Jump to content

Pup.Optional.Spigot ugh


Recommended Posts

Hello MB,

 

It's me again, apparently someone installed YTD or youtube downloader in this Family computer - since i'm already really careful whenever I go online or turn on the pc I automatically run a scan on my Free Malwarebytes. Today it detected Pup.optional.spigot which I automatically removed using malwarebytes and a quick restart. I However want to see if there are no more remnants of the supposed Adware. I have already ran Malwarebytes again and don't see it anywhere anymore however I just want to be sure. May I ask of some assistance? 

 

Regards,

Zinedane

Below are the logs from Malwarebytes, the second one is the log after I tried confirming that it was indeed from YTD. 

mblog.txt

mblog2.txt

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

edge.pngChange default download folder location in Edge - Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....


Next,


Please open Malwarebytes Anti-Malware.


  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:


  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:   Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.


  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

Next,

Download AdwCleaner by Xplode onto your Desktop.


  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.



  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.

Let me see those logs in your next reply...

Thank you,

Kevin...

 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/18/2016
Scan Time: 3:16 PM
Logfile: 
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.18.02
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: torres

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295208
Time Elapsed: 10 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

# AdwCleaner v5.102 - Logfile created 18/03/2016 at 18:15:01
# Updated 13/03/2016 by Xplode
# Database : 2016-03-16.1 [Server]
# Operating system : Windows 7 Home Premium  (x86)
# Username : torres - TORRES-PC
# Running from : C:\Users\torres\Downloads\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[x] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [1023 bytes] - [18/03/2016 18:15:01]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [1082 bytes] - [18/03/2016 10:02:39]
C:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [1170 bytes] - [18/03/2016 18:13:34]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [1284 bytes] ##########
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/18/2016
Scan Time: 3:16 PM
Logfile: 
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.18.02
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: torres

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295208
Time Elapsed: 10 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

# AdwCleaner v5.102 - Logfile created 18/03/2016 at 18:15:01
# Updated 13/03/2016 by Xplode
# Database : 2016-03-16.1 [Server]
# Operating system : Windows 7 Home Premium  (x86)
# Username : torres - TORRES-PC
# Running from : C:\Users\torres\Downloads\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[x] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [1023 bytes] - [18/03/2016 18:15:01]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [1082 bytes] - [18/03/2016 10:02:39]
C:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [1170 bytes] - [18/03/2016 18:13:34]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [1284 bytes] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by torres (administrator) on TORRES-PC (18-03-2016 18:21:41)
Running from C:\Users\torres\Desktop
Loaded Profiles: torres (Available Profiles: torres)
Platform: Microsoft Windows 7 Home Premium  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() D:\Games\Garena Plus\ggdllhost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() D:\Games\Garena Plus\ggdllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-07] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-12] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-28] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-22] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-12] (AVAST Software)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [695528 2015-02-01] (Zbshareware Lab)
HKU\S-1-5-21-1780879593-1823368533-3411444469-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [374464 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-1780879593-1823368533-3411444469-1000\...\Run: [Steam] => D:\Games\Steam\steam.exe [3074128 2016-03-11] (Valve Corporation)
HKU\S-1-5-21-1780879593-1823368533-3411444469-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-12] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 122.2.167.6 122.2.166.161 192.168.1.1
Tcpip\..\Interfaces\{12B57C0A-40FA-49AC-82A4-C961ACE7A592}: [DhcpNameServer] 122.2.167.6 122.2.166.161 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1780879593-1823368533-3411444469-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1780879593-1823368533-3411444469-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1780879593-1823368533-3411444469-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1780879593-1823368533-3411444469-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1780879593-1823368533-3411444469-1000 -> {0791553E-F233-4a1f-A4B0-38430FAD2205} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-1780879593-1823368533-3411444469-1000 -> {7627350F-8435-40d2-A352-FE0460380653} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1780879593-1823368533-3411444469-1000 -> {D036D3B8-3B3C-4921-8E43-D29BB262B909} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-1780879593-1823368533-3411444469-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-22] (Adobe Systems Incorporated)
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-12] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-17] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> D:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-03-02] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-12-22] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2016-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2016-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2016-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2016-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2016-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2016-03-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2016-03-06] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12]

