Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could be infected


  • This topic is locked This topic is locked
18 replies to this topic

#1 Keyload

Keyload

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 May 2015 - 03:13 AM

I've recently noticed a few things such as:

  • A command window popping up for a split second after startup.
  • MBAE saying Maxthon is now protected at random times, however I do not have the Maxthon browser running.
  • I can't change the Windows firewall to the recommended settings (I get an error).
  • And a few more issues that I can not remember at the current time.

 

Any help is greatly appreciated.

 

Logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Ninos (administrator) on NINOS-HP on 08-05-2015 19:42:58
Running from C:\Users\Ninos\Desktop
Loaded Profiles: Ninos (Available profiles: Ninos & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Alcatel-Lucent) C:\Program Files\tcnz\pcTrayApp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TorchMedia Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\39.0.0.9329\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2814760 2011-07-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-31] (AVAST Software)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-17] (QFX Software Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [68096 2012-04-25] (Hewlett-Packard Company)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Facebook Update] => C:\Users\Ninos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-10] (Facebook Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\MountPoints2: {de3e5fe6-51a8-11e3-bdd4-4c80930097d0} - G:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-01-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
CHR HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/15
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-nz/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-17] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-01-29] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-17] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-29] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{0A75BCFF-9A4D-4195-8CD8-04511A6C9FD1}: [NameServer] 203.97.78.43,203.97.78.44
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-04] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-12-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\Ninos\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-7bf02ef54e3249d6\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-7bf02ef54e3249d6\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ninos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-06]
CHR Extension: (Bookmark Manager) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-06]
CHR Extension: (Avast Online Security) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-06]
CHR Extension: (Skype Click to Call) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-06]
CHR Extension: (Google Wallet) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-06]
CHR HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Ninos\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-26]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Ninos\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-29] (AVAST Software)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [140384 2013-06-25] (Futuremark Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-07] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-08] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4241920 2013-05-21] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-17] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-09-29] (Microsoft Corporation) [File not signed]
R2 TorchCrashHandler; C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-04-03] (TorchMedia Inc.) <==== ATTENTION
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-29] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-22] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-07] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-05-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 msvad_simple; C:\Windows\System32\solicall.sys [40664 2010-10-30] (SoliCall)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-21] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-17] (Sandboxie Holdings, LLC)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
U4 bdselfpr; No ImagePath
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-08 19:37 - 2015-05-08 19:42 - 00083450 _____ () C:\Users\Ninos\Desktop\Addition.txt
2015-05-08 19:35 - 2015-05-08 19:43 - 00036555 _____ () C:\Users\Ninos\Desktop\FRST.txt
2015-05-08 19:35 - 2015-05-08 19:43 - 00000000 ____D () C:\FRST
2015-05-08 19:33 - 2015-05-08 19:33 - 02102272 _____ (Farbar) C:\Users\Ninos\Desktop\FRST64.exe
2015-05-08 19:10 - 2015-05-08 19:14 - 00041163 _____ () C:\Users\Ninos\Desktop\test
2015-05-08 19:03 - 2015-05-08 19:08 - 00041163 _____ () C:\Users\Ninos\Documents\tester123llama.txt
2015-05-08 17:48 - 2015-05-08 19:16 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Temporary Projects
2015-05-07 20:36 - 2015-05-07 21:15 - 00000080 _____ () C:\Users\Ninos\Desktop\TO CHECK.txt
2015-05-06 19:24 - 2015-05-06 19:24 - 00678718 _____ () C:\Users\Ninos\Downloads\Proxy Dump [2015-05-06].txt
2015-05-03 22:36 - 2015-05-03 22:36 - 00079819 _____ () C:\Users\Ninos\Downloads\minecraftia.zip
2015-05-03 00:02 - 2015-05-03 00:04 - 00000000 ____D () C:\Users\Ninos\AppData\Local\CyberGhost
2015-05-02 23:59 - 2015-05-03 00:04 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-02 23:59 - 2015-05-03 00:02 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-05-02 23:59 - 2015-05-02 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-05-02 23:58 - 2015-05-02 23:59 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\Ninos\Downloads\CG_5.0.14.7.exe
2015-05-02 16:14 - 2015-05-01 20:47 - 00015254 _____ () C:\Users\Ninos\Documents\global.css
2015-05-01 21:14 - 2015-05-03 22:55 - 00001456 _____ () C:\Users\Ninos\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-04-30 18:03 - 2015-04-30 18:03 - 00070290 _____ () C:\Users\Ninos\Downloads\World Downloader [1.7.2] 20140118 (7).zip
2015-04-30 18:03 - 2015-04-30 18:03 - 00070290 _____ () C:\Users\Ninos\Downloads\World Downloader [1.7.2] 20140118 (6).zip
2015-04-29 23:32 - 2015-04-29 23:32 - 01581750 _____ () C:\Users\Ninos\Downloads\GPTool.rar
2015-04-28 23:15 - 2015-04-29 16:15 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-04-28 23:15 - 2015-04-28 23:16 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Gyazo
2015-04-28 23:15 - 2015-04-28 23:15 - 00003746 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-04-28 23:15 - 2015-04-28 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-04-28 23:14 - 2015-04-28 23:15 - 09698760 _____ (Nota Inc. ) C:\Users\Ninos\Downloads\Gyazo-2.3.0.exe
2015-04-27 17:51 - 2015-04-27 17:51 - 03093967 _____ () C:\Users\Ninos\Downloads\Mine-imator (1).zip
2015-04-27 17:44 - 2015-04-27 17:44 - 14670321 _____ () C:\Users\Ninos\Downloads\Mine-imator 1.0.0 DEMO 5 (1).zip
2015-04-26 23:24 - 2015-04-26 23:35 - 00000000 ____D () C:\Users\Ninos\Downloads\Game.of.Thrones.S02E08.HDTV.XviD-AFG
2015-04-26 21:42 - 2015-04-26 21:55 - 00000000 ____D () C:\Users\Ninos\Downloads\Game Of Thrones S2.E8 (MP4) (xCrazy0328x)
2015-04-25 18:33 - 2015-04-25 19:08 - 00000000 ____D () C:\Users\Ninos\Downloads\Game of Thrones S02E07 HDTV XviD-MGD[ettv]
2015-04-25 02:09 - 2015-04-25 02:09 - 00000000 ____D () C:\Users\Ninos\Downloads\Game Of Thrones S2.E7 (MP4) (xCrazy0328x)
2015-04-24 22:36 - 2015-05-08 19:34 - 00000388 _____ () C:\Windows\Tasks\update-sys.job
2015-04-24 22:36 - 2015-05-08 18:37 - 00000388 _____ () C:\Windows\Tasks\update-S-1-5-21-1980966533-4281275361-78632846-1000.job
2015-04-24 22:36 - 2015-04-24 22:36 - 00003284 _____ () C:\Windows\System32\Tasks\update-sys
2015-04-24 22:36 - 2015-04-24 22:36 - 00003262 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-1980966533-4281275361-78632846-1000
2015-04-24 22:36 - 2015-04-24 22:36 - 00000424 _____ () C:\Users\Ninos\AppData\Local\UserProducts.xml
2015-04-24 22:36 - 2015-04-24 22:36 - 00000003 _____ () C:\Users\Ninos\AppData\Local\updater.log
2015-04-24 22:35 - 2015-04-24 22:35 - 02511360 _____ (Skillbrains ) C:\Users\Ninos\Downloads\setup-lightshot.exe
2015-04-24 22:35 - 2015-04-24 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-04-24 22:35 - 2015-04-24 22:35 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2015-04-24 19:16 - 2015-04-24 19:16 - 00001199 _____ () C:\Users\Ninos\Downloads\output.txt
2015-04-24 17:09 - 2015-04-24 17:09 - 00196840 _____ () C:\Users\Ninos\Downloads\LemmyWink Scraper.zip
2015-04-24 16:50 - 2015-04-24 16:50 - 00127895 _____ () C:\Users\Ninos\Downloads\Minecraft Accounts_mpgh.net.rar
2015-04-24 16:49 - 2015-04-24 16:49 - 00000046 _____ () C:\Users\Ninos\Downloads\passwords.txt
2015-04-23 17:15 - 2015-04-23 17:15 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\WinRAR
2015-04-23 17:15 - 2015-04-23 17:15 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-23 17:15 - 2015-04-23 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-23 17:14 - 2015-04-23 17:15 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-23 17:14 - 2015-04-23 17:14 - 17550660 _____ () C:\Users\Ninos\Downloads\MPGH account cracker (1).zip
2015-04-23 17:14 - 2015-04-23 17:14 - 01941744 _____ () C:\Users\Ninos\Downloads\winrar-x64-521.exe
2015-04-23 16:53 - 2015-04-23 16:53 - 00004231 _____ () C:\Users\Ninos\Downloads\netflix CONFIG, snikehd, feb 22.ini
2015-04-23 16:52 - 2015-04-23 16:52 - 00758611 _____ () C:\Users\Ninos\Downloads\Sentry.2.0.zip
2015-04-23 16:49 - 2015-04-23 16:50 - 17550660 _____ () C:\Users\Ninos\Downloads\MPGH account cracker.zip
2015-04-23 16:45 - 2015-04-23 16:45 - 05844306 _____ () C:\Users\Ninos\Downloads\Samples.rar
2015-04-23 01:59 - 2015-04-23 01:59 - 01671619 _____ () C:\Users\Ninos\Downloads\daloThread.psd
2015-04-23 00:26 - 2015-04-23 00:26 - 00017769 _____ () C:\Users\Ninos\Downloads\Minecraft Username Scraper By Klintos.jar
2015-04-22 20:54 - 2015-04-22 22:11 - 00000000 ____D () C:\Users\Ninos\Downloads\Game Of Thrones S2.E6 (MP4) (xCrazy0328x)
2015-04-22 20:37 - 2015-04-22 20:52 - 00000000 ____D () C:\Users\Ninos\Downloads\Adobe Photoshop CS6 v6.0.335.0 [ITA] + Crack
2015-04-22 20:35 - 2015-04-22 20:35 - 00000000 ____D () C:\Users\Ninos\Downloads\Adobe Photoshop CS6 13.0 Final (English Japanese)  Mac Os X [ChingLiu]
2015-04-22 15:59 - 2015-04-23 15:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\349279AA.sys
