Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Keylogger?


  • Please log in to reply
8 replies to this topic

#1 Seveneightnine

Seveneightnine

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 28 April 2015 - 10:55 PM

Hello, I'm not too famiiar with all the processes. I may or may not have a keylogger of some sort. I'm to knowledgeable with malware or viruses, so hopefully someone can help me out.

I also seem to have some missing files and that may be the problem to some of my internet/itunes/vlc sound not working, if possible help would be appreciated. Thank you.

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:46:13 PM, on 28/04/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)

FIREFOX: 37.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Users\Victor Barrera\AppData\Local\Akamai\netsession_win.exe
C:\Users\Victor Barrera\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Victor Barrera\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Users\Victor Barrera\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Victor Barrera\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Victor Barrera\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - AppInit_DLLs:   
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14376 bytes
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 02 May 2015 - 07:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

p.s.

HijackThis is not ready for Windows 7 and above.
I suggest you remove it using the Add/Remove Programs applet.
From now on use the Farbar Recovery Scan Tool..

#3 Seveneightnine

Seveneightnine
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 02 May 2015 - 07:25 PM

Hello, thank you for the response. I did everything you told me to, but I don't know how to check if my computer has been relived of the problem I believed existed. But indeed, the programs deleted man malicious items.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/05/2015
Scan Time: 4:42:06 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.02.04
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Victor Barrera

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 438824
Time Elapsed: 18 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.FilesFrog.A, C:\Users\Victor Barrera\AppData\Local\FilesFrog Update Checker\update_checker.exe, 3576, Delete-on-Reboot, [fae20f7f92f881b5415762364db606fa]

Modules: 0
(No malicious items detected)

Registry Keys: 31
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [efed9df1afdbca6c77f1153ac83bc13f],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [efed9df1afdbca6c77f1153ac83bc13f],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [efed9df1afdbca6c77f1153ac83bc13f],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [efed9df1afdbca6c77f1153ac83bc13f],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [efed9df1afdbca6c77f1153ac83bc13f],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [efed9df1afdbca6c77f1153ac83bc13f],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [6b71ddb19feb0f2754551f2b42c1847c],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [6b71ddb19feb0f2754551f2b42c1847c],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [a03c7717850579bd1397bf8b11f23fc1],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [a03c7717850579bd1397bf8b11f23fc1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [a03c7717850579bd1397bf8b11f23fc1],
PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\WOW6432NODE\Freeze.com, Quarantined, [12ca1c728802d75f0a3907d730d32cd4],
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, Quarantined, [4696622cf59521154e60df2afe06b44c],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, Quarantined, [6a724846751581b536b28f3bf90ac33d],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [25b7305e6d1db482af55e769e81da25e],
PUP.Optional.WhiteSmoke.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WhiteSmoke_US Toolbar, Quarantined, [7f5dc5c977131521f5c850a03fc43fc1],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [0ecec1cdcdbd023403aa70f13bca8e72],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\1ClickDownload, Quarantined, [36a62e608bff47eff8de82ae679e3bc5],
PUP.Optional.Somoto.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\Somoto, Quarantined, [2daf7e10632713235d1bcf1c62a1d32d],
PUP.Optional.SProtector.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\APPDATALOW\SProtector, Quarantined, [706c4846bbcf25110feec170f411b947],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [6b71434be7a3122403e4568b29da8d73],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6478177732584aec2d6dc0831aeb7a86],
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\BI, Quarantined, [6a72bdd11d6d0531b23f6dc712f3936d],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\CONDUIT\FF, Quarantined, [10ccbdd14a4070c69f51da5a44c1d62a],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [6379f49a3d4da1952cc57953838041bf],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, Quarantined, [6f6d2b63305a2c0a08e182481de6fc04],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [37a5eba30585a096d6e9aa6f3dc7d729],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\INSTALLCORE, Quarantined, [6c70820cc4c6ae8897f279b630d5b947],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [5686335bf3978bab8a0245f8cd38c937],
PUP.Optional.Somoto.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\SOMOTO\SDP, Quarantined, [4597147aeb9f0d299d8a73c14abb8c74],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [77652965eaa026105f2d7ebf53b2e11f],