Chrome: 
=======
CHR Profile: C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-18]
CHR Extension: (Google Docs) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-18]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-03-18]
CHR Extension: (YouTube) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Google Sheets) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-12]
CHR Extension: (Google Docs Offline) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Avast Online Security) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-12]
CHR Extension: (Gmail) - C:\Users\torres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-12] (AVAST Software)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-06] (Malwarebytes)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-04-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-11] ()
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [187072 2015-04-03] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-12] (AVAST Software)
S3 eapihdrv; C:\Users\torres\AppData\Local\Temp\ehdrv.sys [135760 2016-03-18] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-06] (Malwarebytes Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
R3 gkernel; \??\C:\Users\torres\AppData\Local\Temp\gkernel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 18:21 - 2016-03-18 18:21 - 00014499 _____ C:\Users\torres\Desktop\FRST.txt
2016-03-18 18:20 - 2016-03-18 18:21 - 00000000 ____D C:\FRST
2016-03-18 18:19 - 2016-03-18 18:20 - 01725440 _____ (Farbar) C:\Users\torres\Desktop\FRST.exe
2016-03-18 18:19 - 2016-03-18 18:19 - 01725440 _____ (Farbar) C:\Users\torres\Downloads\Unconfirmed 397005.crdownload
2016-03-18 13:13 - 2016-03-18 13:13 - 02870984 _____ (ESET) C:\Users\torres\Downloads\esetsmartinstaller_enu.exe
2016-03-18 10:02 - 2016-03-18 18:18 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-18 09:46 - 2016-03-18 09:46 - 01527296 _____ C:\Users\torres\Desktop\adwcleaner_5.102.exe
2016-03-18 09:25 - 2016-03-18 09:25 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-18 09:25 - 2016-03-18 09:25 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-18 09:23 - 2016-03-18 17:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-18 09:22 - 2016-03-18 18:16 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-17 08:35 - 2016-03-17 08:35 - 00000000 ____D C:\Users\torres\AppData\Roaming\Wargaming.net
2016-03-17 03:13 - 2016-03-17 03:13 - 00000677 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2016-03-17 03:13 - 2016-03-17 03:13 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-03-17 03:13 - 2016-03-17 03:13 - 00000000 ____D C:\Windows\system32\directx
2016-03-17 03:13 - 2016-03-17 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-03-17 03:09 - 2016-03-17 03:10 - 04155856 _____ (Wargaming.net ) C:\Users\torres\Downloads\WoT_internet_install_asia (1).exe
2016-03-16 11:16 - 2016-03-16 11:17 - 04155856 _____ (Wargaming.net ) C:\Users\torres\Downloads\WoT_internet_install_asia.exe
2016-03-13 14:13 - 2016-03-13 14:13 - 00000000 ____D C:\Users\torres\Documents\League of Legends
2016-03-13 12:25 - 2016-03-13 12:25 - 00000000 ____D C:\Users\torres\AppData\Roaming\Macromedia
2016-03-13 12:25 - 2016-03-13 12:25 - 00000000 ____D C:\Users\torres\AppData\Roaming\LolClient
2016-03-13 12:23 - 2016-03-13 12:23 - 00000693 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-03-12 22:57 - 2016-03-12 22:57 - 00000000 ____D C:\Users\torres\AppData\Local\Garena
2016-03-12 22:57 - 2016-03-12 22:57 - 00000000 ____D C:\GarenaDownload
2016-03-12 22:56 - 2016-03-13 12:24 - 00000000 ____D C:\Users\torres\AppData\Roaming\GarenaPlus
2016-03-12 22:56 - 2016-03-12 22:56 - 00000000 ____D C:\Users\torres\AppData\Roaming\Garena
2016-03-12 22:56 - 2016-03-12 22:56 - 00000000 ____D C:\ProgramData\Garena
2016-03-12 22:55 - 2016-03-13 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2016-03-12 22:55 - 2016-03-12 22:55 - 00000674 _____ C:\Users\Public\Desktop\Garena+.lnk
2016-03-12 22:54 - 2016-03-17 16:25 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-03-12 22:42 - 2016-03-12 22:45 - 77266920 _____ C:\Users\torres\Downloads\Garena+_Install.exe
2016-03-12 22:09 - 2016-03-12 22:09 - 00000000 ____D C:\Users\torres\AppData\Roaming\AMD
2016-03-12 14:16 - 2016-03-13 19:55 - 00000000 ____D C:\Users\torres\Documents\Dwan Files