2015-04-21 23:04 - 2015-04-21 23:43 - 00000000 ____D () C:\Users\Public\Documents\Puush Uploads
2015-04-21 23:04 - 2015-04-21 23:43 - 00000000 ____D () C:\ProgramData\Documents\Puush Uploads
2015-04-21 23:02 - 2015-04-21 23:02 - 01085440 _____ () C:\Users\Ninos\Downloads\puush.msi
2015-04-21 16:03 - 2015-04-21 16:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6DD22ECC.sys
2015-04-20 20:04 - 2015-04-20 20:04 - 00952442 _____ () C:\Users\Ninos\Downloads\Waila_1.5.2a (1).zip
2015-04-20 19:31 - 2015-04-20 19:31 - 00519794 _____ () C:\Users\Ninos\Downloads\Waila-1.6.0_B1_1.8.1.jar
2015-04-20 19:29 - 2015-04-20 19:29 - 00952442 _____ () C:\Users\Ninos\Downloads\Waila_1.5.2a.zip
2015-04-20 18:58 - 2015-04-20 18:58 - 00049664 _____ () C:\Users\Ninos\Downloads\macro_auto-typer.exe
2015-04-20 18:58 - 2015-04-20 18:58 - 00033280 _____ () C:\Users\Ninos\Downloads\number_generator.exe
2015-04-20 17:51 - 2015-04-20 17:52 - 00000000 ____D () C:\Users\Ninos\Downloads\Grand Theft Auto V [Steam-Rip]
2015-04-20 00:03 - 2015-04-20 00:20 - 00000000 ____D () C:\Users\Ninos\Downloads\Game of Thrones S02E01 HDTV x264-ASAP[ettv]
2015-04-19 23:14 - 2015-04-19 23:53 - 351273550 _____ () C:\Users\Ninos\Downloads\Game.of.Thrones.S02E01.720p.AAC.x265.HEVC.BluRay-khoshmard[UTR].mkv
2015-04-19 20:56 - 2015-04-19 21:03 - 445876952 _____ () C:\Users\Ninos\Downloads\Game.of.Thrones.S01E09.HDTV.VOSTFR.Gillop.avi
2015-04-19 20:54 - 2015-04-19 22:01 - 15564800 _____ () C:\Users\Ninos\Downloads\S01E09 - Immerse.mkv
2015-04-19 20:38 - 2015-04-19 20:48 - 577135326 _____ () C:\Users\Ninos\Downloads\Game.of.Thrones.S01E08.The.Pointy.End.HDTV.XviD-FQM.avi
2015-04-19 16:13 - 2015-04-19 16:13 - 00510432 _____ () C:\Users\Ninos\Downloads\NotEnoughItems-1.8-1.0.5.82-universal.jar
2015-04-19 16:13 - 2015-04-19 16:13 - 00433012 _____ () C:\Users\Ninos\Downloads\CodeChickenCore-1.8-1.0.5.34-universal.jar
2015-04-19 15:42 - 2015-04-19 15:42 - 00037088 _____ () C:\Users\Ninos\Downloads\Ben10.zip
2015-04-19 15:41 - 2015-04-19 15:42 - 00647113 _____ () C:\Users\Ninos\Downloads\[1.8]DamageIndicatorsMod-3.3.3.jar
2015-04-19 01:48 - 2015-04-19 01:57 - 576580992 _____ () C:\Users\Ninos\Downloads\Game.of.Thrones.S01E07.HDTV.XviD-ASAP.avi
2015-04-18 01:10 - 2015-04-18 01:10 - 00114102 _____ () C:\Users\Ninos\Downloads\xaeros_minimap_v1.4.2_1.8_Forge.jar
2015-04-18 01:03 - 2015-04-18 01:03 - 02934449 _____ () C:\Users\Ninos\Downloads\liteloader-installer-1.7.10-04 (1).exe
2015-04-17 21:46 - 2015-04-17 21:46 - 00000000 ____D () C:\Users\Ninos\AppData\Local\openvr
2015-04-17 21:43 - 2015-04-17 21:43 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Steam
2015-04-17 06:18 - 2015-04-17 06:18 - 00225817 _____ () C:\Users\Ninos\Downloads\InventoryTweaks-1.59-176.jar
2015-04-17 04:31 - 2015-04-17 04:31 - 03400269 _____ () C:\Users\Ninos\Downloads\liteloader-installer-1.8.0-00-SNAPSHOT (1).exe
2015-04-17 01:10 - 2015-04-17 01:15 - 438320578 _____ () C:\Users\Ninos\Downloads\Game.of.Thrones.S01E02.HDTV.VOSTFR.Gillop.avi
2015-04-17 00:38 - 2015-04-17 00:38 - 01190415 _____ () C:\Users\Ninos\Downloads\ProcessExplorer.zip
2015-04-17 00:07 - 2015-04-17 00:07 - 00025891 _____ () C:\Users\Ninos\Downloads\[1.8]StatusEffectHUD-client-1.27 (1).jar
2015-04-17 00:05 - 2015-04-17 00:05 - 00028185 _____ () C:\Users\Ninos\Downloads\[1.8]ArmorStatusHUD-client-1.29.jar
2015-04-16 23:57 - 2015-04-16 23:57 - 03362381 _____ () C:\Users\Ninos\Downloads\liteloader-installer-1.8.0-00-SNAPSHOT (1).jar
2015-04-16 23:50 - 2015-04-16 23:50 - 03447345 _____ () C:\Users\Ninos\Downloads\forge-1.8-11.14.1.1371-installer.jar
2015-04-16 23:24 - 2015-04-16 23:35 - 351678331 _____ () C:\Users\Ninos\Downloads\S01E02 - The Kingsroad.mkv
2015-04-16 23:20 - 2015-05-05 15:45 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-16 23:20 - 2015-04-16 23:20 - 01010672 _____ (DivX, LLC) C:\Users\Ninos\Downloads\DivXInstaller.exe
2015-04-15 16:31 - 2015-04-02 12:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 16:31 - 2015-04-02 11:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 16:31 - 2015-03-25 15:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 16:31 - 2015-03-25 15:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 16:31 - 2015-03-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 16:31 - 2015-03-25 15:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 16:31 - 2015-03-25 15:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 16:31 - 2015-03-25 15:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 16:31 - 2015-03-25 15:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 16:31 - 2015-03-25 15:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 16:31 - 2015-03-25 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 16:31 - 2015-03-23 15:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 16:31 - 2015-03-23 15:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 16:31 - 2015-03-23 15:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 16:31 - 2015-03-23 15:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 16:31 - 2015-03-23 15:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 16:31 - 2015-03-23 15:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 16:31 - 2015-03-23 15:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 16:31 - 2015-03-23 15:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 16:31 - 2015-03-17 17:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 16:31 - 2015-03-17 17:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 16:31 - 2015-03-17 17:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 16:31 - 2015-03-17 17:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 16:31 - 2015-03-17 17:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 16:31 - 2015-03-17 17:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 16:31 - 2015-03-17 17:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 16:31 - 2015-03-17 17:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 16:31 - 2015-03-17 17:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 16:31 - 2015-03-17 17:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 16:31 - 2015-03-17 17:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 16:31 - 2015-03-17 17:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 16:31 - 2015-03-17 17:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 16:31 - 2015-03-17 17:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 16:31 - 2015-03-17 17:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 17:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 16:31 - 2015-03-17 17:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 16:31 - 2015-03-17 16:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 16:31 - 2015-03-17 16:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 16:31 - 2015-03-17 16:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 16:31 - 2015-03-17 16:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 16:31 - 2015-03-17 16:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 16:31 - 2015-03-17 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 16:31 - 2015-03-17 16:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 16:31 - 2015-03-17 16:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 16:31 - 2015-03-17 16:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 16:31 - 2015-03-17 16:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 16:31 - 2015-03-17 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 15:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 16:31 - 2015-03-17 15:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 16:31 - 2015-03-17 15:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 15:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 15:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:31 - 2015-03-17 15:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:31 - 2015-03-13 16:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 16:31 - 2015-03-13 16:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 16:31 - 2015-03-13 16:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 16:31 - 2015-03-13 16:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 16:31 - 2015-03-13 16:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 16:31 - 2015-03-13 16:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 16:31 - 2015-03-13 16:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 16:31 - 2015-03-13 16:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 16:31 - 2015-03-13 16:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 16:31 - 2015-03-13 16:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 16:31 - 2015-03-13 15:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 16:31 - 2015-03-13 15:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 16:31 - 2015-03-13 15:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 16:31 - 2015-03-13 15:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 16:31 - 2015-03-13 15:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 16:31 - 2015-03-13 15:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 16:31 - 2015-03-13 15:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 16:31 - 2015-03-13 15:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 16:31 - 2015-03-13 15:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 16:31 - 2015-03-13 15:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 16:31 - 2015-03-13 15:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 16:31 - 2015-03-13 15:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 16:31 - 2015-03-13 15:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 16:31 - 2015-03-13 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 16:31 - 2015-03-13 15:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 16:31 - 2015-03-13 15:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 16:31 - 2015-03-13 15:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 16:31 - 2015-03-13 15:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 16:31 - 2015-03-13 15:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 16:31 - 2015-03-13 15:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 16:31 - 2015-03-13 15:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 16:31 - 2015-03-13 15:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 16:31 - 2015-03-13 15:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 16:31 - 2015-03-13 15:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 16:31 - 2015-03-13 15:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 16:31 - 2015-03-13 15:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 16:31 - 