Registry Values: 25
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{687578b9-7132-4a7a-80e4-30ee31099e03}, Quarantined, [19c396f8eaa0ab8b676581cbba4923dd],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{687578B9-7132-4A7A-80E4-30EE31099E03}, Quarantined, [19c396f8eaa0ab8b676581cbba4923dd],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{687578B9-7132-4A7A-80E4-30EE31099E03}, Quarantined, [19c396f8eaa0ab8b676581cbba4923dd],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, Quarantined, [b12b0b83addd94a2d7e4ce7fe61d2ad6],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, Quarantined, [b12b0b83addd94a2d7e4ce7fe61d2ad6],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, Quarantined, [b12b0b83addd94a2d7e4ce7fe61d2ad6],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{687578b9-7132-4a7a-80e4-30ee31099e03}, Quarantined, [ad2f87072565181ec705ea621de61ee2],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, Quarantined, [5983a4eaed9d4aec5962a6a7a162857b],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\Victor Barrera\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, Quarantined, [6a724846751581b536b28f3bf90ac33d]
PUP.Optional.MySearchDial.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarantined, [fddfbbd3f1997abcd8e917b3e81bf30d]
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, Quarantined, [6a72bdd11d6d0531b23f6dc712f3936d]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, Quarantined, [6379f49a3d4da1952cc57953838041bf]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\Victor Barrera\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, Quarantined, [6f6d2b63305a2c0a08e182481de6fc04]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [6c70820cc4c6ae8897f279b630d5b947]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP651FA342-4F42-4221-A08C-8DB32FA3868F&q={searchTerms}, Quarantined, [d20a85092961e84e1c86319c18eb14ec]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [b428454956341521d4ce14b9e51e9f61]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C53379C5-22F8-473B-8C1E-F0347C3A6E1A}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN22402646922586116&UM=2, Quarantined, [cd0ffe90e3a700369b07824b55aea858]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C53379C5-22F8-473B-8C1E-F0347C3A6E1A}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [22ba3a54424882b4495910bdb94a19e7]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C53379C5-22F8-473B-8C1E-F0347C3A6E1A}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [d705eea08a00b581c3df0ebf90733dc3]
PUP.Optional.Somoto.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\SOMOTO\SDP|affid, network_smb_hugefiles2, Quarantined, [4597147aeb9f0d299d8a73c14abb8c74]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP651FA342-4F42-4221-A08C-8DB32FA3868F&q={searchTerms}, Quarantined, [6e6e0b83afdb45f1b4ee8a43689b38c8]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [a735a9e5b5d53ef80e9421ac8e7505fb]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C53379C5-22F8-473B-8C1E-F0347C3A6E1A}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN22402646922586116&UM=2, Quarantined, [7666dfafacdec274455dd2fbdd262dd3]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C53379C5-22F8-473B-8C1E-F0347C3A6E1A}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [c11b8c02ed9d93a36e346865758edc24]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1015\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C53379C5-22F8-473B-8C1E-F0347C3A6E1A}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [b7258c026525d165059d3a934fb4dc24]

Registry Data: 3
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=),Replaced,[706c96f82b5f57df3d9ba96681851ee2]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=),Replaced,[14c80e80b0da5cdac117cf402dd9ac54]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=ir_14_18_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CtDzztCtD0FyB0DtCtCtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtD0C0FyDtBtDtCtGyE0C0CtBtGyC0ByDyDtG0F0ByD0EtGtCtA0BzztCzy0FyB0ByByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0BtB0FyBtB0DtGtD0A0C0DtG0Azz0E0BtGzyzzyE0EtGyE0C0D0F0E0C0DtAtDtByEtB2Q&cr=508455614&ir=),Replaced,[657707872e5c46f0993e7b94c6407090]