2016-03-12 14:16 - 2016-03-12 15:07 - 00000000 ____D C:\Users\torres\Documents\Juan Files
2016-03-12 13:46 - 2010-06-02 20:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-03-12 13:46 - 2010-06-02 20:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-03-12 13:46 - 2010-06-02 20:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-03-12 13:46 - 2010-05-27 03:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-03-12 13:46 - 2010-05-27 03:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-03-12 13:46 - 2010-05-27 03:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-03-12 13:46 - 2010-05-27 03:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-03-12 13:46 - 2010-05-27 03:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-03-12 13:46 - 2010-02-05 02:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-03-12 13:46 - 2010-02-05 02:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-03-12 13:46 - 2010-02-05 02:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-03-12 13:46 - 2010-02-05 02:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-03-12 13:46 - 2009-09-05 09:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-03-12 13:46 - 2009-09-05 09:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-03-12 13:46 - 2009-09-05 09:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-03-12 13:46 - 2009-09-05 09:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-03-12 13:46 - 2009-09-05 09:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-03-12 13:46 - 2009-09-05 09:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-03-12 13:46 - 2009-09-05 09:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-03-12 13:46 - 2009-09-05 09:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-03-12 13:46 - 2009-03-17 06:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-03-12 13:46 - 2009-03-17 06:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-03-12 13:46 - 2009-03-17 06:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-03-12 13:46 - 2009-03-10 07:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-03-12 13:46 - 2009-03-10 07:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-03-12 13:46 - 2009-03-10 07:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-03-12 13:46 - 2008-10-28 02:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-03-12 13:46 - 2008-10-28 02:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-03-12 13:46 - 2008-10-28 02:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-03-12 13:46 - 2008-10-28 02:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-03-12 13:46 - 2008-10-15 22:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-03-12 13:46 - 2008-10-15 22:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-03-12 13:46 - 2008-10-15 22:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-03-12 13:46 - 2008-08-01 02:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-03-12 13:46 - 2008-08-01 02:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-03-12 13:46 - 2008-08-01 02:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-03-12 13:46 - 2008-07-11 03:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-03-12 13:46 - 2008-07-11 03:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-03-12 13:46 - 2008-07-11 03:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-03-12 13:46 - 2008-05-31 06:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-03-12 13:46 - 2008-05-31 06:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-03-12 13:46 - 2008-05-31 06:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-03-12 13:46 - 2008-05-31 06:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-03-12 13:46 - 2008-05-31 06:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-03-12 13:46 - 2008-05-31 06:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-03-12 13:46 - 2008-05-31 06:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-03-12 13:46 - 2008-03-06 08:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-03-12 13:46 - 2008-03-06 08:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-03-12 13:46 - 2008-03-06 08:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-03-12 13:46 - 2008-03-06 07:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-03-12 13:46 - 2008-03-06 07:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-03-12 13:46 - 2008-02-06 15:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-03-12 13:46 - 2007-10-22 19:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-03-12 13:46 - 2007-10-22 19:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-03-12 13:46 - 2007-10-13 07:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-03-12 13:46 - 2007-10-13 07:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-03-12 13:46 - 2007-10-03 01:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-03-12 13:46 - 2007-07-20 16:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-03-12 13:46 - 2007-07-20 10:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-03-12 13:46 - 2007-07-20 10:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-03-12 13:46 - 2007-07-20 10:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-03-12 13:46 - 2007-06-21 12:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-03-12 13:46 - 2007-05-17 08:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-03-12 13:46 - 2007-05-17 08:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-03-12 13:46 - 2007-05-17 08:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-03-12 13:46 - 2007-04-05 10:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-03-12 13:46 - 2007-04-05 10:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-03-12 13:46 - 2007-03-16 08:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-03-12 13:46 - 2007-03-13 08:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-03-12 13:46 - 2007-03-13 08:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-03-12 13:46 - 2007-03-06 04:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-03-12 13:46 - 2007-01-25 07:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-03-12 13:46 - 2006-12-09 04:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-03-12 13:46 - 2006-11-30 05:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-03-12 13:46 - 2006-11-30 05:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-03-12 13:46 - 2006-09-29 08:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-03-12 13:46 - 2006-09-29 08:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-03-12 13:46 - 2006-07-29 01:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-03-12 13:46 - 2006-07-29 01:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-03-12 13:46 - 2006-05-31 23:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-03-12 13:46 - 2006-04-01 04:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-03-12 13:46 - 2006-04-01 04:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-03-12 13:46 - 2006-04-01 04:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-03-12 13:46 - 2006-02-04 00:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-03-12 13:46 - 2006-02-04 00:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-03-12 13:46 - 2006-02-04 00:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-03-12 13:46 - 2005-12-06 10:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-03-12 13:46 - 2005-07-23 11:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-03-12 13:46 - 2005-05-27 07:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-03-12 13:46 - 2005-03-19 09:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-03-12 13:46 - 2005-02-06 11:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-03-12 06:08 - 2016-03-12 06:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-03-12 05:59 - 2016-03-12 05:59 - 00001032 _____ C:\Users\Public\Desktop\USB Disk Security.lnk
2016-03-12 05:59 - 2016-03-12 05:59 - 00000000 ____D C:\Users\torres\AppData\Roaming\Zbshareware Lab
2016-03-12 05:58 - 2016-03-12 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2016-03-12 05:58 - 2016-03-12 05:58 - 04027752 _____ (Zbshareware Lab ) C:\Users\torres\Downloads\USBGuard6.5.0.0.exe
2016-03-12 05:58 - 2016-03-12 05:58 - 00000000 ____D C:\Program Files\USB Disk Security
2016-03-12 05:57 - 2016-03-12 05:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-03-12 04:48 - 2016-03-12 04:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-03-12 04:48 - 2016-03-12 04:48 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-12 04:47 - 2016-03-14 19:52 - 00000000 ____D C:\ProgramData\EPSON
2016-03-12 04:47 - 2011-04-19 19:03 - 00095232 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TLBI2E.DLL
2016-03-12 04:47 - 2011-03-14 19:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BI2E.DLL