2015-03-13 15:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 16:31 - 2015-03-13 15:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 16:31 - 2015-03-13 15:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 16:31 - 2015-03-13 15:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 16:31 - 2015-03-13 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 16:31 - 2015-03-13 15:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 16:31 - 2015-03-13 14:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 16:31 - 2015-03-13 14:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 16:31 - 2015-03-13 14:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 16:31 - 2015-03-13 14:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 16:31 - 2015-03-13 14:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 16:31 - 2015-03-13 14:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 16:31 - 2015-03-13 14:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 16:31 - 2015-03-13 14:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 16:31 - 2015-03-13 14:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 16:31 - 2015-03-13 14:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 16:31 - 2015-03-13 14:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 16:31 - 2015-03-13 14:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 16:31 - 2015-03-13 14:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 16:31 - 2015-03-13 14:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 16:31 - 2015-03-10 15:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 16:31 - 2015-03-10 15:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 16:31 - 2015-03-10 15:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 16:31 - 2015-03-10 15:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 16:31 - 2015-03-05 17:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 16:31 - 2015-03-05 16:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 16:31 - 2015-02-25 15:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 16:30 - 2015-03-04 16:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 16:30 - 2015-03-04 16:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 16:30 - 2015-03-04 16:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 20:36 - 2015-05-08 19:32 - 00000000 ____D () C:\Users\Ninos\Desktop\Docked
2015-04-14 20:26 - 2015-04-14 20:26 - 00090895 _____ () C:\Users\Ninos\Downloads\TooManyItems2014_09_07_1.8.zip
2015-04-14 01:11 - 2015-04-14 01:46 - 00000000 ____D () C:\Users\Ninos\Downloads\Game of Thrones S05E04 WEBRip XviD-FUM[ettv]
2015-04-14 01:10 - 2015-04-14 01:36 - 00000000 ____D () C:\Users\Ninos\Downloads\Game of Thrones S05E03 WEBRip XviD-FUM[ettv]
2015-04-14 01:09 - 2015-04-14 01:41 - 388899911 _____ () C:\Users\Ninos\Downloads\Game.of.Thrones.S05E02.HDTV.x264-Xclusive.mp4
2015-04-14 01:08 - 2015-04-14 01:19 - 312338446 _____ () C:\Users\Ninos\Downloads\Game.of.Thrones.S05E01.HDTV.x264-Xclusive.mp4
2015-04-13 15:58 - 2015-04-13 15:58 - 00393478 _____ (http://magiclauncher.com) C:\Users\Ninos\Downloads\MagicLauncher_1.2.6.exe
2015-04-13 15:56 - 2015-04-13 15:56 - 00070290 _____ () C:\Users\Ninos\Downloads\World Downloader [1.7.2] 20140118 (5).zip
2015-04-13 15:51 - 2015-04-13 15:51 - 00045529 _____ () C:\Users\Ninos\Downloads\mod_worldDownloader-1.1.3a_for_1.8.0 (1).litemod
2015-04-13 15:49 - 2015-04-13 15:49 - 03362381 _____ () C:\Users\Ninos\Downloads\liteloader-installer-1.8.0-00-SNAPSHOT.jar
2015-04-13 15:38 - 2015-04-13 15:38 - 00070290 _____ () C:\Users\Ninos\Downloads\World Downloader [1.7.2] 20140118 (4).zip
2015-04-13 15:38 - 2015-04-13 15:38 - 00070290 _____ () C:\Users\Ninos\Downloads\World Downloader [1.7.2] 20140118 (3).zip
2015-04-12 21:32 - 2015-04-12 21:58 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Mine_imator
2015-04-12 21:31 - 2015-04-12 21:32 - 14670321 _____ () C:\Users\Ninos\Downloads\Mine-imator 1.0.0 DEMO 5.zip
2015-04-12 21:12 - 2015-04-12 21:12 - 03093967 _____ () C:\Users\Ninos\Downloads\Mine-imator.zip
2015-04-12 20:36 - 2015-04-12 20:36 - 02706937 _____ () C:\Users\Ninos\Downloads\The Pack Parkour(2).zip
2015-04-11 17:46 - 2015-05-05 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-11 17:46 - 2015-04-29 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-11 17:46 - 2015-04-29 16:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-11 17:46 - 2015-04-11 17:46 - 03020520 _____ (Malwarebytes ) C:\Users\Ninos\Downloads\mbae-setup-1.06.1.1018.exe
2015-04-10 20:29 - 2015-04-10 20:53 - 00000000 ____D () C:\Users\Ninos\Downloads\The.Hunger.Games.2012.RERIP.720p.Bluray.x264.anoXmous
2015-04-10 20:19 - 2015-04-10 20:29 - 00000000 ____D () C:\Users\Ninos\Downloads\The Hunger Games (2012)
2015-04-10 20:05 - 2015-04-10 20:05 - 00561064 _____ (Oracle Corporation) C:\Users\Ninos\Downloads\chromeinstall-8u40.exe
2015-04-08 01:56 - 2015-04-08 01:56 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Macro Recorder
2015-04-08 01:56 - 2015-04-08 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacroRecorderLite
2015-04-08 01:56 - 2015-04-08 01:56 - 00000000 ____D () C:\Program Files (x86)\MacroRecorderLite
2015-04-08 01:56 - 2010-06-16 16:14 - 00044032 _____ (Jitbit Software) C:\Windows\SysWOW64\SystemHookCore.dll
2015-04-08 01:56 - 2005-04-15 17:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2015-04-08 01:55 - 2015-04-08 01:55 - 01706334 _____ (Jitbit Software ) C:\Users\Ninos\Downloads\MacroRecorderLiteSetup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-08 19:43 - 2011-12-15 15:50 - 01811833 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 19:34 - 2009-07-14 16:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 19:34 - 2009-07-14 16:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 19:33 - 2013-12-13 20:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 19:32 - 2012-01-18 16:30 - 00000000 ____D () C:\Fraps
2015-05-08 19:31 - 2009-07-14 17:13 - 00797928 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 19:27 - 2012-01-18 13:51 - 00000000 ____D () C:\Users\Ninos\AppData\Local\CrashDumps
2015-05-08 19:26 - 2014-12-22 19:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 19:26 - 2011-12-26 18:43 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Skype
2015-05-08 19:25 - 2013-11-20 19:33 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2015-05-08 19:24 - 2015-01-29 03:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-08 19:23 - 2013-04-05 20:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 19:22 - 2009-07-14 17:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 19:21 - 2009-07-14 16:51 - 00194028 _____ () C:\Windows\setupact.log
2015-05-08 19:13 - 2013-11-10 21:08 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980966533-4281275361-78632846-1000UA.job
2015-05-08 18:50 - 2013-04-05 20:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-08 18:45 - 2011-12-26 16:03 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F67BCA1-34E4-4FEF-A671-347712FE25B1}
2015-05-07 22:13 - 2013-11-10 21:08 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980966533-4281275361-78632846-1000Core.job
2015-05-07 16:12 - 2014-12-18 18:00 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNinos
2015-05-07 16:12 - 2014-12-18 17:59 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForNinos.job
2015-05-06 20:35 - 2012-01-27 13:00 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Paint.NET
2015-05-05 17:00 - 2011-12-27 15:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-04 22:20 - 2013-09-07 13:36 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Maxthon3
2015-05-04 21:27 - 2013-12-13 20:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-04 21:27 - 2012-07-18 16:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-04 21:27 - 2011-10-14 16:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 21:26 - 2012-01-06 20:32 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Adobe
2015-05-04 20:32 - 2012-06-17 17:51 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-05-04 20:32 - 2012-06-17 17:47 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-05-04 19:40 - 2012-06-17 17:47 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-04 15:55 - 2009-07-14 16:45 - 04999080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-03 22:55 - 2011-12-26 16:02 - 00096168 _____ () C:\Users\Ninos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-03 16:12 - 2011-12-26 16:14 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\.minecraft
2015-05-03 00:12 - 2010-11-21 15:47 - 01806084 _____ () C:\Windows\PFRO.log
2015-05-01 20:59 - 2012-02-20 15:34 - 00000132 _____ () C:\Users\Ninos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-05-01 18:30 - 2013-11-03 17:28 - 00001988 _____ () C:\Windows\Sandboxie.ini
2015-04-30 21:34 - 2015-01-27 01:02 - 00000000 ____D () C:\Users\Ninos\Documents\Visual Studio 2013
2015-04-27 18:56 - 2011-12-31 18:15 - 00006656 _____ () C:\Users\Ninos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-27 15:55 - 2011-10-14 16:33 - 00000000 ____D () C:\Windows\en
2015-04-25 17:33 - 2009-07-14 17:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-23 16:01 - 2012-03-04 14:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-23 16:01 - 2011-10-14 16:32 - 00000000 ____D () C:\ProgramData\Skype
2015-04-21 23:57 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-21 23:02 - 2013-09-02 13:55 - 00000000 ____D () C:\Program Files (x86)\puush
2015-04-20 00:03 - 2013-01-19 15:43 - 00737280 ___SH () C:\Users\Ninos\Downloads\Thumbs.db
2015-04-19 23:58 - 2012-10-05 02:18 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\vlc
2015-04-18 18:29 - 2012-02-20 15:04 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-04-17 22:20 - 2012-01-16 11:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-17 20:28 - 2012-10-29 19:53 - 00000000 ____D () C:\Users\Ninos\Desktop\My stuff
2015-04-16 04:17 - 2014-12-25 00:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 04:17 - 2014-12-25 00:49 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 04:17 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 03:37 - 2012-03-18 14:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 03:35 - 2012-03-18 14:33 - 00782238 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 03:30 - 2013-08-16 16:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:09 - 2011-12-28 18:24 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-10 20:57 - 2013-11-20 19:33 - 00001397 _____ () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2015-04-10 20:55 - 2012-10-07 22:47 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Torch
 