Folders: 26
PUP.Optional.ConduitTB.Gen, C:\Users\Victor Barrera\AppData\Local\CRE, Quarantined, [419b27678bff2115885fb911e41ff808],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\icons, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango-ui, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\minibar, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\icons, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\plugins, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.OpenCandy, C:\Users\Victor Barrera\AppData\Roaming\OpenCandy, Quarantined, [ecf0cec06129c96d450a83154bb8a25e],
PUP.Optional.OpenCandy, C:\Users\Victor Barrera\AppData\Roaming\OpenCandy\32092603F83D4F02856AFD0A4B342FEC, Quarantined, [ecf0cec06129c96d450a83154bb8a25e],
PUP.Optional.FilesFrog.A, C:\Users\Victor Barrera\AppData\Local\FilesFrog Update Checker, Delete-on-Reboot, [fae20f7f92f881b5415762364db606fa],
PUP.Optional.FilesFrog.A, C:\Users\Victor Barrera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker, Quarantined, [e0fc9ef0305a66d04851aeea6a99b44c],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [fddf0c82345683b308c1b5e3937041bf],
PUP.Optional.NextLive.A, C:\Users\Victor Barrera\AppData\Roaming\newnext.me, Quarantined, [48942a645d2d1b1b913ef5a4ae55d030],
PUP.Optional.NextLive.A, C:\Users\Victor Barrera\AppData\Roaming\newnext.me\cache, Quarantined, [48942a645d2d1b1b913ef5a4ae55d030],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, Quarantined, [9a42d2bc8a00b0861cfea1281ce7966a],

Files: 116
PUP.Optional.MultiPlug.A, C:\ProgramData\Barowssei2savE\514385f2239e2.dll, Quarantined, [8f4d3559bcce53e3e82f4beebd444cb4],
PUP.Optional.MultiPlug.A, C:\ProgramData\Seaerch-NewTTaab\51476e33ab3dd.dll, Quarantined, [7864c0ce44460333d4434fea01001ae6],
PUP.Optional.CrossRider.A, C:\Users\Victor Barrera\AppData\Roaming\RHEng\462C440FAF044EBB8CDDA1E74D5883BC\setup.exe, Quarantined, [805c523ce0aa8aace764db160ff225db],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\Minibar.dll, Quarantined, [08d4a5e91476c0765521a97be818c13f],
PUP.Optional.Somoto, C:\Users\Victor Barrera\AppData\Local\FilesFrog Update Checker\uninstall.exe, Quarantined, [01dbfb9336540135053f0524b7494eb2],
PUP.Optional.OpenCandy, C:\Users\Victor Barrera\AppData\Local\Flvto Youtube Downloader\FlvtoConverterSetupV0.5.9.exe, Quarantined, [7963a3eb1179b581b96480b76f97fc04],
PUP.Optional.NextLive.A, C:\Users\Victor Barrera\AppData\Local\genienext\nengine.dll, Quarantined, [6f6d4d413f4b3402176e147261a055ab],
PUP.Optional.ConduitTB.Gen, C:\Users\Victor Barrera\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, Quarantined, [419b27678bff2115885fb911e41ff808],
PUP.Optional.Somoto.A, C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart, Quarantined, [21bb008e3b4fe353ffe101e0867de917],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\minibar.crx, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome.json, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome.pem, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome_installer.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox_installer.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\minibar.xpi, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\background.html, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\cached_http_request.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\extension_info.json, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\main.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\manifest.json, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\MinibarPlugin.dll, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\popup.html, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\popup.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\tab.html, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\tab.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\icons\icon128.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\icons\icon19.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\icons\icon32.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\icons\icon48.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_kango.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_menu.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_messaging.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_pageutils.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_popup.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_toolbar.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_toolbar_customfixes.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\includes\content_userscript.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\browser.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\console.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\event_listener.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\initialize.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\io.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\jsonstorage.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\kango.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\lang.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\messaging.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\userscript_engine.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango\xhr.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango-ui\button.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango-ui\toolbar.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\kango-ui\ui.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\minibar\actions.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\minibar\cachedxhr.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\minibar\config.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\minibar\macros.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\chrome\minibar\minibar.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome.manifest, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\install.rdf, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\content.xul, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\extension_info.json, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\main.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\console.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\io.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar_stub.html, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.MiniBar.A, C:\Users\Victor Barrera\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll, Quarantined, [defe612d1377f83ebd0feb47cc39f50b],
PUP.Optional.OpenCandy, C:\Users\Victor Barrera\AppData\Roaming\OpenCandy\32092603F83D4F02856AFD0A4B342FEC\ds-cadriverscanner.exe, Quarantined, [ecf0cec06129c96d450a83154bb8a25e],
PUP.Optional.FilesFrog.A, C:\Users\Victor Barrera\AppData\Local\FilesFrog Update Checker\update_checker.exe, Delete-on-Reboot, [fae20f7f92f881b5415762364db606fa],
PUP.Optional.FilesFrog.A, C:\Users\Victor Barrera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk, Quarantined, [e0fc9ef0305a66d04851aeea6a99b44c],
PUP.Optional.FilesFrog.A, C:\Users\Victor Barrera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk, Quarantined, [e0fc9ef0305a66d04851aeea6a99b44c],
PUP.Optional.NextLive.A, C:\Users\Victor Barrera\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [48942a645d2d1b1b913ef5a4ae55d030],
PUP.Optional.NextLive.A, C:\Users\Victor Barrera\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [48942a645d2d1b1b913ef5a4ae55d030],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe, Quarantined, [9a42d2bc8a00b0861cfea1281ce7966a],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