2016-03-12 04:47 - 2007-04-10 17:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2016-03-12 04:46 - 2016-03-12 04:47 - 21413440 _____ C:\Users\torres\Downloads\L210_x86_153UsHomeExportAsiaML_MP.exe
2016-03-12 02:49 - 2016-03-12 02:49 - 00000000 ____D C:\Users\torres\AppData\Local\Steam
2016-03-12 02:49 - 2016-03-12 02:49 - 00000000 ____D C:\Users\torres\AppData\Local\CEF
2016-03-12 02:45 - 2016-03-12 02:45 - 00000000 ____D C:\Windows\pss
2016-03-12 02:42 - 2016-03-12 02:52 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-03-12 02:42 - 2016-03-12 02:42 - 00000606 _____ C:\Users\Public\Desktop\Steam.lnk
2016-03-12 02:42 - 2016-03-12 02:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-12 02:41 - 2016-03-12 02:42 - 01380712 _____ C:\Users\torres\Downloads\SteamSetup.exe
2016-03-12 02:38 - 2016-03-12 02:38 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys Connect.lnk
2016-03-12 02:38 - 2016-03-12 02:38 - 00000000 ____D C:\Program Files\Linksys
2016-03-12 02:32 - 2016-03-12 02:32 - 00000000 ____D C:\ProgramData\Linksys
2016-03-12 02:29 - 2016-03-12 02:30 - 23498976 _____ ($%VERSIONCOMPANYNAME%) C:\Users\torres\Downloads\LinksysConnect.E900.1.5.15287.0 (1).exe
2016-03-12 02:16 - 2016-03-12 02:19 - 23498976 _____ ($%VERSIONCOMPANYNAME%) C:\Users\torres\Downloads\LinksysConnect.E900.1.5.15287.0.exe
2016-03-12 02:10 - 2016-03-12 02:10 - 00000000 ____D C:\Users\torres\AppData\Roaming\ATI
2016-03-12 02:10 - 2016-03-12 02:10 - 00000000 ____D C:\Users\torres\AppData\Local\ATI
2016-03-12 02:10 - 2016-03-12 02:10 - 00000000 ____D C:\Users\torres\AppData\Local\AMD
2016-03-12 02:10 - 2016-03-12 02:10 - 00000000 ____D C:\ProgramData\ATI
2016-03-12 02:09 - 2016-03-12 02:09 - 00000000 ____D C:\Users\torres\AppData\Local\AppEx Networks
2016-03-12 02:08 - 2016-03-12 02:08 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-03-12 01:52 - 2016-03-12 01:55 - 00000000 ____D C:\Program Files\Raptr Inc
2016-03-12 01:52 - 2016-03-12 01:52 - 00000000 ____D C:\Users\torres\AppData\Roaming\library_dir
2016-03-12 01:49 - 2016-03-12 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2016-03-12 01:49 - 2016-03-12 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-03-12 01:49 - 2016-03-12 01:49 - 00000000 ____D C:\Program Files\AMD Quick Stream
2016-03-12 01:49 - 2015-04-03 17:14 - 00187072 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2016-03-12 01:48 - 2016-03-12 01:48 - 00000000 ____D C:\ProgramData\AMD
2016-03-12 01:47 - 2016-03-18 09:25 - 00000000 ____D C:\Program Files\Google
2016-03-12 01:47 - 2016-03-12 01:42 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-12 01:46 - 2016-03-18 15:16 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 01:46 - 2016-03-12 01:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-03-12 01:45 - 2016-03-12 01:45 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-12 01:45 - 2016-03-12 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-12 01:45 - 2016-03-12 01:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 01:45 - 2016-03-12 01:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-12 01:45 - 2015-10-06 01:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 01:45 - 2015-10-06 01:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 01:45 - 2015-10-06 01:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 01:44 - 2009-11-26 03:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-03-12 01:44 - 2009-11-26 03:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2016-03-12 01:44 - 2009-11-26 03:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2016-03-12 01:44 - 2009-11-26 03:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2016-03-12 01:44 - 2009-11-26 03:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2016-03-12 01:43 - 2016-03-12 01:45 - 22908888 _____ (Malwarebytes ) C:\Users\torres\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 01:43 - 2016-03-12 01:43 - 00002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-12 01:43 - 2016-03-12 01:43 - 00000000 ____D C:\Users\torres\AppData\Roaming\AVAST Software
2016-03-12 01:43 - 2016-03-12 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-12 01:42 - 2016-03-12 01:49 - 00000000 ____D C:\Program Files\AMD