==================== Files in the root of some directories =======
 
2012-08-05 18:22 - 2012-08-05 18:41 - 0000012 _____ () C:\Users\Ninos\AppData\Roaming\.minecraftlan.properties
2012-02-11 12:36 - 2012-02-11 12:36 - 0001472 _____ () C:\Users\Ninos\AppData\Roaming\.minecraftleeched-full.txt
2012-02-20 15:34 - 2015-05-01 20:59 - 0000132 _____ () C:\Users\Ninos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-09-28 16:18 - 2011-09-28 16:18 - 0020944 _____ (Intel Corporation) C:\Users\Ninos\AppData\Roaming\JomCap.dll
2012-07-11 22:04 - 2013-05-19 17:09 - 0090112 ___SH () C:\Users\Ninos\AppData\Roaming\Thumbs.db
2015-05-01 21:14 - 2015-05-03 22:55 - 0001456 _____ () C:\Users\Ninos\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-04 18:49 - 2014-01-04 19:07 - 13447637 _____ () C:\Users\Ninos\AppData\Local\AndroidRootingScript.zip
2011-12-31 18:15 - 2015-04-27 18:56 - 0006656 _____ () C:\Users\Ninos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-13 19:45 - 2012-05-13 19:45 - 0000093 _____ () C:\Users\Ninos\AppData\Local\fusioncache.dat
2013-07-10 17:24 - 2013-07-10 17:24 - 0000682 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130710.172405.txt
2013-07-23 21:57 - 2013-07-23 21:57 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.215711.txt
2013-07-23 22:00 - 2013-07-23 22:00 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.220037.txt
2013-07-23 22:01 - 2013-07-23 22:01 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.220128.txt
2013-11-17 16:06 - 2013-11-17 16:06 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20131117.170618.txt
2013-08-06 16:55 - 2013-08-06 16:55 - 0044218 _____ () C:\Users\Ninos\AppData\Local\RAContactHistory.xml
2013-09-29 14:16 - 2013-09-29 14:16 - 0000218 _____ () C:\Users\Ninos\AppData\Local\recently-used.xbel
2013-05-17 19:09 - 2013-08-06 15:03 - 0007603 _____ () C:\Users\Ninos\AppData\Local\Resmon.ResmonCfg
2015-04-24 22:36 - 2015-04-24 22:36 - 0000003 _____ () C:\Users\Ninos\AppData\Local\updater.log
2015-04-24 22:36 - 2015-04-24 22:36 - 0000424 _____ () C:\Users\Ninos\AppData\Local\UserProducts.xml
2015-01-30 02:53 - 2015-01-30 02:53 - 0000000 _____ () C:\Users\Ninos\AppData\Local\{61D662A5-8C6D-4A9B-8E17-53E1B163A8A1}
2012-02-26 13:28 - 2012-02-26 13:28 - 0219542 _____ () C:\ProgramData\1330219325.bdinstall.bin
2012-02-27 17:45 - 2012-02-27 17:45 - 0034071 _____ () C:\ProgramData\1330321511.bdinstall.bin
2012-03-02 16:23 - 2012-03-02 16:23 - 0148971 _____ () C:\ProgramData\1330662119.bdinstall.bin
2012-06-15 16:20 - 2012-06-15 16:20 - 0168430 _____ () C:\ProgramData\1339733957.bdinstall.bin
2012-06-15 16:21 - 2012-06-15 16:21 - 0022638 _____ () C:\ProgramData\1339734069.bdinstall.bin
2012-06-15 16:31 - 2012-06-15 16:38 - 0004513 _____ () C:\ProgramData\1339734363.2160.bin
2012-06-15 16:26 - 2012-06-15 16:38 - 0021369 _____ () C:\ProgramData\1339734363.4628.bin
2012-06-15 16:31 - 2012-06-15 16:31 - 0000201 _____ () C:\ProgramData\1339734363.4812.bin
2012-06-15 16:37 - 2012-06-15 16:37 - 0001164 _____ () C:\ProgramData\1339734363.5224.bin
2012-06-15 16:26 - 2012-06-15 16:38 - 0086749 _____ () C:\ProgramData\1339734363.6128.bin
2012-06-15 16:31 - 2012-06-15 16:38 - 0071462 _____ () C:\ProgramData\1339734363.616.bin
2012-06-15 16:26 - 2012-06-15 16:38 - 0056111 _____ () C:\ProgramData\1339734363.6500.bin
2012-06-15 16:31 - 2012-06-15 16:31 - 0004469 _____ () C:\ProgramData\1339734363.7196.bin
2012-06-15 16:30 - 2012-06-15 16:30 - 0010194 _____ () C:\ProgramData\1339734363.7920.bin
2012-06-15 16:30 - 2012-06-15 16:32 - 0006918 _____ () C:\ProgramData\1339734363.7924.bin
2012-06-15 16:30 - 2012-06-15 16:38 - 0001404 _____ () C:\ProgramData\1339734363.7928.bin
2012-06-15 16:30 - 2012-06-15 16:31 - 0001404 _____ () C:\ProgramData\1339734363.7932.bin
2012-07-16 20:07 - 2012-07-16 20:07 - 0158782 _____ () C:\ProgramData\1342425786.bdinstall.bin
2013-12-03 21:28 - 2013-12-03 21:28 - 0001534 _____ () C:\ProgramData\ss.ini
 
Files to move or delete:
====================
C:\Users\Ninos\test.exe
 
 
Some content of TEMP:
====================
C:\Users\Ninos\AppData\Local\Temp\adb.exe
C:\Users\Ninos\AppData\Local\Temp\AdbWinApi.dll
C:\Users\Ninos\AppData\Local\Temp\AdbWinUsbApi.dll
C:\Users\Ninos\AppData\Local\Temp\AutoItX3.dll
C:\Users\Ninos\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe
C:\Users\Ninos\AppData\Local\Temp\CMInstaller.exe
C:\Users\Ninos\AppData\Local\Temp\DeviceRooter.exe
C:\Users\Ninos\AppData\Local\Temp\DIFxAPI.dll
C:\Users\Ninos\AppData\Local\Temp\Extract.exe
C:\Users\Ninos\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Ninos\AppData\Local\Temp\IHU8DDD.tmp.exe
C:\Users\Ninos\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Ninos\AppData\Local\Temp\j3dcore-ogl-cg.dll
C:\Users\Ninos\AppData\Local\Temp\j3dcore-ogl-chk.dll
C:\Users\Ninos\AppData\Local\Temp\j3dcore-ogl.dll
C:\Users\Ninos\AppData\Local\Temp\jansi-32-git-Bukkit-1.2.5-R4.0-b2222jnks.dll
C:\Users\Ninos\AppData\Local\Temp\jansi-64-git-Bukkit-1.2.5-R4.0-b2222jnks.dll
C:\Users\Ninos\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R0.1-b2838jnks.dll
C:\Users\Ninos\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\Ninos\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Ninos\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Ninos\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ninos\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Ninos\AppData\Local\Temp\JREInstall??.exe
C:\Users\Ninos\AppData\Local\Temp\libcurl-4.dll
C:\Users\Ninos\AppData\Local\Temp\libeay32.dll
C:\Users\Ninos\AppData\Local\Temp\libidn-11.dll
C:\Users\Ninos\AppData\Local\Temp\libusb-1.0.dll
C:\Users\Ninos\AppData\Local\Temp\mirc725.exe
C:\Users\Ninos\AppData\Local\Temp\npp.6.1.8.Installer.exe
C:\Users\Ninos\AppData\Local\Temp\OneClickRoot.exe
C:\Users\Ninos\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Ninos\AppData\Local\Temp\pthreadGC2.dll
C:\Users\Ninos\AppData\Local\Temp\Resource.exe
C:\Users\Ninos\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ninos\AppData\Local\Temp\SP56053.exe
C:\Users\Ninos\AppData\Local\Temp\SP56478.exe
C:\Users\Ninos\AppData\Local\Temp\SP56750.exe
C:\Users\Ninos\AppData\Local\Temp\SP57090.exe
C:\Users\Ninos\AppData\Local\Temp\SP57698.exe
C:\Users\Ninos\AppData\Local\Temp\sp58915.exe
C:\Users\Ninos\AppData\Local\Temp\SP59555.exe
C:\Users\Ninos\AppData\Local\Temp\SP60051.exe
C:\Users\Ninos\AppData\Local\Temp\SP60639.exe
C:\Users\Ninos\AppData\Local\Temp\sp62291.exe
C:\Users\Ninos\AppData\Local\Temp\sp64126.exe
C:\Users\Ninos\AppData\Local\Temp\SRLDetectionLibrary4643123336804323969.dll
C:\Users\Ninos\AppData\Local\Temp\ssleay32.dll
C:\Users\Ninos\AppData\Local\Temp\uninst.exe
C:\Users\Ninos\AppData\Local\Temp\uninst1.exe
C:\Users\Ninos\AppData\Local\Temp\uninstall.exe
C:\Users\Ninos\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Ninos\AppData\Local\Temp\unlockrootsetup.exe
C:\Users\Ninos\AppData\Local\Temp\Updater.exe
C:\Users\Ninos\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Ninos\AppData\Local\Temp\zlib1.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ICSharpCode.SharpZipLib.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 13 May 2015 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

(TorchMedia Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\39.0.0.9329\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [AdobeBridge] => [X]
CHR HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Avast SafePrice) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-06]
CHR Extension: (Avast Online Security) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-06]
CHR HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Ninos\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Ninos\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-29]
R2 TorchCrashHandler; C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-04-03] (TorchMedia Inc.) <==== ATTENTION
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
U4 bdselfpr; No ImagePath
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
C:\Users\Ninos\AppData\Local\Torch

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Keyload

Keyload
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 14 May 2015 - 01:20 AM

It seems to be running fine.

Just a few things I'd like to let you know:

 

 - I noticed a few days ago, when I was shutting down my computer, Windows told me it was waiting for a proccess with the CyberLink camera logo and a name that is unknown to me (similar to the ones in the screenshot below).

 

 - I also noticed that in the C:\Users\Ninos\AppData\Local folder, there is a lot of folders with weird names, not sure if these mean anything but I thought I'd mention them: 

 

NZUponj.png

 

 - After applying the FRST fix, my Torch browser is not working (Windows tells me it doesn't exist anymore).

 

 

Thank you for your help, I appreciate it.

