-11-26 22:17 - 2016-01-17 22:05 - 0000738 _____ () C:\Program Files (x86)\Music.lnk

2015-07-19 23:58 - 2015-03-10 14:51 - 0000246 __RSH () C:\Program Files (x86)\trz107A.tmp

2015-07-25 06:00 - 2015-07-20 03:08 - 0000246 __RSH () C:\Program Files (x86)\trz78FE.tmp

2015-12-20 14:50 - 2015-12-20 12:06 - 0000746 _____ () C:\Program Files (x86)\trzA70F.tmp

2015-11-26 22:16 - 2016-01-19 08:28 - 0000744 _____ () C:\Program Files\Common Files\Adobe.lnk

2015-12-04 10:51 - 2016-01-19 08:28 - 0000750 _____ () C:\Program Files\Common Files\Aplikasi.lnk

2015-11-26 22:16 - 2016-01-19 08:28 - 0000738 _____ () C:\Program Files\Common Files\AV.lnk

2015-11-26 22:16 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files\Common Files\dekstop.ini

2015-11-26 22:16 - 2016-01-19 08:28 - 0000744 _____ () C:\Program Files\Common Files\EPSON.lnk

2015-11-26 22:16 - 2016-01-19 08:28 - 0000756 _____ () C:\Program Files\Common Files\INCA Shared.lnk

2015-04-01 10:37 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files\Common Files\Lirik.rtf

2015-11-26 22:16 - 2016-01-19 08:28 - 0000766 _____ () C:\Program Files\Common Files\Microsoft Shared.lnk

2015-11-26 22:16 - 2016-01-17 22:01 - 0000744 _____ () C:\Program Files\Common Files\Music.lnk

2015-07-25 05:25 - 2015-03-10 14:51 - 0000246 __RSH () C:\Program Files\Common Files\trz285A.tmp

2015-11-27 06:25 - 2015-11-27 05:56 - 0000752 _____ () C:\Program Files\Common Files\trzC05F.tmp

2015-11-26 22:17 - 2016-01-19 08:33 - 0000744 _____ () C:\Program Files (x86)\Common Files\Adobe.lnk

2015-11-26 22:17 - 2016-01-19 08:33 - 0000744 _____ () C:\Program Files (x86)\Common Files\Ahead.lnk

2015-12-04 10:52 - 2016-01-19 08:33 - 0000750 _____ () C:\Program Files (x86)\Common Files\Aplikasi.lnk

2015-11-26 22:17 - 2016-01-19 08:33 - 0000744 _____ () C:\Program Files (x86)\Common Files\Apple.lnk

2016-01-18 12:54 - 2016-01-18 12:52 - 0000246 __RSH () C:\Program Files (x86)\Common Files\autorun.inf

2015-11-26 22:17 - 2016-01-19 08:33 - 0000738 _____ () C:\Program Files (x86)\Common Files\AV.lnk

2015-11-26 22:17 - 2006-02-04 19:30 - 0011330 __RSH () C:\Program Files (x86)\Common Files\dekstop.ini

2015-04-01 10:37 - 2015-07-01 22:50 - 0000729 _____ () C:\Program Files (x86)\Common Files\Lirik.rtf

2015-11-26 22:17 - 2016-01-17 22:05 - 0000744 _____ () C:\Program Files (x86)\Common Files\Music.lnk

2015-07-25 06:19 - 2015-03-14 10:57 - 0000246 __RSH () C:\Program Files (x86)\Common Files\trz1115.tmp

2015-11-26 22:19 - 2015-11-26 22:19 - 0000752 _____ () C:\Program Files (x86)\Common Files\trz546D.tmp

2015-12-16 11:53 - 2015-12-16 11:53 - 0000752 _____ () C:\Program Files (x86)\Common Files\trzEA42.tmp

2014-11-04 22:42 - 2014-11-04 23:04 - 0000132 _____ () C:\Users\Torres\AppData\Roaming\Adobe PNG Format CS5 Prefs

2012-09-06 14:03 - 2014-03-24 22:35 - 0000000 _____ () C:\Users\Torres\AppData\Roaming\bitlord_log.txt

2012-12-30 00:59 - 2013-03-18 04:55 - 0045270 _____ () C:\Users\Torres\AppData\Roaming\room_v3.dat

2014-04-02 23:52 - 2014-04-05 10:39 - 0034816 _____ () C:\Users\Torres\AppData\Roaming\RZR_0060ac6648b595ee2e37dcc6204b.db

2014-04-09 15:54 - 2014-10-23 00:54 - 0000136 _____ () C:\Users\Torres\AppData\Roaming\WB.CFG

2013-01-28 20:58 - 2013-01-28 20:58 - 0021687 _____ () C:\Users\Torres\AppData\Local\recently-used.xbel