2016-03-12 01:42 - 2016-03-12 01:43 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-03-12 01:42 - 2016-03-12 01:43 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-03-12 01:42 - 2016-03-12 01:42 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-12 01:42 - 2016-03-12 01:42 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-12 01:42 - 2016-03-12 01:42 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-12 01:42 - 2016-03-12 01:42 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-12 01:42 - 2016-03-12 01:42 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-12 01:42 - 2016-03-12 01:42 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-12 01:42 - 2016-03-12 01:42 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-12 01:42 - 2016-03-12 01:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-12 01:42 - 2016-03-12 01:42 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-12 01:41 - 2016-03-12 01:41 - 00000000 ____D C:\AMD
2016-03-12 01:39 - 2015-12-03 05:25 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-03-12 01:36 - 2016-03-12 01:36 - 00113912 _____ C:\Users\torres\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-12 01:36 - 2016-03-12 01:36 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-12 01:36 - 2016-03-12 01:36 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-12 01:35 - 2016-03-12 01:36 - 05207096 _____ (AVAST Software) C:\Users\torres\Downloads\avast_free_antivirus_setup_online.exe
2016-03-12 01:29 - 2016-03-12 01:41 - 226499872 _____ (AMD Inc.) C:\Users\torres\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-32bit.exe
2016-03-12 01:27 - 2016-03-12 01:27 - 00000000 __RSH C:\MSDOS.SYS
2016-03-12 01:27 - 2016-03-12 01:27 - 00000000 __RSH C:\IO.SYS
2016-03-12 01:26 - 2016-03-12 01:26 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\torres\Downloads\autodetectutility.exe
2016-03-06 03:16 - 2016-03-06 03:16 - 00000000 ____D C:\Users\torres\AppData\Roaming\CyberLink
2016-03-06 03:15 - 2016-03-06 03:15 - 00003021 _____ C:\Users\torres\Desktop\Word 2010.lnk
2016-03-06 03:15 - 2016-03-06 03:15 - 00002951 _____ C:\Users\torres\Desktop\Excel 2010.lnk
2016-03-06 03:15 - 2016-03-06 03:15 - 00002937 _____ C:\Users\torres\Desktop\PowerPoint 2010.lnk
2016-03-06 03:12 - 2016-03-06 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-03-06 03:12 - 2016-03-06 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-06 03:11 - 2016-03-06 03:11 - 00000000 ____D C:\Windows\PCHEALTH
2016-03-06 03:11 - 2016-03-06 03:11 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2016-03-06 03:11 - 2016-03-06 03:11 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2016-03-06 03:11 - 2016-03-06 03:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-03-06 03:11 - 2016-03-06 03:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-03-06 03:10 - 2016-03-06 03:10 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2016-03-06 03:10 - 2016-03-06 03:10 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-03-06 03:09 - 2016-03-06 03:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-06 03:09 - 2016-03-06 03:09 - 00000000 __RHD C:\MSOCache
2016-03-06 03:09 - 2016-03-06 03:09 - 00000000 ____D C:\Users\torres\AppData\Local\Microsoft Help
2016-03-06 03:07 - 2011-05-08 00:48 - 00589680 _____ (Google Inc.) C:\Users\torres\Downloads\ChromeSetup.exe
2016-03-06 03:06 - 2016-03-06 03:06 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-06 03:06 - 2016-03-06 03:06 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\Users\torres\AppData\LocalLow\Apple Computer
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\Users\torres\AppData\Local\Apple
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\ProgramData\SmartSound Software Inc
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\ProgramData\Apple
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\Program Files\SmartSound Software
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\Program Files\QuickTime
2016-03-06 03:06 - 2016-03-06 03:06 - 00000000 ____D C:\Program Files\Apple Software Update
2016-03-06 03:05 - 2016-03-06 03:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
2016-03-06 03:04 - 2016-03-13 12:25 - 00000000 ____D C:\Users\torres\AppData\Roaming\Adobe
2016-03-06 03:04 - 2016-03-12 14:15 - 00000000 ____D C:\Users\torres\AppData\Local\Adobe
2016-03-06 03:01 - 2016-03-18 09:38 - 00000000 ____D C:\Users\torres\AppData\Local\Google
2016-03-06 03:01 - 2016-03-06 03:01 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-06 03:01 - 2016-03-06 03:01 - 00000000 ____D C:\Users\torres\AppData\Roaming\vlc