Requested logs:

 

 

Fixlog.txt:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-05-2015 01
Ran by Ninos at 2015-05-14 17:49:47 Run:1
Running from C:\Users\Ninos\Desktop\MA
Loaded Profiles: Ninos (Available profiles: Ninos & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
(TorchMedia Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\39.0.0.9329\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [AdobeBridge] => [X]
CHR HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Avast SafePrice) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-06]
CHR Extension: (Avast Online Security) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-06]
CHR HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Ninos\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Ninos\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-29]
R2 TorchCrashHandler; C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-04-03] (TorchMedia Inc.) <==== ATTENTION
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
U4 bdselfpr; No ImagePath
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
C:\Users\Ninos\AppData\Local\Torch
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Update\39.0.0.9329\TorchUpdate.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
C:\Users\Ninos\AppData\Local\Torch\Application\torch.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
"HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => Moved successfully.
C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
"HKU\S-1-5-21-1980966533-4281275361-78632846-1000\SOFTWARE\Google\Chrome\Extensions\gdfglldanmpdjibmppnggdphndfklefg" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gdfglldanmpdjibmppnggdphndfklefg" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
TorchCrashHandler => Service deleted successfully.
Andbus => Service deleted successfully.
AndDiag => Service deleted successfully.
AndGps => Service deleted successfully.
ANDModem => Service deleted successfully.
bdselfpr => Service deleted successfully.
cpuz135 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
C:\Users\Ninos\AppData\Local\Torch => Moved successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-14 17:52:55)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move.
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move.
 
==== End of Fixlog 17:52:55 ====
 
 
 

AdwCleaner[S0].txt:

 

# AdwCleaner v4.204 - Logfile created 14/05/2015 at 18:05:29
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ninos - NINOS-HP
# Running from : C:\Users\Ninos\Desktop\MA\adwcleaner_4.204.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\CodecC
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\Allmyapps
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Users\Ninos\AppData\Local\genienext
Folder Deleted : C:\Users\Ninos\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
File Deleted : C:\END
File Deleted : C:\Users\Ninos\daemonprocess.txt
File Deleted : C:\Users\Ninos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
 
***** [ Scheduled tasks ] *****
 
Task Deleted : EPUpdater
Task Deleted : IHUninstallTrackingTASK
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-1980966533-4281275361-78632846-1000
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\PutLockerDownloader
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKCU\Software\5f57d8d9bc6feb12
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3257 bytes] - [14/05/2015 18:01:29]
AdwCleaner[S0].txt - [2960 bytes] - [14/05/2015 18:05:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3019  bytes] ##########

Edited by Keyload, 14 May 2015 - 01:21 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 14 May 2015 - 08:02 AM

This is the process that start at every start up.
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

Unless you use it every day you can disable it via the Task Manager.
Run the YCMMirage.exe as and when your need it.
===


I also noticed that in the C:\Users\Ninos\AppData\Local folder, there is a lot of folders with weird names, not sure if these mean anything but I thought I'd mention them:


These are temporary empty folders created by an unknow programs.
They can be deleted using this tool.

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Torch has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.

Source: http://www.shouldiremoveit.com/Torch-5557-program.aspx

If all is well and you want to re-install the application do it at you own risk.
===

#5 Keyload

Keyload
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 16 May 2015 - 01:25 AM

Sorry for the delay.

 

After using JRT, all applications in the system tray (besides Avast) were closed, is this normal?

 

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ninos on Sat 16/05/2015 at 18:18:17.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Game_Booster_Startup
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Windows\prefetch\DRIVERS.EXE-346DFDC7.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{00AE68FC-73B2-45FE-B73A-6D2A6CB929DB}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{0386AEAF-D11D-4DDE-B3AE-FBE8DC7E15DE}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{1469A753-4E26-44C6-9F98-4DB72E5DE671}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{15A42F14-E54C-4B7E-A4CA-C022EBB28C1D}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{22D6C83A-F616-4AB9-8F79-0514469CDDC3}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{2E0DF54E-BE67-495E-A5BF-0008DB20A4C6}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{2E0F1033-EBBE-4D17-BE4F-A5AD4E9A777C}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{37288721-EA78-4FAE-8EFD-F37202CFA9F3}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{380AFF66-73CA-4CDC-ABAF-71829BE16BD1}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{3D4D6E3E-8C58-461C-8416-80043806770B}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{3EE7DF45-DC27-45E5-9CAA-FB28A3803AAB}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{40D77EAF-2478-4370-97F9-3F9AF02EB2F1}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{59F8AF83-C861-4E0D-B520-FCC5815A887C}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{5E11C2EA-B1B6-4681-9FF1-155B561361F4}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{60E72990-6696-4849-BF76-2688B881CAFB}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{638E4FE8-1DBD-4F22-B792-620A4B59F38D}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{6522FF9A-09FC-468D-963A-B94DF3EDD7CC}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{68301AE1-0621-4D9D-9105-3B9641FDB1D4}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{69813753-36AE-4AB2-A9FF-74280D4B3808}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{79CDCD1B-BA1C-421D-85B2-DC4ECD5E1BD1}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{7C68D1BC-83F2-4F15-B0E1-F9D24F444962}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{8A11ABDD-E556-4282-9CC3-E9109C79291C}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{8DEF8E88-CB5E-4882-8A03-3DDF35E99ED8}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{915F425A-C6D9-4BCA-A6B3-4E7ED7EE08B5}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{96ACC4AB-A7A1-47E1-BE4C-8599167DD3B6}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{9A7566B7-08E3-428B-A4C3-A3B9656A985F}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{ABDAA4B6-D945-49E0-A18D-209BE09A9D40}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{ADADCEA0-0BDD-4407-8FE6-769B902DE0EA}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{B0829EA3-2E7A-4D08-A124-27CB98608A89}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{B0953E09-6BAC-41F7-8B5F-1D47C19E2EB5}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{BACACA9D-999A-4584-9E5C-1D2AB842FF10}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{BDCB9F54-563D-42E9-A5F3-6A9B7FEF1E20}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{BE85E96A-12FC-40D8-81CE-E97006BCFCCA}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{C635534B-360E-4F40-8402-856C0013C0FB}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{C69FF59C-F34C-4412-B712-351E4BBB6B73}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{CD0B375F-1CC3-42D3-93E6-AE1C73DA1363}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{CDA55809-6001-420A-B8D5-DE18D45D5752}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{D5121224-0E57-405F-B72B-80AAD4BB59E3}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{DD18E8FA-F57F-46CA-95AA-1C9FB1832F3F}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{E70AC7FF-A20D-4118-87F2-40545E54DD38}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{EAAA1902-1FD8-41F6-874A-9F6D7C4B39F2}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{F082EC23-6F85-4F8D-A75D-DFCAA8E3F74C}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{F7C8F69D-9AD0-40CB-84D8-AA30C5517E23}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{FB2ABB6B-739D-4D7B-BBD1-691941878B1E}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{FB7615CF-083C-4B1F-B6D8-50F0ED5B3A79}
Successfully deleted: [Empty Folder] C:\Users\Ninos\appdata\local\{FF8911ED-AEB6-4B3A-9D7F-A2689A2E98B5}
Successfully deleted: [Folder] C:\Program Files (x86)\freerip
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 16/05/2015 at 18:22:20.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 16 May 2015 - 07:16 AM

After a restart of the computer did the return?

#7 Keyload

Keyload
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 May 2015 - 07:07 AM

After a restart of the computer did the return?

 

Yes, they have all returned.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 17 May 2015 - 07:58 AM

Can you please run the Farbar tool one more time post a fresh log.

Let me know what problem persists.

#9 Keyload

Keyload
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 23 May 2015 - 01:12 AM

Sorry for the delay, nasdaq.

 

I will post the logs shortly.

 

 

Appreciate your help.

Thanks!



#10 Keyload

Keyload
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 30 May 2015 - 09:58 AM

Very sorry for the delay, Nasdaq.

I have had to deal with a few things this past week, but I'll make sure to post the logs first thing tomorrow morning.

 

 

Appreciate your help, I hope you don't mind.


Edited by Keyload, 30 May 2015 - 09:58 AM.


#11 Keyload

Keyload
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 31 May 2015 - 10:43 AM

Welp, I just blue screened!  :huh:

Not sure what caused it, I was just about to start scanning.

 

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Ninos (administrator) on NINOS-HP on 01-06-2015 03:40:52
Running from C:\Users\Ninos\Desktop\MA
Loaded Profiles: Ninos (Available Profiles: Ninos & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TorchMedia Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcatel-Lucent) C:\Program Files\tcnz\pcTrayApp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Spotify Ltd) C:\Users\Ninos\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2814760 2011-07-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-17] (QFX Software Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [68096 2012-04-25] (Hewlett-Packard Company)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Facebook Update] => C:\Users\Ninos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-10] (Facebook Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28920448 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Spotify Web Helper] => C:\Users\Ninos\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-31] (Spotify Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Spotify] => C:\Users\Ninos\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-31] (Spotify Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\MountPoints2: {de3e5fe6-51a8-11e3-bdd4-4c80930097d0} - G:\LGAutoRun.exe
Startup: C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-05-20]
ShortcutTarget: Curse.lnk -> C:\Users\Ninos\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ninos\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/15
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-nz/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-17] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-17] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Tcpip\..\Interfaces\{0A75BCFF-9A4D-4195-8CD8-04511A6C9FD1}: [NameServer] 203.97.78.43,203.97.78.44
 