# AdwCleaner v4.203 - Logfile created 02/05/2015 at 18:58:38
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Victor Barrera - VICTORBARRERA
# Running from : C:\Users\Victor Barrera\Downloads\adwcleaner_4.203.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Victor Barrera\daemonprocess.txt
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Minibar
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\WebSearch
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\Users\Victor Barrera\AppData\Local\Conduit
Folder Found : C:\Users\Victor Barrera\AppData\Local\cool_mirage
Folder Found : C:\Users\Victor Barrera\AppData\Local\genienext
Folder Found : C:\Users\Victor Barrera\AppData\Local\globalUpdate
Folder Found : C:\Users\Victor Barrera\AppData\Local\Hola
Folder Found : C:\Users\Victor Barrera\AppData\Local\Mobogenie
Folder Found : C:\Users\Victor Barrera\AppData\Local\webplayer
Folder Found : C:\Users\Victor Barrera\AppData\LocalLow\Conduit
Folder Found : C:\Users\Victor Barrera\AppData\Roaming\ARecEngine
Folder Found : C:\Users\Victor Barrera\AppData\Roaming\NCdownloader
Folder Found : C:\Users\Victor Barrera\AppData\Roaming\RHEng

***** [ Scheduled tasks ] *****

Task Found : SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [4624 bytes] - [02/05/2015 18:58:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4683 bytes] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Victor Barrera (administrator) on VICTORBARRERA on 02-05-2015 19:13:11
Running from C:\Users\Victor Barrera\Downloads
Loaded Profiles: Victor Barrera (Available profiles: Victor Barrera & Admin!)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Victor Barrera\AppData\Roaming\uTorrent\uTorrent.exe
(Akamai Technologies, Inc.) C:\Users\Victor Barrera\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Akamai Technologies, Inc.) C:\Users\Victor Barrera\AppData\Local\Akamai\netsession_win.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442200 2013-10-17] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-24] (Raptr, Inc)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\Run: [uTorrent] => C:\Users\Victor Barrera\AppData\Roaming\uTorrent\uTorrent.exe [1699920 2015-04-28] (BitTorrent Inc.)
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Victor Barrera\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\Run: [OneDrive] => C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-11] (Microsoft Corporation)
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\RunOnce: [Uninstall C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\RunOnce: [Uninstall C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\MountPoints2: {5d0952ed-cf0c-11e3-aadd-50e549c0810f} - I:\setup.exe
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\MountPoints2: {c1cb5771-b3b5-11e3-9f0d-50e549c0810f} - H:\setup.exe
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\MountPoints2: {c941398d-c5bc-11e3-8a06-50e549c0810f} - G:\setup.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-04-22] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Victor Barrera\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
SearchScopes: HKLM-x32 -> {66FC3211-621B-406D-BFB1-77F4CF99073C} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3490991343-3100775492-2672019291-1001 -> {25B777FD-F4DD-4705-A029-DECCF8799404} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3490991343-3100775492-2672019291-1001 -> {66FC3211-621B-406D-BFB1-77F4CF99073C} URL = http://search.privitize.com/?aff=7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3490991343-3100775492-2672019291-1001 -> {C53379C5-22F8-473B-8C1E-F0347C3A6E1A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2013-12-05] (Wondershare Software Co., Ltd.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Victor Barrera\AppData\Roaming\Mozilla\Firefox\Profiles\9hh3rqxd.default-1415506899023
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: Google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-12-29] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Victor Barrera\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3490991343-3100775492-2672019291-1001: @hola.org/vlc,version=1.6.732 -> C:\Users\Victor Barrera\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-3490991343-3100775492-2672019291-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Victor Barrera\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-12-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Extension: Hola Better Internet - C:\Users\Victor Barrera\AppData\Roaming\Mozilla\Firefox\Profiles\9hh3rqxd.default-1415506899023\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-04-23]
FF Extension: Adblock Plus - C:\Users\Victor Barrera\AppData\Roaming\Mozilla\Firefox\Profiles\9hh3rqxd.default-1415506899023\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-23]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-17]
FF HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF HKU\S-1-5-21-3490991343-3100775492-2672019291-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [753880 2014-02-12] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-11-21] (Razer, Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-03-24] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-01-20] (The OpenVPN Project)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-11-21] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-10-13] (Razer Inc)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-11-21] (Razer, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 ALSysIO; \??\C:\Users\VICTOR~1\AppData\Local\Temp\ALSysIO64.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 19:13 - 2015-05-02 19:16 - 00024488 _____ () C:\Users\Victor Barrera\Downloads\FRST.txt