2012-09-01 00:53 - 2012-09-01 00:53 - 0007599 _____ () C:\Users\Torres\AppData\Local\Resmon.ResmonCfg

2015-07-20 00:29 - 2015-07-20 00:29 - 0182442 _____ () C:\ProgramData\1437323223.bdinstall.bin

2015-07-20 02:42 - 2015-07-20 02:42 - 0037823 _____ () C:\ProgramData\1437331326.bdinstall.bin

2015-07-20 02:47 - 2015-07-20 02:47 - 0059141 _____ () C:\ProgramData\1437331358.bdinstall.bin

2015-07-20 03:21 - 2015-07-20 03:21 - 0037690 _____ () C:\ProgramData\1437333689.bdinstall.bin

2015-07-20 03:22 - 2015-07-20 03:22 - 0097253 _____ () C:\ProgramData\1437333691.bdinstall.bin

2015-11-26 22:18 - 2016-01-19 08:36 - 0000744 _____ () C:\ProgramData\Adobe.lnk

2015-11-26 22:18 - 2016-01-19 08:36 - 0000744 _____ () C:\ProgramData\Ahead.lnk

2015-11-26 22:18 - 2016-01-19 08:36 - 0000740 _____ () C:\ProgramData\AMD.lnk

2015-12-04 10:53 - 2016-01-19 08:36 - 0000750 _____ () C:\ProgramData\Aplikasi.lnk

2015-11-26 22:18 - 2016-01-19 08:36 - 0000762 _____ () C:\ProgramData\Apple Computer.lnk

2015-11-26 22:18 - 2016-01-19 08:36 - 0000744 _____ () C:\ProgramData\Apple.lnk

2015-11-26 22:18 - 2006-02-04 19:30 - 0011330 __RSH () C:\ProgramData\dekstop.ini

2013-01-14 21:13 - 2012-11-15 21:13 - 0000032 ____R () C:\ProgramData\hash.dat

2015-04-01 10:39 - 2015-07-01 22:50 - 0000729 _____ () C:\ProgramData\Lirik.rtf

2012-10-02 10:42 - 2011-07-24 12:13 - 0993792 _____ () C:\ProgramData\MSRecovery.exe

2015-11-26 22:18 - 2016-01-17 22:08 - 0000744 _____ () C:\ProgramData\Music.lnk

2012-10-02 10:42 - 2012-08-23 15:51 - 0000691 _____ () C:\ProgramData\settings.ini

2015-12-12 03:41 - 2015-12-12 03:33 - 0000752 _____ () C:\ProgramData\trz160E.tmp

2015-11-27 07:22 - 2015-11-27 07:20 - 0000752 _____ () C:\ProgramData\trz400.tmp

2016-01-17 16:47 - 2016-01-17 16:47 - 0000746 _____ () C:\ProgramData\trz84A2.tmp

2015-12-15 08:26 - 2015-12-15 08:26 - 0000752 _____ () C:\ProgramData\trz85B3.tmp

2015-12-20 17:52 - 2015-12-20 17:51 - 0000752 _____ () C:\ProgramData\trzA245.tmp

2015-12-19 22:31 - 2015-12-19 22:30 - 0000752 _____ () C:\ProgramData\trzCE59.tmp

2015-11-26 22:24 - 2015-11-26 22:22 - 0000752 _____ () C:\ProgramData\trzDBF.tmp

2015-07-20 11:44 - 2015-07-20 11:35 - 0000246 __RSH () C:\ProgramData\trzEB28.tmp

2016-01-17 22:07 - 2016-01-17 22:07 - 0000597 _____ () C:\ProgramData\trzFF79.tmp

 

Files to move or delete:

====================

C:\ProgramData\hash.dat

C:\ProgramData\MSRecovery.exe

 

 

Some files in TEMP:

====================

C:\Users\Torres\AppData\Local\Temp\18ac0136f09d41bbb680c503977ecdfe.exe

C:\Users\Torres\AppData\Local\Temp\sqlite3.dll

 

 

Some zero byte size files/folders:

==========================

C:\Windows\System32\Serv60d.dll

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-01-19 00:19

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016

Ran by Torres (2016-01-19 09:00:40)

Running from D:\downloads

Windows 7 Ultimate (X64) (2012-08-24 07:24:18)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-819453736-4280033654-1804472810-500 - Administrator - Disabled)

Guest (S-1-5-21-819453736-4280033654-1804472810-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-819453736-4280033654-1804472810-1005 - Limited - Enabled)

Torres (S-1-5-21-819453736-4280033654-1804472810-1000 - Administrator - Enabled) => C:\Users\Torres

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: Barracuda Personal Firewall (Enabled) {359AB737-38BF-B875-9860-26722624EDDC}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)

AMD Catalyst Install Manager (HKLM\...\{AE196FD4-5109-21C4-6B2D-C8B60E188EC7}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)

Barracuda Network Access Client 3.2 x64 (HKLM\...\{5BD3B34D-87CC-4148-BC3D-336D3315F55A}) (Version: 7.03.053 - Barracuda Networks, Inc)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

Citrio (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Citrio) (Version: 46.0.2490.267 - © Catalinagroup Ltd.)

Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden

Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.300.0 - THQ Inc.)

Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)

Components Setup (x32 Version: 1.00.0000 - Vimicro Corporation) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dropbox (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)

EPSON L110 Series Printer Uninstall (HKLM\...\EPSON L110 Series) (Version:  - SEIKO EPSON Corporation)

EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)

Gaming Mouse Driver (HKLM-x32\...\{2F9C99E1-A1D2-4ADB-AFA0-3A1ED9471811}) (Version:  - )

Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)

Google Photos Backup (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

K-Lite Codec Pack 9.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.1.0 - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Magic Submitter version 3.09 (HKLM-x32\...\{9629C88B-66A7-4EB3-84E4-D2847F683DDA}_is1) (Version: 3.09 - Alexandr Krulik)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4478 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Program version 1.5 (HKLM-x32\...\My Program_is1) (Version: 1.5 - )

Nero 7 Ultra Edition (HKLM-x32\...\{26D3E377-1DCA-4043-9410-B4A9BACF1033}) (Version: 7.02.9888 - Nero AG)

NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)

ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)

SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

STOnline (HKLM-x32\...\{14FE48DA-E172-4CC5-B397-92ECA4B0E088}) (Version: 1.0000 - koramgame)

Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 16.001.06.05.256 - Huawei Technologies Co.,Ltd)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)

Unity Web Player (HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)

WicReset version 3.0.80.50 (HKLM-x32\...\{20379D3A-321B-4830-96A6-37183B713AE8}_is1) (Version: 3.0.80.50 - WWW.WIC.SUPPORT)

Windows Driver Package - Barracuda Networks Inc. Secure Personal Access Client Filter (10/28/2011 4.0.2.19) (HKLM\...\615CE0F8DE761895C3EC574A4B8F7A6B709F6A76) (Version: 10/28/2011 4.0.2.19 - Barracuda Networks Inc.)

Windows Driver Package - phion AG phion Virtual Adapter (11/02/2011 4.0.2.5) (HKLM\...\0A32017DF2E22534FE35FDBED6D12FA25A6370A8) (Version: 11/02/2011 4.0.2.5 - phion AG)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Torres\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-819453736-4280033654-1804472810-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Torres\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0283E56A-1C85-4642-9C01-AD561479D6E5} - System32\Tasks\{BAF031B3-1F4F-46D0-8689-4DFA27ED0C68} => pcalua.exe -a C:\SWTOOLS\DRIVERS\CAMERA\8m01kc36g07\setup.exe -d C:\SWTOOLS\DRIVERS\CAMERA\8m01kc36g07

Task: {031E5D91-DD5F-4517-9F63-CB45A9BD3347} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)

Task: {0E4ED233-C11C-411A-B374-7C76C5042371} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {1DB930B1-E0F7-4034-A56A-E746641EDA79} - System32\Tasks\gg_uac_daemon_Torres => D:\Games\Garena Plus\ggdllhost.exe [2015-01-20] ()

Task: {236665E2-86AE-4788-B58C-6501EEAEB164} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)

Task: {29AE785A-0C32-4E99-952E-867E01FAF9FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {2AE05C30-B4DD-40EC-9B99-ED85577705AF} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-08-20] (Smadsoft)

Task: {2D36F670-2688-4B19-A384-ACB6921B4A27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {2DFA6C6E-121E-469A-A1C1-37A2F40B3C99} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)

Task: {35A2AFBF-9939-4096-B5C6-5D15B24ADD09} - System32\Tasks\{273F32B9-3406-4636-95B1-270119CC8C13} => pcalua.exe -a F:\Setup.exe -d F:\

Task: {401ED0CA-C5C9-4332-B07B-9D9A760BD47D} - System32\Tasks\{4CF2DE34-5AF5-407D-8A94-E97A95D82119} => pcalua.exe -a D:\downloads\chromeinstall-7u60.exe -d D:\downloads

Task: {496EE128-E19C-4295-99EF-7A9E0CC6991D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)

Task: {4AFAD03D-E91F-4226-8B9B-C4E1E9A3C468} - System32\Tasks\{6E656910-B3D3-43BB-B373-48CB4C3BE536} => pcalua.exe -a "D:\Games\Cabal Rising Force\CabalOnlinePH-Episode VIII-3rdAwakening.exe" -d "D:\Games\Cabal Rising Force"