FireFox:
========
FF ProfilePath: C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-04] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-12-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-d2fd1d56447746e9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-d2fd1d56447746e9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ninos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: TorchVLC -> C:\Users\Ninos\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll No File
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Extension: HttpFox - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2015-05-31]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-06-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ColorZilla) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-05-17]
CHR Extension: (Google Cast) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-11]
CHR Extension: (Battlefield Heroes) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2015-05-16]
CHR Extension: (Adblock Plus) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-11]
CHR Extension: (TrafficLight) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-05-28]
CHR Extension: (Tampermonkey) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-14]
CHR Extension: (Bookmark Manager) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Avast Online Security) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-05-14]
CHR Extension: (Live HTTP Headers) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2015-05-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-06]
CHR Extension: (Google Wallet) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-06]
CHR Extension: (Bprod(uctive)) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiamoccpbchfhpiokdmojejefcnijhlk [2015-05-23]
CHR Extension: (Hover Zoom+) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2015-05-14]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-26]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [140384 2013-06-25] (Futuremark Corporation)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-07] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-08] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4241920 2013-05-21] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-17] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-21] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-09-29] (Microsoft Corporation) [File not signed]
R2 TorchCrashHandler; C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-05-12] (TorchMedia Inc.) <==== ATTENTION
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-09] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-22] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-07] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 msvad_simple; C:\Windows\System32\solicall.sys [40664 2010-10-30] (SoliCall)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-21] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-17] (Sandboxie Holdings, LLC)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-05-08] (IDRIX)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 03:29 - 2015-06-01 03:30 - 00262144 _____ () C:\Windows\Minidump\060115-37705-01.dmp
2015-06-01 01:56 - 2015-06-01 01:56 - 00414889 _____ () C:\Users\Ninos\Desktop\DEEZ PROXIES.txt
2015-05-31 23:08 - 2015-05-31 23:10 - 10015902 _____ () C:\Users\Ninos\Downloads\Sentry_MBA.rar
2015-05-31 23:02 - 2015-06-01 02:07 - 00000000 ____D () C:\Users\Ninos\Desktop\New folder
2015-05-31 22:41 - 2015-05-31 22:41 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Macromedia
2015-05-31 22:28 - 2015-05-31 22:39 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Mozilla
2015-05-31 22:28 - 2015-05-31 22:28 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-31 22:28 - 2015-05-31 22:28 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-31 22:28 - 2015-05-31 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-31 22:26 - 2015-05-31 22:26 - 00243344 _____ () C:\Users\Ninos\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-31 19:57 - 2015-05-31 19:57 - 00000000 ____D () C:\Users\Ninos\Documents\MCEdit
2015-05-31 19:54 - 2015-05-31 20:00 - 00000000 ____D () C:\Users\Ninos\Downloads\mcedit
2015-05-31 19:51 - 2015-05-31 19:53 - 46786369 _____ () C:\Users\Ninos\Downloads\MCEdit.v1.3.3.0.Win.64bit.exe
2015-05-30 22:13 - 2015-06-01 03:32 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Spotify
2015-05-30 22:13 - 2015-05-30 22:13 - 00001805 _____ () C:\Users\Ninos\Desktop\Spotify.lnk
2015-05-30 22:13 - 2015-05-30 22:13 - 00001791 _____ () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-05-30 22:11 - 2015-06-01 03:38 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Spotify
2015-05-30 22:11 - 2015-05-30 22:11 - 00155296 _____ (Spotify Ltd) C:\Users\Ninos\Downloads\SpotifySetup.exe
2015-05-30 19:06 - 2015-05-30 19:06 - 03403133 _____ () C:\Users\Ninos\Downloads\liteloader-installer-1.8.0-00-SNAPSHOT (2).exe
2015-05-30 00:36 - 2015-05-30 00:36 - 00002861 _____ () C:\Users\Ninos\Downloads\Truc 129188c1 (1).txt
2015-05-30 00:35 - 2015-05-30 00:35 - 00000011 _____ () C:\Users\Ninos\Downloads\129228SD.txt
2015-05-30 00:34 - 2015-05-30 00:34 - 00002861 _____ () C:\Users\Ninos\Downloads\Truc 129188c1.txt
2015-05-28 20:59 - 2015-05-28 21:58 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Temporary Projects
2015-05-28 20:46 - 2015-05-28 20:46 - 01982037 _____ () C:\Users\Ninos\Downloads\ILSpy_Master_2.3.0.1827_Binaries.zip
2015-05-28 20:46 - 2015-05-28 20:46 - 00000000 ____D () C:\Users\Ninos\Desktop\ILSpy
2015-05-28 19:21 - 2015-05-28 19:21 - 00314908 _____ () C:\Users\Ninos\Downloads\netflix.7z
2015-05-28 18:58 - 2015-05-28 18:58 - 00637111 _____ () C:\Users\Ninos\Downloads\Guccis Sentry MBA PAck.rar
2015-05-28 15:12 - 2015-05-31 03:52 - 00000195 _____ () C:\Users\Ninos\Desktop\Check results.txt
2015-05-27 22:19 - 2015-05-27 22:19 - 00566272 _____ () C:\Users\Ninos\Downloads\Universal Proxy Scraper.exe
2015-05-27 22:19 - 2015-05-27 22:19 - 00566272 _____ () C:\Users\Ninos\Desktop\Universal Proxy Scraper.exe
2015-05-27 19:43 - 2015-05-27 19:43 - 06054061 _____ () C:\Users\Ninos\Downloads\186kleak.txt
2015-05-27 18:48 - 2015-05-27 18:48 - 00034515 _____ () C:\Users\Ninos\Desktop\2af.txt
2015-05-26 23:50 - 2015-05-26 23:59 - 00000000 ____D () C:\Users\Ninos\Downloads\Game.of.Thrones.S05E07.HDTV.x264-ASAP[ettv]
2015-05-26 17:37 - 2015-05-26 17:37 - 00111176 _____ () C:\Users\Ninos\Downloads\hemi_head.zip
2015-05-24 22:15 - 2015-05-24 22:15 - 00004362 _____ () C:\Users\Ninos\Downloads\InternalGame.aia
2015-05-24 16:00 - 2015-05-24 16:00 - 00001643 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC.lnk
2015-05-24 15:59 - 2015-05-24 16:01 - 00001664 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk
2015-05-24 15:59 - 2015-05-24 15:59 - 00000000 ____D () C:\ProgramData\ALM
2015-05-24 15:56 - 2015-05-24 15:56 - 00001530 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-05-24 15:08 - 2015-05-24 15:39 - 00000000 ____D () C:\Users\Ninos\Downloads\Adobe Illustrator CC 17.0.0 Final Multilanguage [ChingLiu]
2015-05-24 00:52 - 2015-05-24 00:52 - 12362933 _____ () C:\Users\Ninos\Downloads\Lesbea HD Mature lesbian woman spreads tight ass of teen on her face - Free Porn Videos - YouPorn[via torchbrowser.com].aac
2015-05-24 00:48 - 2015-05-24 00:48 - 05877088 _____ () C:\Users\Ninos\Downloads\Lesbea HD Cute teen humps her girlfriend's thigh before sitting on her face - Free Porn Videos - YouPorn[via torchbrowser.com].aac
2015-05-24 00:47 - 2015-05-24 00:48 - 09987459 _____ () C:\Users\Ninos\Downloads\Rilee Marks and Malena Morgan - Free Porn Videos - YouPorn[via torchbrowser.com].aac
2015-05-24 00:44 - 2015-05-24 00:45 - 07397928 _____ () C:\Users\Ninos\Downloads\Elle Alexandra, Malena Morgan & Rilee Marks - The Beach House - Pornhub.com[via torchbrowser.com].aac
2015-05-24 00:40 - 2015-05-24 00:48 - 82788787 _____ () C:\Users\Ninos\Downloads\Lesbea HD Cute teen humps her girlfriend's thigh before sitting on her face - Free Porn Videos - YouPorn[via torchbrowser.com].mp4
2015-05-24 00:40 - 2015-05-24 00:41 - 05916975 _____ () C:\Users\Ninos\Downloads\Last night - Rille Marks & Elle Alexandra - Pornhub.com[via torchbrowser.com].aac
2015-05-24 00:39 - 2015-05-24 00:39 - 09261548 _____ () C:\Users\Ninos\Downloads\Rilee Marks and Elle Alexandra - Free Porn Videos - YouPorn[via torchbrowser.com].aac
2015-05-24 00:38 - 2015-05-24 00:52 - 166003428 _____ () C:\Users\Ninos\Downloads\Lesbea HD Mature lesbian woman spreads tight ass of teen on her face - Free Porn Videos - YouPorn[via torchbrowser.com].mp4
2015-05-24 00:38 - 2015-05-24 00:47 - 98274283 _____ () C:\Users\Ninos\Downloads\Rilee Marks and Malena Morgan - Free Porn Videos - YouPorn[via torchbrowser.com].mp4
2015-05-24 00:34 - 2015-05-24 00:40 - 99034816 _____ () C:\Users\Ninos\Downloads\Last night - Rille Marks & Elle Alexandra - Pornhub.com[via torchbrowser.com].mp4
2015-05-24 00:33 - 2015-05-24 00:44 - 123648091 _____ () C:\Users\Ninos\Downloads\Elle Alexandra, Malena Morgan & Rilee Marks - The Beach House - Pornhub.com[via torchbrowser.com].mp4
2015-05-24 00:32 - 2015-05-24 00:39 - 91523496 _____ () C:\Users\Ninos\Downloads\Rilee Marks and Elle Alexandra - Free Porn Videos - YouPorn[via torchbrowser.com].mp4
2015-05-23 22:56 - 2015-05-23 22:56 - 00000000 ____D () C:\Users\Ninos\.appinventor
2015-05-23 22:56 - 2015-05-23 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIT App Inventor Tools
2015-05-23 22:56 - 2015-05-23 22:56 - 00000000 ____D () C:\Program Files (x86)\AppInventor
2015-05-23 22:53 - 2015-05-23 22:55 - 83753282 _____ (Massachusetts Institute of Technology) C:\Users\Ninos\Downloads\MIT_App_Inventor_Tools_2.3.0_win_setup.exe
2015-05-21 16:39 - 2015-05-21 16:39 - 00382893 _____ () C:\Users\Ninos\Downloads\sf-cartoonist-hand.zip
2015-05-21 01:11 - 2015-05-21 01:11 - 00210419 _____ () C:\Users\Ninos\Downloads\the-fontry_jackport-college-ncv.zip
2015-05-20 19:21 - 2008-11-05 11:51 - 00203965 _____ () C:\Users\Ninos\Downloads\always-on-top.exe
2015-05-20 19:20 - 2015-05-20 19:21 - 00198666 _____ () C:\Users\Ninos\Downloads\always-on-top.zip
2015-05-20 19:19 - 2015-05-20 19:19 - 00316528 _____ (Igor Pavlov) C:\Users\Ninos\Downloads\Always_1_2_setup.exe
2015-05-20 19:19 - 2007-05-08 02:36 - 00467968 _____ () C:\Users\Ninos\Downloads\Always.exe
2015-05-20 16:38 - 2015-05-20 16:38 - 00000000 ____D () C:\Users\Ninos\Documents\Curse
2015-05-20 16:35 - 2015-06-01 03:39 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Curse Client
2015-05-20 16:35 - 2015-05-20 16:35 - 00001018 _____ () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2015-05-20 16:35 - 2015-05-20 16:35 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Curse
2015-05-20 16:30 - 2015-05-20 16:30 - 42089560 _____ (Curse) C:\Users\Ninos\Downloads\CurseClientSetup_[Plugin-Minecraft].exe
2015-05-19 19:33 - 2015-05-19 19:33 - 00300668 _____ () C:\Users\Ninos\Downloads\Painless Parkour.zip
2015-05-19 16:20 - 2015-05-19 16:20 - 00678718 _____ () C:\Users\Ninos\Downloads\Proxy Dump [2015-05-06] (2).txt
2015-05-18 23:27 - 2015-05-18 23:39 - 00000000 ____D () C:\Users\Ninos\Downloads\Game.of.Thrones.S05E06.HDTV.x264-ASAP[ettv]