2016-03-06 03:01 - 2016-03-06 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-06 03:01 - 2016-03-06 03:01 - 00000000 ____D C:\Program Files\VideoLAN
2016-03-05 20:36 - 2016-03-05 20:36 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-05 20:35 - 2016-03-12 14:14 - 00000000 ____D C:\ProgramData\Adobe
2016-03-05 20:35 - 2016-03-05 20:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2016-03-05 20:35 - 2016-03-05 20:35 - 00001984 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2016-03-05 20:35 - 2016-03-05 20:35 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-05 20:35 - 2016-03-05 20:35 - 00000000 ____D C:\Program Files\Adobe
2016-03-05 20:31 - 2016-03-05 20:31 - 00000000 ____D C:\ProgramData\install_clap
2016-03-05 20:30 - 2016-03-05 20:30 - 00505128 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2016-03-05 20:30 - 2016-03-05 20:30 - 00353576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2016-03-05 20:30 - 2016-03-05 20:30 - 00029480 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2016-03-05 20:29 - 2016-03-05 20:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2016-03-05 20:29 - 2016-03-05 20:29 - 00000000 ____D C:\Users\torres\AppData\Local\Cyberlink
2016-03-05 20:28 - 2016-03-06 03:05 - 00000000 ____D C:\Program Files\CyberLink
2016-03-05 20:27 - 2016-03-06 03:04 - 00000000 ____D C:\ProgramData\Temp
2016-03-05 20:26 - 2016-03-12 02:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-05 20:26 - 2016-03-05 20:29 - 00000000 ____D C:\ProgramData\CyberLink
2016-03-05 20:26 - 2016-03-05 20:26 - 00000000 ____D C:\Users\torres\AppData\Local\Mozilla
2016-03-05 20:26 - 2016-03-05 20:26 - 00000000 _____ C:\Windows\nsreg.dat
2016-03-05 20:20 - 2016-03-05 20:20 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-03-05 20:20 - 2016-03-05 20:20 - 00002205 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-03-05 20:20 - 2016-03-05 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-03-05 20:18 - 2016-03-05 20:20 - 00000000 ____D C:\ProgramData\WinZip
2016-03-05 20:18 - 2016-03-05 20:18 - 00000000 ____D C:\Users\torres\AppData\Local\WinZip
2016-03-05 20:18 - 2016-03-05 20:18 - 00000000 ____D C:\Program Files\WinZip
2016-03-05 20:16 - 2016-03-05 20:16 - 00000000 ____D C:\Program Files\GIGABYTE
2016-03-05 20:16 - 2011-01-11 10:16 - 00018544 _____ C:\Windows\system32\Drivers\AppleCharger.sys
2016-03-05 20:16 - 2010-04-07 08:30 - 00031272 _____ C:\Windows\system32\AppleChargerSrv.exe
2016-03-05 20:15 - 2016-03-18 18:21 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-05 20:14 - 2016-03-06 03:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-05 20:14 - 2016-03-05 20:14 - 00000000 ____D C:\Program Files\Realtek
2016-03-05 20:14 - 2011-05-16 22:55 - 00391272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2016-03-05 20:14 - 2011-05-16 22:55 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2016-03-05 20:14 - 2011-05-16 22:55 - 00080416 _____ C:\Windows\system32\RtNicProp32.dll
2016-03-05 20:13 - 2016-03-12 22:17 - 00000000 ____D C:\Users\torres\AppData\Roaming\Splashtop
2016-03-05 20:13 - 2016-03-05 20:13 - 00000000 ___HD C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2016-03-05 20:12 - 2016-03-05 20:12 - 00000010 _____ C:\Windows\GSetup.ini
2016-03-05 20:06 - 2016-03-05 20:06 - 00001417 _____ C:\Users\torres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-05 20:06 - 2016-03-05 20:06 - 00000020 ___SH C:\Users\torres\ntuser.ini
2016-03-05 20:06 - 2016-03-05 20:06 - 00000000 _SHDL C:\Users\torres\My Documents
2016-03-05 20:06 - 2016-03-05 20:06 - 00000000 _SHDL C:\Users\torres\Documents\My Videos
2016-03-05 20:06 - 2016-03-05 20:06 - 00000000 _SHDL C:\Users\torres\Documents\My Pictures
2016-03-05 20:06 - 2016-03-05 20:06 - 00000000 _SHDL C:\Users\torres\Documents\My Music
2016-03-05 20:06 - 2016-03-05 20:06 - 00000000 ____D C:\Users\torres\AppData\Local\VirtualStore
2016-03-05 20:06 - 2016-03-05 20:06 - 00000000 ____D C:\Users\torres
2016-03-05 20:06 - 2009-07-14 15:48 - 00000000 ____D C:\Users\torres\AppData\Roaming\Media Center Programs
2016-03-05 19:57 - 2016-03-05 19:57 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-03-05 19:57 - 2016-03-05 19:57 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-03-05 19:54 - 2016-03-05 20:06 - 00000000 ____D C:\Windows\Panther
2016-03-05 19:49 - 2016-03-05 19:49 - 00000000 ____D C:\Windows.old