Task: {537F319D-4B8D-4CE6-A448-39E3D6F4A910} - System32\Tasks\{C6C67EE3-755C-42D8-BDDD-01B6EFA74C03} => pcalua.exe -a D:\Barracuda\install.exe -d D:\Barracuda

Task: {5556D353-E574-4BDE-BF3B-210F98A960AE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)

Task: {592301B9-3750-43C7-8A1E-71B7AA63F8BC} - System32\Tasks\{4E774B79-20D0-48BA-A680-2BEBB658783C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {652177F4-C044-49D1-8200-63711C5F7D2E} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-13] (Catalina Group Ltd.)

Task: {6695986E-6FB8-4E18-AFBE-6336A9BEEDB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)

Task: {6BF9E79B-3D7E-424E-B653-63256E4358A3} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-10-13] (Catalina Group Ltd.)

Task: {6C9B05B0-E3E4-41EC-96CD-8B27F4AB5DE6} - System32\Tasks\{2CB8692B-08E2-419C-91E3-9E88625EA479} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{14FE48DA-E172-4CC5-B397-92ECA4B0E088}\setup.exe"

Task: {7F2BF7BD-F077-4C26-85DD-A1C5F6066685} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe

Task: {7F7A4266-F12E-4EA4-937B-F58C327C7F3B} - System32\Tasks\{18AD5277-3E29-4CF9-96D3-5BB28DD9610E} => pcalua.exe -a "D:\Webcam Driver\Vista\Drivers\English\CtDrvStp.exe" -d "D:\Webcam Driver\Vista\Drivers\English"

Task: {805F94AE-74B4-42EA-81E6-B9B6D140A49B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {8455AB5D-8B60-47D0-AB8F-5DCDED51BC12} - System32\Tasks\{A56ED4C3-C739-4A9E-935A-C16D2157865F} => pcalua.exe -a D:\downloads\epson375687eu.exe -d D:\downloads

Task: {846F5A17-9FF3-4FA9-8C4B-7D79FDC987DA} - \avaxvyyvyf -> No File <==== ATTENTION

Task: {8F294040-8A4A-4954-A099-BB7D67AFC43C} - System32\Tasks\{F245BA23-9150-4255-9848-542306A8DD2E} => pcalua.exe -a "D:\Webcam Driver\Vista\Drivers\English\VfwUpd.EXE" -d "D:\Webcam Driver\Vista\Drivers\English"

Task: {982E1BC8-FC59-4DBD-AA6E-1A3B17D1E420} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-08] (Dropbox, Inc.)

Task: {99A6F9DE-1D68-4E47-9DE2-7B570E41A790} - System32\Tasks\{7A15CCAE-651F-491A-9E26-9AAE94FE0AF0} => pcalua.exe -a "D:\Webcam Driver\Vista\Drivers\English\CtDrvIns.exe" -d "D:\Webcam Driver\Vista\Drivers\English"

Task: {A584FC6A-C08F-495D-8DC7-741EB1117F3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-08] (Dropbox, Inc.)

Task: {AB6A41F8-CBB7-4785-9D64-3DD44B75E4F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-18] (Piriform Ltd)

Task: {AD98B18C-A2D4-4CBA-BC5A-B920CA7E494B} - System32\Tasks\{8C040167-F2FA-491A-8586-799BC39D794E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsMain

Task: {B59C2953-A46C-4BB6-B0D1-D9E732B24918} - System32\Tasks\{89E1BC08-C1E5-4DFF-B334-74E2BADE5FA9} => pcalua.exe -a D:\downloads\CABALInstaller.exe -d D:\downloads

Task: {BBA15BD0-CAC7-4EAA-9C28-A0B6E249D885} - System32\Tasks\AdobeAAMUpdater-1.0-Torres-PC-Torres => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {C332D01D-A5A8-4C34-BE51-CEA6CC5E5271} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-10-10] ()

Task: {CA923B88-F8E2-4F62-BF21-FC14DE4B28CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-16] (AVAST Software)

Task: {D0FD261A-D942-489E-A17C-B16684026F40} - System32\Tasks\Google Update => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {E4B9B4FB-6961-4715-AF4C-23E468DE5B30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {EAF9F39A-1067-4028-BD60-B8E0AB532790} - System32\Tasks\{781374A5-72F1-4BE3-8769-744F2297AADD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe

Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000Core.job => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819453736-4280033654-1804472810-1000UA.job => C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2012-11-30 11:17 - 2012-11-30 11:17 - 01145216 _____ () C:\Program Files\BarracudaNG\vortexlib.dll