2015-05-18 23:26 - 2015-06-01 03:31 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2015-05-18 23:26 - 2015-05-18 23:26 - 00001397 _____ () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2015-05-18 23:26 - 2015-05-18 23:26 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2015-05-18 23:22 - 2015-05-18 23:26 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Torch
2015-05-18 23:22 - 2015-05-18 23:22 - 02351112 _____ (Torch Media, Inc) C:\Users\Ninos\Downloads\TorchSetup-r28-n-bc.exe
2015-05-18 20:50 - 2015-05-18 20:51 - 15060497 _____ () C:\Users\Ninos\Downloads\WeepCraft 8.2 (1).zip
2015-05-18 20:45 - 2015-05-18 20:46 - 15060497 _____ () C:\Users\Ninos\Downloads\WeepCraft 8.2.zip
2015-05-18 17:48 - 2015-05-18 17:48 - 42627390 _____ () C:\Users\Ninos\Downloads\scbox.rar
2015-05-18 17:41 - 2015-05-18 17:41 - 01581750 _____ () C:\Users\Ninos\Downloads\Gather Proxy 8.5 Free(2).rar
2015-05-18 00:32 - 2015-05-18 00:32 - 00033280 _____ () C:\Users\Ninos\Downloads\number_generator (1).exe
2015-05-17 00:16 - 2015-05-26 21:27 - 00000000 ____D () C:\Users\Ninos\Desktop\Sales thread
2015-05-16 18:18 - 2015-05-16 18:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NINOS-HP-Windows-7-Home-Premium-(64-bit).dat
2015-05-16 18:18 - 2015-05-16 18:18 - 00000000 ____D () C:\RegBackup
2015-05-16 18:16 - 2015-05-16 18:16 - 02719698 _____ (Thisisu) C:\Users\Ninos\Downloads\JRT.exe
2015-05-16 03:56 - 2015-05-16 04:34 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Litecoin
2015-05-16 03:56 - 2015-05-16 03:56 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Litecoin
2015-05-16 03:56 - 2015-05-16 03:56 - 00000000 ____D () C:\Program Files (x86)\Litecoin
2015-05-16 03:55 - 2015-05-16 03:56 - 13255677 _____ (Litecoin project) C:\Users\Ninos\Downloads\litecoin-0.8.7.5-win32-setup.exe
2015-05-15 20:28 - 2015-06-01 01:51 - 00000000 ____D () C:\Users\Ninos\Desktop\Minecraft Account Thread
2015-05-15 20:05 - 2015-05-15 20:05 - 05894184 _____ () C:\Users\Ninos\Downloads\Lato2OFL.zip
2015-05-15 19:58 - 2015-05-15 19:58 - 07919800 _____ () C:\Users\Ninos\Downloads\threaddesign.psd
2015-05-15 19:50 - 2015-05-15 19:51 - 15584063 _____ () C:\Users\Ninos\Downloads\plsvfm.psd
2015-05-15 16:15 - 2015-05-15 16:15 - 00000000 ____D () C:\ProgramData\Gyazo
2015-05-14 18:01 - 2015-05-14 18:05 - 00000000 ____D () C:\AdwCleaner
2015-05-14 18:00 - 2015-05-14 18:00 - 02209792 _____ () C:\Users\Ninos\Downloads\adwcleaner_4.204.exe
2015-05-14 03:07 - 2015-05-02 01:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:07 - 2015-05-02 01:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:27 - 2015-05-14 00:27 - 00000000 ____D () C:\Users\Ninos\AppData\Local\TeamViewer
2015-05-13 22:37 - 2015-05-22 19:54 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-13 21:56 - 2015-05-13 21:56 - 00116232 _____ () C:\Users\Ninos\Downloads\lobster.zip
2015-05-13 21:55 - 2015-05-13 21:56 - 00174671 _____ () C:\Users\Ninos\Downloads\lobster-two.zip
2015-05-13 21:54 - 2015-05-13 21:54 - 00659991 _____ () C:\Users\Ninos\Downloads\måns-grebäck_xtreem-demo.zip
2015-05-13 21:03 - 2015-05-13 21:04 - 00000000 ____D () C:\Program Files (x86)\AzTools
2015-05-13 16:18 - 2015-05-05 13:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 16:18 - 2015-05-05 13:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 16:18 - 2015-04-28 07:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 16:18 - 2015-04-28 07:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 16:18 - 2015-04-28 07:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 16:18 - 2015-04-28 07:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 16:18 - 2015-04-28 07:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 16:18 - 2015-04-28 07:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 16:18 - 2015-04-28 07:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 16:18 - 2015-04-28 07:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 16:18 - 2015-04-28 06:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 16:18 - 2015-04-22 14:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 16:18 - 2015-04-22 13:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 16:18 - 2015-04-22 05:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 16:18 - 2015-04-22 05:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 16:18 - 2015-04-22 05:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 16:18 - 2015-04-22 04:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 16:18 - 2015-04-22 04:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 16:18 - 2015-04-22 04:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 16:18 - 2015-04-22 04:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 16:18 - 2015-04-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 16:18 - 2015-04-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 16:18 - 2015-04-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 16:18 - 2015-04-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 16:18 - 2015-04-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 16:18 - 2015-04-22 04:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 16:18 - 2015-04-22 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 16:18 - 2015-04-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 16:18 - 2015-04-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 16:18 - 2015-04-22 04:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 16:18 - 2015-04-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 16:18 - 2015-04-22 04:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 16:18 - 2015-04-22 04:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 16:18 - 2015-04-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 16:18 - 2015-04-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 16:18 - 2015-04-22 04:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 16:18 - 2015-04-22 04:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 16:18 - 2015-04-22 04:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 16:18 - 2015-04-22 04:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 16:18 - 2015-04-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 16:18 - 2015-04-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 16:18 - 2015-04-22 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 16:18 - 2015-04-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 16:18 - 2015-04-22 04:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 16:18 - 2015-04-22 04:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 16:18 - 2015-04-22 04:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 16:18 - 2015-04-22 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 16:18 - 2015-04-22 03:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 16:18 - 2015-04-22 03:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 16:18 - 2015-04-22 03:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 16:18 - 2015-04-22 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 16:18 - 2015-04-22 03:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 16:18 - 2015-04-22 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 16:18 - 2015-04-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 16:18 - 2015-04-22 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 16:18 - 2015-04-22 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 16:18 - 2015-04-22 03:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 16:18 - 2015-04-22 03:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 16:18 - 2015-04-22 03:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 16:18 - 2015-04-22 03:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 16:18 - 2015-04-22 03:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 16:18 - 2015-04-22 03:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 16:18 - 2015-04-22 03:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 16:18 - 2015-04-22 03:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 16:18 - 2015-04-22 03:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 16:18 - 2015-04-22 03:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 16:18 - 2015-04-22 03:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 16:18 - 2015-04-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 16:18 - 2015-04-22 03:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 16:18 - 2015-04-22 02:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 16:18 - 2015-04-22 02:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 16:18 - 2015-04-18 15:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 16:18 - 2015-04-18 14:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 16:18 - 2015-04-13 15:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 16:17 - 2015-04-28 07:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 16:17 - 2015-04-28 07:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 16:17 - 2015-04-28 07:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 16:17 - 2015-04-28 07:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 16:17 - 2015-04-28 07:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 16:17 - 2015-04-28 07:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 16:17 - 2015-04-28 07:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 16:17 - 2015-04-28 07:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 16:17 - 2015-04-28 07:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 07:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 16:17 - 2015-04-28 07:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 16:17 - 2015-04-28 07:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 16:17 - 2015-04-28 07:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 16:17 - 2015-04-28 07:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 16:17 - 2015-04-28 07:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 16:17 - 2015-04-28 07:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 16:17 - 2015-04-28 07:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 16:17 - 2015-04-28 07:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 16:17 - 2015-04-28 07:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 16:17 - 2015-04-28 07:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 16:17 - 2015-04-28 07:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 16:17 - 2015-04-28 07:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 16:17 - 2015-04-28 07:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 16:17 - 2015-04-28 07:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 16:17 - 2015-04-28 07:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 16:17 - 2015-04-28 07:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 16:17 - 2015-04-28 07:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 05:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 16:17 - 2015-04-28 05:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 16:17 - 2015-04-28 05:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 05:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 05:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 16:17 - 2015-04-28 05:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 16:17 - 2015-04-20 15:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 16:17 - 2015-04-20 15:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 16:17 - 2015-04-20 14:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 16:17 - 2015-04-20 14:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 16:17 - 2015-04-08 15:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 16:17 - 2015-04-08 15:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 16:17 - 2015-03-04 16:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 16:17 - 2015-03-04 16:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 16:17 - 2015-03-04 16:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 16:17 - 2015-03-04 16:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 16:17 - 2015-03-04 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 16:17 - 2015-03-04 16:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 16:17 - 2015-03-04 16:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 16:17 - 2015-02-18 19:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 16:17 - 2015-02-18 19:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 16:17 - 2015-01-29 15:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 16:17 - 2015-01-29 15:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:41 - 2015-05-12 17:41 - 00353629 _____ () C:\Users\Ninos\Downloads\goodprox2.txt