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 18:21 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2016-03-18 18:16 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-18 16:02 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-18 10:09 - 2009-07-14 12:34 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-18 10:09 - 2009-07-14 12:34 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-18 09:00 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\SchCache
2016-03-12 02:35 - 2009-07-14 10:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-12 01:22 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-12 01:16 - 2009-07-14 12:33 - 00417648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-06 03:11 - 2009-07-14 15:48 - 00000000 ____D C:\Windows\ShellNew
2016-03-06 03:11 - 2009-07-14 12:52 - 00000000 ____D C:\Program Files\MSBuild
2016-03-06 03:11 - 2009-07-14 10:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-06 03:10 - 2009-07-14 10:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-06 03:10 - 2009-07-14 10:04 - 00000478 _____ C:\Windows\win.ini
2016-03-05 20:06 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\rescache
2016-03-05 19:57 - 2009-07-14 12:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-05 19:57 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\sysprep
2016-03-05 19:53 - 2009-07-14 12:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template

Some files in TEMP:
====================
C:\Users\torres\AppData\Local\Temp\amd-catalyst-15.7.1-with-dotnet45-win7-32bit.exe
C:\Users\torres\AppData\Local\Temp\PH_160310to160311.exe
C:\Users\torres\AppData\Local\Temp\PH_160311to160314.exe
C:\Users\torres\AppData\Local\Temp\playstv_patch.exe
C:\Users\torres\AppData\Local\Temp\raptrpatch.exe
C:\Users\torres\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-12 03:13

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Just now, kevinf80 said:

Those logs are clean, no obvious malware or infection. Do you have any specific issues with your system?

 

Pheeeew, not really just an error that I received when I opened chrome earlier. "Application was unable to start correctly" which might have been from my Web of Trust Extension. :) just wanted to make sure. Thanks a lot kevin! :) as usual :D

Link to post
Share on other sites

2 minutes ago, kevinf80 said:

Yes remove Spigot, its a browser hijacker and can cause big problems for you with ad problems and redirects in your browsers....

Done, thanks kevin! :) i don't understand though why on the first scan I found 2 and on the second scan when I verified it was from ytd installer mb only found one. must've been coincidence right? 

Link to post
Share on other sites

Not really sure why that should happen... As long as the entries are deleted and no longer found is good news... Is your system ok now?

If all ok run the following to clean up and remove FRST and subesquent folders...

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif

 

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.