2015-05-02 19:12 - 2015-05-02 19:13 - 00000000 ____D () C:\FRST
2015-05-02 19:12 - 2015-05-02 19:12 - 02101248 _____ (Farbar) C:\Users\Victor Barrera\Downloads\FRST64.exe
2015-05-02 19:02 - 2015-05-02 19:02 - 00004798 _____ () C:\Users\Victor Barrera\Desktop\AdwCleaner[R0].txt
2015-05-02 18:57 - 2015-05-02 19:03 - 00000000 ____D () C:\AdwCleaner
2015-05-02 18:56 - 2015-05-02 18:56 - 02204160 _____ () C:\Users\Victor Barrera\Downloads\adwcleaner_4.203.exe
2015-05-02 18:51 - 2015-05-02 18:51 - 00000000 ___HD () C:\OneDriveTemp
2015-05-02 16:40 - 2015-05-02 19:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 16:40 - 2015-05-02 16:40 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-02 16:40 - 2015-05-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-02 16:40 - 2015-05-02 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 16:40 - 2015-05-02 16:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-02 16:40 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 16:40 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 16:40 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 16:39 - 2015-05-02 16:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Victor Barrera\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-01 13:26 - 2015-05-02 19:06 - 00043150 _____ () C:\Windows\PFRO.log
2015-05-01 01:02 - 2015-05-01 01:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-30 23:36 - 2015-04-30 23:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-30 23:34 - 2015-04-30 23:34 - 43159464 _____ (Oracle Corporation) C:\Users\Victor Barrera\Downloads\jre-8u45-windows-x64.exe
2015-04-30 23:34 - 2015-04-30 23:34 - 00000000 ____D () C:\Program Files\Java
2015-04-30 13:24 - 2015-05-02 19:06 - 00000280 _____ () C:\Windows\setupact.log
2015-04-30 13:24 - 2015-04-30 13:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-28 23:34 - 2015-04-28 23:36 - 00013807 _____ () C:\Users\Victor Barrera\Downloads\hijackthis.log
2015-04-28 23:26 - 2015-04-28 23:27 - 04961992 _____ (PC Whiz Inc.) C:\Users\Victor Barrera\Downloads\pcwhiz.exe
2015-04-27 17:54 - 2015-04-27 18:09 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-04-27 17:54 - 2015-04-27 17:54 - 00001102 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2015-04-27 17:54 - 2015-04-27 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-04-25 20:07 - 2015-04-25 22:45 - 00000000 ____D () C:\Users\Victor Barrera\Downloads\American Sniper 2014 1080p WEB-DL x264 AC3-JYK
2015-04-23 12:07 - 2015-04-23 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 17:32 - 2015-04-22 17:46 - 00000000 ____D () C:\Users\Victor Barrera\Downloads\Better.Call.Saul.S01E09.1080p.HDTV.X264-DIMENSION[brassetv]
2015-04-21 17:27 - 2015-04-21 17:27 - 00001760 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-21 17:27 - 2015-04-21 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-21 17:25 - 2015-04-21 17:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-21 17:25 - 2015-04-21 17:26 - 00000000 ____D () C:\Program Files\iTunes
2015-04-21 17:25 - 2015-04-21 17:25 - 00000000 ____D () C:\Program Files\iPod
2015-04-21 17:25 - 2015-04-21 17:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-14 14:32 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 14:32 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 14:32 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 14:32 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 14:32 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 14:32 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 14:32 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 14:32 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 14:32 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 14:32 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 14:32 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 14:32 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 14:32 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 14:32 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 14:32 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 14:32 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 14:31 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 14:31 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 14:31 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 14:31 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 14:31 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 14:31 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 14:31 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 14:31 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 14:31 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 14:31 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 14:31 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 14:31 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 14:31 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 14:31 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 14:31 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 14:31 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 14:31 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 14:31 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 14:31 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 14:31 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 14:31 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 14:31 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 14:31 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 14:31 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 14:31 