2012-11-30 11:17 - 2012-11-30 11:17 - 00114560 _____ () C:\Program Files\BarracudaNG\axl.dll

2006-09-19 09:07 - 2006-09-19 09:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe

2014-12-16 12:19 - 2015-01-20 20:20 - 00055896 _____ () D:\Games\Garena Plus\ggdllhost.exe

2014-06-17 12:35 - 2013-12-02 18:15 - 00495616 _____ () C:\Program Files (x86)\Gaming Mouse\Monitor.exe

2015-08-16 19:21 - 2015-08-16 19:21 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-08-16 19:20 - 2015-08-16 19:20 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-01-18 21:18 - 2016-01-18 21:18 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011800\algo.dll

2016-01-19 08:33 - 2016-01-19 08:33 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011801\algo.dll

2015-12-09 10:50 - 2015-10-31 08:59 - 00034768 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00019408 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\faulthandler.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00022848 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00023352 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00042296 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00116688 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2015-12-09 10:50 - 2015-10-31 08:59 - 00093640 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00018376 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\select.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00019760 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00105928 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32api.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00392144 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2015-12-09 10:50 - 2015-12-09 05:36 - 00381752 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00692688 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020816 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00109520 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 01737032 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020808 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020800 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00021840 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00038696 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\fastpath.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00024528 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32event.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00020936 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00114640 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32security.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00021320 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00124880 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32file.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00030160 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00043472 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32process.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00175560 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32gui.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00028616 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32ts.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00024016 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00048592 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32service.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00024392 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00036296 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\librsync.dll

2015-12-09 10:50 - 2015-10-31 09:00 - 00024016 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\win32profile.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00117056 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00023376 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00134608 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_elementtree.pyd

2015-12-09 10:50 - 2015-10-31 08:59 - 00134088 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00240584 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\jpegtran.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00020280 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00052024 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00021304 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00350152 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00084792 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2015-12-09 10:50 - 2015-12-09 05:36 - 01826608 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2015-12-09 10:50 - 2015-10-31 09:00 - 00083912 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\sip.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 03891504 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 01950000 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00519984 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00133936 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00225080 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00207672 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00024904 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00486704 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2015-12-09 10:50 - 2015-12-09 05:36 - 00357680 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2015-03-05 05:45 - 2015-10-31 09:01 - 00019920 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-03-05 05:45 - 2015-10-31 09:00 - 00786904 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-07-31 21:00 - 2015-10-31 09:00 - 00063448 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-03-05 05:45 - 2015-10-31 09:00 - 00019408 _____ () C:\Users\Torres\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2014-12-16 12:19 - 2015-03-23 18:17 - 00797120 _____ () D:\Games\Garena Plus\ggspawn.dll

2014-06-17 12:35 - 2013-11-29 15:11 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll

2014-06-17 12:35 - 2013-11-01 12:57 - 00049152 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll

2015-08-16 19:22 - 2015-08-16 19:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2016-01-16 17:02 - 2016-01-13 00:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll

2016-01-16 17:02 - 2016-01-13 00:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-819453736-4280033654-1804472810-1000\...\webcompanion.com -> hxxp://webcompanion.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 10:34 - 2013-07-18 10:28 - 00000622 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-819453736-4280033654-1804472810-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Torres\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 122.2.167.6 - 122.2.166.161

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is disabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: AdobeBridge => 

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

MSCONFIG\startupreg: CatalinaGroup Update => "C:\Users\Torres\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c

MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

MSCONFIG\startupreg: Facebook Update => "C:\Users\Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: GarenaPlus => "D:\Games\Garena Plus\GarenaMessenger.exe" -autolaunch

MSCONFIG\startupreg: Google Update => "C:\Users\Torres\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Torres\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MSCONFIG\startupreg: phion => C:\Program Files\BarracudaNG\phion.exe

MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe

MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{33FBBF3C-CB1D-4B97-97C8-E029FB4E81A9}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{AFC56F0E-D87E-4102-A96C-FF16D02A6F56}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{95BB0F77-78D6-4A12-AC44-4627C32D4CA7}] => (Allow) LPort=443

FirewallRules: [{B1ECE8BA-0C01-447C-987D-724CD520BA13}] => (Allow) LPort=443

FirewallRules: [{42CA94F0-F4A2-4982-9778-B66F0A33243E}] => (Allow) LPort=37674

FirewallRules: [{FD389ED7-C8A2-48F4-AD20-8A21291B0E06}] => (Allow) LPort=37674

FirewallRules: [{238F61B0-1796-4076-959A-14BA14C51B36}] => (Allow) LPort=37675

FirewallRules: [{9A9F93EB-9087-4659-95B3-BFBDD8DD1DC3}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{0C357875-2212-49A3-B90D-FEED233274E9}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{0E76CA4B-BE5B-4F1F-976C-C46DFE459BF6}] => (Allow) LPort=443