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 14:31 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 14:31 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 14:31 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 14:31 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 14:31 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 14:31 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 14:31 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 14:31 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 14:31 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 14:31 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 14:31 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 14:31 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 14:31 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 14:31 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 14:30 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 14:30 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 14:30 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 14:30 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 14:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 14:30 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 14:30 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 14:30 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 14:30 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 14:30 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 14:30 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 14:30 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 14:30 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 14:30 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 14:30 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 14:30 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 14:30 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 14:30 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 14:30 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 14:30 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 14:30 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 14:30 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 14:30 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 14:30 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 14:30 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 14:30 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 14:30 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 14:30 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 14:30 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 14:29 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 14:29 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 14:29 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 14:29 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 14:29 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 14:29 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 14:29 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 14:29 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 14:29 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 14:29 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 14:29 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 14:29 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 14:29 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 14:29 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 14:29 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 14:29 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 14:29 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 14:29 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 14:29 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 14:29 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 14:29 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 14:29 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 14:29 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 14:29 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 14:29 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 14:29 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 14:29 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 14:29 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 14:29 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 14:29 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 14:29 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 14:29 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 14:29 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 14:29 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 14:29 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 14:29 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 14:29 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 14:29 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 14:29 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 14:29 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 14:29 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 14:29 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 14:29 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-05 15:43 - 2015-04-05 15:43 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Local\Autodesk_Ltd
2015-04-05 15:01 - 2015-04-06 16:31 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Roaming\Autodesk Navisworks Manage 2014
2015-04-05 15:01 - 2015-04-06 16:31 - 00000000 ____D () C:\ProgramData\Autodesk Navisworks Manage 2014
2015-04-05 15:01 - 2015-04-05 15:01 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Roaming\Navisworks 2014