FirewallRules: [{25A0CAE3-5D70-4C6A-B6DA-4803FA7FF7DD}] => (Allow) LPort=443

FirewallRules: [{48616C34-1D69-4FA2-965A-60EA1B32B13F}] => (Allow) LPort=37674

FirewallRules: [{B7421A75-D886-4433-B792-892995685388}] => (Allow) LPort=37674

FirewallRules: [{FBF6656E-45F0-402B-B5A7-C0A6B8154A8D}] => (Allow) LPort=37675

FirewallRules: [{1AACE588-2B81-45F5-9F98-DC9895E78657}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{297FA7B3-4A59-499D-9C2A-0A482F960B66}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{AF435D19-1CCA-4348-941B-59B1176ABD48}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{F6EAB0DE-2E15-4847-95BB-2A245AA8F345}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [{91817CEE-3C8F-459C-942E-57A549C03335}] => (Allow) LPort=56808

FirewallRules: [{62DB19DE-471A-4D0E-A78D-453374974624}] => (Allow) LPort=56808

FirewallRules: [{D47BCF60-27AF-433B-8C38-408033CDF8CC}] => (Allow) LPort=56808

FirewallRules: [{58A6164C-F430-46C4-A295-B1D593C9DC02}] => (Allow) LPort=56808

FirewallRules: [{7CE693F4-41B6-4F75-9055-8DC23BC69BDF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

FirewallRules: [TCP Query User{4816A6F6-2E64-4AA2-A494-5D433B3B0E6C}D:\games\k.o.s\game_sting_pak\sting.exe] => (Allow) D:\games\k.o.s\game_sting_pak\sting.exe

FirewallRules: [uDP Query User{11D0C0FA-0478-4B51-AB00-F7E8D2CE2916}D:\games\k.o.s\game_sting_pak\sting.exe] => (Allow) D:\games\k.o.s\game_sting_pak\sting.exe

FirewallRules: [TCP Query User{769776F7-655E-4455-83BC-6C2172C75C46}D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe] => (Allow) D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe

FirewallRules: [uDP Query User{D5E0C231-634A-41B0-9F17-6BC4075B0EE1}D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe] => (Allow) D:\games\warcraft iii reign of chaos & the frozen throne\war3.exe

FirewallRules: [{1E647DAA-9165-4CC4-AB67-0D576503296C}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{EFD8A307-64E0-48C3-B5A9-27F5B01AD1C8}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

FirewallRules: [{5C0FAAAE-EB5D-4E80-A6A4-2114E20A0297}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe

FirewallRules: [{90367168-D757-41B3-9DE0-8CC9ABE64471}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{AC2144AA-5A9C-4A62-8791-16F0F13DBA2B}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{D0AE176C-DA37-41E4-9E23-88E5E167AB4C}] => (Allow) C:\Program Files (x86)\THQ\Company of Heroes\RelicCOH.exe

FirewallRules: [{D7BF0D69-0A2B-411B-BF6B-ED8EE7DD6F02}] => (Allow) C:\Program Files (x86)\THQ\Company of Heroes\RelicCOH.exe

FirewallRules: [{F76B8F86-C9C0-4238-BF2E-EC22A81C604B}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{C22F938D-21B7-4E0E-B623-CFE4F0E2C766}] => (Allow) C:\Users\Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{3BD0F4EB-8D73-4E13-8502-A842731F8BEC}] => (Allow) C:\Windows\SysWOW64\rundll32.exe

FirewallRules: [{10A4E3FD-175E-4B9E-BB37-C43FC464F369}] => (Allow) D:\Games\Garena Plus\ggdllhost.exe

FirewallRules: [{36A47DFF-FF75-482A-B374-632473868F7C}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{A2CA2C95-455E-42C7-A9CD-C9D09B5D4120}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{E36A4659-9E0E-4FC0-96A1-024250B55119}] => (Allow) LPort=8370

FirewallRules: [{E99D3851-9FBD-48E2-B06C-14E4FF0625D4}] => (Allow) LPort=8370

FirewallRules: [{19FFA938-D798-4F5F-B9C3-DE5CCEADE42D}] => (Allow) D:\Games\Steam\Steam.exe

FirewallRules: [{855A70D3-7DEA-4C4D-AFAD-B561E1A5CB7C}] => (Allow) D:\Games\Steam\Steam.exe

FirewallRules: [{88990187-78E0-4C50-B34C-AA20E26C5D18}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{0E30A994-5B0A-43CF-94B1-9832641B32DE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{B89C8401-4C71-4128-942C-4DE915794951}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{100F1AFC-9B43-4784-B743-A7D5A85E846E}] => (Allow) C:\Users\Torres\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [{A95F2D7B-01D3-4C47-BC5A-084962FC93DE}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{10AFECB0-24A5-482E-A980-0537FD0DC244}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe

FirewallRules: [{A81DC20D-2C9F-4958-9C9B-0288AB6F19FC}] => (Allow) D:\downloads\LoLInstaller.exe

FirewallRules: [{E37A124F-10D9-49AB-BB0A-D7E750B94D1C}] => (Allow) D:\downloads\LoLInstaller.exe

FirewallRules: [{2248BDD5-8B92-4637-9A80-2D33B812FE3D}] => (Allow) LPort=6933

FirewallRules: [{830FD84C-B0F4-4BCD-A24B-7F16D51ED67E}] => (Allow) LPort=6933

FirewallRules: [{E02EF7AC-F30E-453D-81B5-E064669CBAF1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{3C130A86-5F06-45DE-A11A-B8BDAE3630FC}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{DC5357CC-4106-46E9-BC2B-1C24486743CD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{2A0B1887-33D1-42FA-AA74-CA10C504CD33}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{F5483D5B-CC67-4ECD-B3BC-6D1173D384B8}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe

FirewallRules: [{9C0BB90E-C76E-4D94-B50E-2688C0314559}] => (Allow) LPort=1542

FirewallRules: [{3EDF24DC-0C49-43A2-9D4E-C153EB3F6E32}] => (Allow) LPort=1542

FirewallRules: [{0F7B8058-5B81-4E64-A489-81CC291D2C88}] => (Allow) LPort=53

FirewallRules: [{DD41B869-3C7A-4570-BAB4-91C1696C1CD3}] => (Allow) D:\Games\Steam\SteamApps\common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe

FirewallRules: [{35D3AB0B-C998-4B6A-AE3D-4B467CDBFB38}] => (Allow) D:\Games\Steam\SteamApps\common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe

FirewallRules: [{AA6D60A1-F9F9-4931-90D7-899750DEADF4}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{3DA654B6-0E25-45D5-B765-E7BFEFAC2762}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe

FirewallRules: [{69658059-50A3-41E6-B6B5-79DFDAD5CA7D}] => (Allow) LPort=8370

FirewallRules: [{3AF7518F-B303-49F8-97CD-9C04AB3F68B0}] => (Allow) LPort=8370

FirewallRules: [{36FFEC73-6729-42BB-9DEB-6FD1CD7761B8}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{35AC7E7C-75D4-4471-B63B-784D0C96D61F}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{7DBFC0BD-86B2-4D50-81E5-32BDFE965504}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{AB988F4B-E268-4FC5-81D8-D3DFAB59356C}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{63216052-8C3B-4C6D-A08B-25DC60057CFD}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\lol.exe

FirewallRules: [{4F1C67B7-E5BC-4E8C-9CC6-B01CB1363F9A}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\lol.exe

FirewallRules: [{8390F017-B006-4E05-99E6-AB148C065C92}] => (Allow) LPort=8393

FirewallRules: [{B05C8134-7A41-42D9-927B-C98982CCA70A}] => (Allow) LPort=8393

FirewallRules: [{9117FE6D-E1DF-4E7D-9988-7343EF4E8997}] => (Allow) LPort=8390

FirewallRules: [{2B8B638F-81C8-4C91-A7BC-1A69D78FA578}] => (Allow) LPort=8390

FirewallRules: [{2C966E55-CCEF-4EBE-A979-B173EA1026F1}] => (Allow) LPort=6995

FirewallRules: [{633040B4-7908-4CBD-AF67-2D0FCAB2FD5A}] => (Allow) LPort=6995

FirewallRules: [{25FC00A9-47D6-4C06-8FF7-CC71B156A6E1}] => (Allow) LPort=6883

FirewallRules: [{C4A10C0E-5FC6-47BF-A751-8E1B54B7E070}] => (Allow) LPort=6883

FirewallRules: [{8C2A912B-C546-4AF7-AA10-F32C2B0BD68E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0D52DA2B-2CBC-42B7-A918-4A8A74174284}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1A3CB009-5569-48B5-B512-4F3C91228C24}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{4117F4E3-9D78-4BB9-BD4A-544E2B39761B}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Air\LolClient.exe

FirewallRules: [{0D8996BC-5A66-4C06-B2AE-D29B04796E55}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{A403DEBA-CC8A-4A34-8A95-259FE8F861C7}] => (Allow) D:\Games\LoL\GameData\Apps\LoLPH\Game\League of Legends.exe

FirewallRules: [{86B45705-2EA4-45F8-95C3-96E972362551}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{863229B7-A6FB-4BA2-B463-7519A2FA73D6}] => (Allow) LPort=2869

FirewallRules: [{D9098DD5-095E-493E-97A4-87A849754D21}] => (Allow) LPort=1900

FirewallRules: [{0782C351-9DE4-4DE9-930C-1E1EE2F213A9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe

FirewallRules: [{E5C9D132-7A3D-4208-8C6F-45D1E855033B}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe

FirewallRules: [{6148DE01-D86D-4849-B415-9D454B8A4CA9}] => (Allow) D:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{0115E4B1-18AE-45B0-9F56-32E56D8CAFF7}] => (Allow) D:\Games\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{568237E1-9A66-4651-B7D5-971B1DB9AC69}] => (Allow) C:\Users\Torres\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe

FirewallRules: [{0079DB57-14EA-4552-831F-29DCC56583D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

16-01-2016 20:12:03 Scheduled Checkpoint

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: phion Virtual Adapter (VPN)

Description: phion Virtual Adapter (VPN)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: phion AG

Service: phionvpn

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/18/2016 01:43:27 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: a24

 

Start Time: 01d151b2c524bf39

 

Termination Time: 7

 

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

Report Id: 63c22383-bda6-11e5-8253-902b3483e355

 

Error: (01/18/2016 01:40:38 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 165c

 

Start Time: 01d151b28f8c53c2

 

Termination Time: 4

 

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

Report Id: fcf441f8-bda5-11e5-8253-902b3483e355

 

Error: (01/18/2016 12:51:05 PM) (Source: ESENT) (EventID: 439) (User: )

Description: Windows (3896) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

 

Error: (01/18/2016 12:51:05 PM) (Source: ESENT) (EventID: 490) (User: )

Description: Windows (3896) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (01/18/2016 11:21:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Exception code: 0x40000015

Fault offset: 0x00052d24

Faulting process id: 0xfa0

Faulting application start time: 0xjucheck.exe0

Faulting application path: jucheck.exe1

Faulting module path: jucheck.exe2

Report Id: jucheck.exe3

 

Error: (01/17/2016 10:36:50 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 584

 

Start Time: 01d15133d1c5ae5a

 

Termination Time: 4

 

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

Report Id: bb2fcfe6-bd27-11e5-bfc0-902b3483e355

 

Error: (01/17/2016 04:49:00 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SMΔRTP.exe version 4.103.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 8a4

 

Start Time: 01d150e458049a8e

 

Termination Time: 289

 

Application Path: C:\Program Files (x86)\Smadav\SMΔRTP.exe

 

Report Id: 2446b0e3-bcf7-11e5-8076-902b3483e355

 

Error: (01/16/2016 04:43:12 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)

Description: Product: Adobe Refresh Manager -- Error 1704.An installation for Microsoft Silverlight is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

 

Error: (01/11/2016 01:17:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Exception code: 0x40000015

Fault offset: 0x00052d24

Faulting process id: 0x5d0

Faulting application start time: 0xjucheck.exe0

Faulting application path: jucheck.exe1

Faulting module path: jucheck.exe2

Report Id: jucheck.exe3

 

Error: (01/05/2016 12:11:58 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1

Exception code: 0x40000015

Fault offset: 0x00052d24

Faulting process id: 0x133c

Faulting application start time: 0xjucheck.exe0

Faulting application path: jucheck.exe1

Faulting module path: jucheck.exe2

Report Id: jucheck.exe3

 

 

System errors:

=============

Error: (01/19/2016 08:34:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

Error: (01/18/2016 11:20:00 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/18/2016 11:19:58 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/18/2016 10:48:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (01/18/2016 10:47:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (01/18/2016 10:47:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (01/18/2016 10:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/18/2016 10:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/18/2016 10:47:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (01/18/2016 10:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The EPSON V3 Service4(05) service terminated unexpectedly.  It has done this 1 time(s).

 

 

CodeIntegrity:

===================================

  Date: 2015-10-05 22:39:39.222

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 22:39:39.002

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.725

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.583

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.441

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.298

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:44.131

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:43.984

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:43.833

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-10-05 13:35:43.670

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD A6-3500 APU with Radeon HD Graphics

Percentage of memory in use: 57%

Total physical RAM: 3581.43 MB

Available physical RAM: 1517.06 MB

Total Virtual: 7161 MB

Available Virtual: 5054.71 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.56 GB) (Free:1.52 GB) NTFS

Drive d: () (Fixed) (Total:368.1 GB) (Free:183.95 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 55A45567)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

Done resetting the router, now scanning again using malwarebytes to double check. :) If it was possible for the virus to spread through the router, was/were the mobile phones here compromised? there are quite a lot of us here that are connected to the Wi-fi through mobile phones.

 

Thank God Though I haven't turned on my laptop since knowing about the malware/virus. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top