2015-04-05 00:51 - 2015-04-05 00:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:51 - 2015-04-05 00:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 18:22 - 2015-04-04 20:18 - 00000000 ____D () C:\Users\Victor Barrera\Downloads\Interstellar 2014 IMAX 1080p BRRip x264 DTS-JYK
2015-04-03 16:23 - 2015-04-03 16:23 - 00000000 ____D () C:\ProgramData\FARO
2015-04-03 16:22 - 2015-04-03 16:22 - 00002046 _____ () C:\Users\Public\Desktop\Autodesk ReCap.lnk
2015-04-03 16:19 - 2015-04-03 16:19 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2015-04-03 16:07 - 2015-04-03 16:07 - 00002057 _____ () C:\Users\Public\Desktop\Navisworks Manage 2014.lnk
2015-04-03 16:07 - 2015-04-03 16:07 - 00000000 ____D () C:\Users\Victor Barrera\Documents\Inventor Server x64 InvSvr_x64_NAVMAN_11
2015-04-03 15:41 - 2015-04-03 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2015-04-03 15:38 - 2015-04-03 15:38 - 00002064 _____ () C:\Users\Public\Desktop\Navisworks Freedom 2014.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 19:17 - 2012-02-03 21:27 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Roaming\uTorrent
2015-05-02 19:16 - 2011-12-21 14:19 - 01137776 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 19:16 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 19:16 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 19:10 - 2012-04-22 12:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 19:09 - 2014-12-18 14:56 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Roaming\Raptr
2015-05-02 19:07 - 2015-02-18 23:29 - 00000000 ___RD () C:\Users\Victor Barrera\OneDrive
2015-05-02 19:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 19:03 - 2011-12-30 18:22 - 00000000 ____D () C:\Users\Victor Barrera
2015-05-02 17:30 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2015-05-02 17:27 - 2013-10-02 20:54 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Local\Flvto Youtube Downloader
2015-05-02 17:27 - 2013-03-18 15:44 - 00000000 ____D () C:\ProgramData\Seaerch-NewTTaab
2015-05-02 17:27 - 2013-03-15 16:02 - 00000000 ____D () C:\ProgramData\Barowssei2savE
2015-05-01 15:42 - 2015-01-31 16:42 - 00000384 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Victor Barrera).job
2015-05-01 13:43 - 2013-12-05 22:22 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Local\CrashDumps
2015-05-01 01:03 - 2014-12-24 16:37 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-01 01:03 - 2014-09-17 19:19 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Local\Adobe
2015-05-01 01:02 - 2012-01-31 20:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-01 01:02 - 2012-01-31 20:37 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-01 00:38 - 2013-10-15 21:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-30 13:25 - 2014-03-17 22:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-30 00:54 - 2013-10-29 17:25 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Local\Battle.net
2015-04-29 22:05 - 2015-02-06 22:10 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-04-25 23:22 - 2015-03-23 15:05 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Roaming\vlc
2015-04-25 13:29 - 2013-06-12 15:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 17:25 - 2012-01-01 01:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-20 16:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 13:34 - 2011-12-30 18:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-20 13:20 - 2009-07-14 01:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-18 18:02 - 2011-12-30 21:52 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Roaming\Skype
2015-04-15 18:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 11:38 - 2014-12-10 17:07 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 11:38 - 2014-05-06 01:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 11:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 00:50 - 2012-05-30 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 00:47 - 2012-02-04 13:42 - 00781956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 00:47 - 2009-07-14 01:13 - 00781956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 00:44 - 2013-07-12 23:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:38 - 2012-01-02 14:23 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 00:33 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 23:25 - 2013-10-29 17:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-04-14 23:10 - 2012-04-22 12:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 23:10 - 2012-04-22 12:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 23:10 - 2011-12-30 18:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 19:48 - 2012-06-02 23:05 - 00615424 ___SH () C:\Users\Victor Barrera\Downloads\Thumbs.db
2015-04-09 20:08 - 2013-04-25 20:43 - 00000000 ____D () C:\Users\Victor Barrera\Desktop\Movies & Shows
2015-04-07 15:31 - 2012-08-07 23:13 - 00000000 ____D () C:\Users\Victor Barrera\Documents\WOW-Cata
2015-04-07 15:30 - 2013-10-29 17:25 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-05 23:45 - 2015-02-14 22:22 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Roaming\Autodesk
2015-04-05 15:03 - 2015-02-14 23:33 - 00000000 ____D () C:\Users\Victor Barrera\AppData\Local\Autodesk
2015-04-05 15:01 - 2015-02-14 22:22 - 00000000 ____D () C:\ProgramData\Autodesk
2015-04-03 16:22 - 2015-02-14 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-04-03 16:22 - 2015-02-14 22:56 - 00000000 ____D () C:\Program Files\Autodesk
2015-04-03 16:18 - 2015-02-14 23:13 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-04-03 15:24 - 2015-02-14 22:21 - 00000000 ____D () C:\Autodesk
2015-04-03 13:57 - 2014-01-03 22:41 - 00000000 ____D () C:\Users\Victor Barrera\Desktop\School bleep

==================== Files in the root of some directories =======

2014-10-19 05:48 - 2014-10-19 05:48 - 0085240 _____ () C:\Users\Victor Barrera\AppData\Roaming\icarus-dxdiag.xml
2014-05-05 00:12 - 2014-05-05 00:12 - 0000042 _____ () C:\Users\Victor Barrera\AppData\Roaming\WB.CFG
2012-03-31 16:30 - 2012-03-31 16:30 - 0003584 _____ () C:\Users\Victor Barrera\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-03 16:22 - 2012-07-03 16:22 - 0000102 _____ () C:\Users\Victor Barrera\AppData\Local\fusioncache.dat
2014-04-13 22:17 - 2014-04-13 22:17 - 0000218 _____ () C:\Users\Victor Barrera\AppData\Local\recently-used.xbel
2012-12-14 23:13 - 2012-12-14 23:13 - 0000017 _____ () C:\Users\Victor Barrera\AppData\Local\resmon.resmoncfg
2014-03-17 21:39 - 2014-03-17 21:39 - 0011684 _____ () C:\ProgramData\1395106779.bdinstall.bin

Files to move or delete:
====================
C:\Users\Victor Barrera\NPCSCAN CACHE.bat


Some content of TEMP:
====================
C:\Users\Victor Barrera\AppData\Local\Temp\Quarantine.exe
C:\Users\Victor Barrera\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 14:18

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 03 May 2015 - 07:27 AM

If not already done please run the AdwCleaner tool and clean all this is found.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3490991343-3100775492-2672019291-1001 -> {66FC3211-621B-406D-BFB1-77F4CF99073C} URL = http://search.privitize.com/?aff=7&q={searchTerms}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3490991343-3100775492-2672019291-1001: @hola.org/vlc,version=1.6.732 -> C:\Users\Victor Barrera\AppData\Local\Hola\firefox\app\vlc No File
FF Extension: Hola Better Internet - C:\Users\Victor Barrera\AppData\Roaming\Mozilla\Firefox\Profiles\9hh3rqxd.default-1415506899023\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-04-23]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
S3 ALSysIO; \??\C:\Users\VICTOR~1\AppData\Local\Temp\ALSysIO64.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
C:\Users\Victor Barrera\AppData\Roaming\Mozilla\Firefox\Profiles\9hh3rqxd.default-1415506899023\Extensions\jid1-4P0kohSJxU1qGg@jetpack

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#5 Seveneightnine

Seveneightnine
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 16 May 2015 - 02:42 PM

Sorry for the late response. I'm not quite sure how to do "Run FRST".



#6 Seveneightnine

Seveneightnine
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 16 May 2015 - 02:57 PM

Alright, so i understood how to do it. I didn't know the FRST was "Farbar Recovery Scan Tool"...

 

It looks like these tools deleted many bad files.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 17 May 2015 - 06:56 AM

That is good.

How is the computer running now?

#8 Seveneightnine

Seveneightnine
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 19 May 2015 - 02:39 PM

yes, its running good. Although I still have an audio problem, but I don't think this forum works for this specific topic.

 

Thanks for everything.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 20 May 2015 - 07:27 AM

This topic may help you
http://www.sevenforums.com/sound-audio/248538-no-sound-media-player.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users