2015-05-12 00:25 - 2015-05-12 00:29 - 25412284 _____ () C:\Users\Ninos\Downloads\scrapebox_upd.64.zip
2015-05-12 00:22 - 2015-05-12 00:22 - 03750207 _____ () C:\Users\Ninos\Downloads\proxyfire.v1.25.zip
2015-05-12 00:16 - 2015-05-12 00:16 - 01581750 _____ () C:\Users\Ninos\Downloads\GPTool (1).rar
2015-05-12 00:16 - 2015-02-10 22:56 - 00608768 _____ (GatherProxy.com) C:\Users\Ninos\Downloads\Gather Proxy.exe
2015-05-12 00:16 - 2014-07-05 04:12 - 00000000 ____D () C:\Users\Ninos\Downloads\Data
2015-05-12 00:16 - 2012-08-06 21:30 - 00134144 _____ (Simon Mourier) C:\Users\Ninos\Downloads\HtmlAgilityPack.dll
2015-05-12 00:16 - 2012-05-28 10:34 - 02468864 _____ () C:\Users\Ninos\Downloads\Noesis.Javascript.dll
2015-05-12 00:16 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Users\Ninos\Downloads\msvcr100.dll
2015-05-12 00:16 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Users\Ninos\Downloads\msvcp100.dll
2015-05-12 00:11 - 2015-05-12 00:11 - 01365831 _____ () C:\Users\Ninos\Downloads\GatherProxy Premium.rar
2015-05-11 22:38 - 2015-05-11 22:45 - 00000000 ____D () C:\Users\Ninos\Downloads\Game.of.Thrones.S05E05.HDTV.x264-ASAP[ettv]
2015-05-11 17:03 - 2015-05-22 00:32 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Minecraft Username Scraper
2015-05-10 16:29 - 2015-05-10 16:29 - 00969584 _____ (ROBLOX Corporation) C:\Users\Ninos\Downloads\RobloxPlayerLauncher (1).exe
2015-05-10 14:32 - 2015-05-10 14:32 - 00678718 _____ () C:\Users\Ninos\Downloads\Proxy Dump [2015-05-06] (1).txt
2015-05-10 13:51 - 2015-05-10 13:51 - 00000000 __SHD () C:\found.001
2015-05-09 22:49 - 2015-05-09 22:49 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-09 22:49 - 2015-05-09 22:49 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-09 20:03 - 2015-05-09 20:03 - 00001333 _____ () C:\Users\Ninos\Desktop\Minecraft.exe.lnk
2015-05-09 20:01 - 2015-05-24 00:35 - 00000000 ____D () C:\Users\Ninos\Desktop\.minecraft
2015-05-09 20:01 - 2015-05-09 20:01 - 02314240 _____ () C:\Users\Ninos\Downloads\MinecraftInstaller.msi
2015-05-09 00:11 - 2015-05-09 00:17 - 81733956 _____ () C:\Users\Ninos\Downloads\Tegan Riley Dirty Solo - Pornhub.com[via torchbrowser.com].mp4
2015-05-09 00:09 - 2015-05-09 00:17 - 100691025 _____ () C:\Users\Ninos\Downloads\Dominant lesbian beauty gives her brunette GF a dripping orgasm - Pornhub.com[via torchbrowser.com].mp4
2015-05-09 00:08 - 2015-05-09 00:12 - 100417908 _____ () C:\Users\Ninos\Downloads\Wife and The Babysitter - Pornhub.com[via torchbrowser.com].mp4
2015-05-09 00:06 - 2015-05-09 00:11 - 51842193 _____ () C:\Users\Ninos\Downloads\Flexible Valeria on a Sofa - Pornhub.com[via torchbrowser.com].mp4
2015-05-08 23:42 - 2015-06-01 03:40 - 00000000 ____D () C:\Users\Ninos\Desktop\MA
2015-05-08 23:26 - 2015-05-08 23:26 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\VeraCrypt
2015-05-08 23:25 - 2015-05-08 23:25 - 00192344 _____ (IDRIX) C:\Windows\system32\Drivers\veracrypt.sys
2015-05-08 23:25 - 2015-05-08 23:25 - 00000000 ____D () C:\Program Files\VeraCrypt
2015-05-08 23:24 - 2015-05-08 23:24 - 08346664 _____ (IDRIX) C:\Users\Ninos\Downloads\VeraCrypt Setup 1.0f-2.exe
2015-05-08 23:13 - 2015-05-08 23:16 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\TrueCrypt
2015-05-08 23:13 - 2015-05-08 23:13 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-05-08 23:12 - 2015-05-08 23:13 - 00000000 ____D () C:\Program Files\TrueCrypt
2015-05-08 20:14 - 2015-05-08 20:14 - 00000873 _____ () C:\Users\Ninos\Downloads\Addition.txt
2015-05-08 19:35 - 2015-06-01 03:40 - 00000000 ____D () C:\FRST
2015-05-08 19:03 - 2015-05-08 19:08 - 00041163 _____ () C:\Users\Ninos\Documents\tester123llama.txt
2015-05-06 19:24 - 2015-05-06 19:24 - 00678718 _____ () C:\Users\Ninos\Downloads\Proxy Dump [2015-05-06].txt
2015-05-03 22:36 - 2015-05-03 22:36 - 00079819 _____ () C:\Users\Ninos\Downloads\minecraftia.zip
2015-05-03 00:02 - 2015-05-03 00:04 - 00000000 ____D () C:\Users\Ninos\AppData\Local\CyberGhost
2015-05-02 23:59 - 2015-05-03 00:04 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-02 23:59 - 2015-05-03 00:02 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-05-02 23:59 - 2015-05-02 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-05-02 23:58 - 2015-05-02 23:59 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\Ninos\Downloads\CG_5.0.14.7.exe
2015-05-02 16:14 - 2015-05-01 20:47 - 00015254 _____ () C:\Users\Ninos\Documents\global.css
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 03:41 - 2011-12-26 18:43 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Skype
2015-06-01 03:37 - 2009-07-14 17:13 - 00797864 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 03:33 - 2013-12-13 20:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 03:32 - 2014-12-22 19:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 03:31 - 2013-04-05 20:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 03:30 - 2009-07-14 17:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 03:29 - 2012-05-09 16:30 - 00000000 ____D () C:\Windows\Minidump
2015-06-01 03:29 - 2009-07-14 16:51 - 00196660 _____ () C:\Windows\setupact.log
2015-06-01 03:27 - 2011-12-15 15:50 - 01980562 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 03:06 - 2011-12-31 18:15 - 00006656 _____ () C:\Users\Ninos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-01 02:56 - 2013-04-05 20:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 02:45 - 2015-04-11 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-01 01:56 - 2009-07-14 16:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 01:56 - 2009-07-14 16:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 01:50 - 2015-04-14 20:36 - 00000000 ____D () C:\Users\Ninos\Desktop\Docked
2015-06-01 01:45 - 2010-11-21 15:47 - 01809892 _____ () C:\Windows\PFRO.log
2015-06-01 01:15 - 2013-11-10 21:08 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980966533-4281275361-78632846-1000UA.job
2015-05-31 23:24 - 2011-12-26 16:03 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F67BCA1-34E4-4FEF-A671-347712FE25B1}
2015-05-31 22:39 - 2012-05-13 21:29 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Mozilla
2015-05-31 22:28 - 2012-03-27 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-31 22:13 - 2013-11-10 21:08 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980966533-4281275361-78632846-1000Core.job
2015-05-31 22:10 - 2011-12-26 21:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-31 21:13 - 2012-06-17 17:51 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-05-31 21:13 - 2012-06-17 17:47 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-31 21:13 - 2012-06-17 17:47 - 00270240 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-05-31 20:12 - 2011-12-26 16:14 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\.minecraft
2015-05-31 17:40 - 2015-01-29 03:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-30 23:17 - 2012-01-18 13:51 - 00000000 ____D () C:\Users\Ninos\AppData\Local\CrashDumps
2015-05-30 22:33 - 2014-12-18 18:00 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNinos
2015-05-30 22:33 - 2014-12-18 17:59 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForNinos.job
2015-05-30 17:46 - 2012-02-20 15:34 - 00000132 _____ () C:\Users\Ninos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-05-29 23:15 - 2013-11-03 17:28 - 00002090 _____ () C:\Windows\Sandboxie.ini
2015-05-28 22:47 - 2011-10-14 16:32 - 00000000 ____D () C:\ProgramData\Skype
2015-05-27 22:46 - 2015-01-27 01:02 - 00000000 ____D () C:\Users\Ninos\Documents\Visual Studio 2013
2015-05-27 18:49 - 2015-04-30 00:00 - 00000000 ____D () C:\Users\Ninos\Desktop\Cracking
2015-05-27 02:17 - 2012-10-05 02:18 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\vlc
2015-05-26 20:38 - 2009-07-14 16:45 - 05097560 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 19:17 - 2011-12-26 16:02 - 00103576 _____ () C:\Users\Ninos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-26 16:33 - 2011-12-27 15:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-26 16:20 - 2009-07-14 17:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-25 16:32 - 2012-01-16 11:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 22:15 - 2013-01-15 18:47 - 00000000 ____D () C:\Shared Files
2015-05-24 16:03 - 2011-12-26 16:07 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Adobe
2015-05-24 16:01 - 2012-02-20 15:04 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-05-24 15:59 - 2012-02-20 15:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-24 15:59 - 2012-02-20 15:02 - 00000000 ____D () C:\Program Files\Adobe
2015-05-24 15:57 - 2011-10-14 16:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-24 01:11 - 2013-01-19 15:43 - 00856576 ___SH () C:\Users\Ninos\Downloads\Thumbs.db
2015-05-23 22:58 - 2012-08-26 14:25 - 00000000 ____D () C:\Users\Ninos\.android
2015-05-23 22:56 - 2011-12-26 03:02 - 00000000 ____D () C:\Users\Ninos
2015-05-21 03:01 - 2015-04-05 02:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:01 - 2015-04-05 02:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-15 17:53 - 2014-12-22 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-15 17:53 - 2014-12-22 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-15 16:51 - 2013-04-05 20:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 16:51 - 2013-04-05 20:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 16:15 - 2015-04-28 23:15 - 00003746 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-05-15 16:15 - 2015-04-28 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-05-15 16:15 - 2015-04-28 23:15 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-05-14 15:56 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 15:53 - 2012-05-19 13:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 15:53 - 2012-05-19 13:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:41 - 2012-03-18 14:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 03:41 - 2012-03-18 14:33 - 00806256 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-14 03:41 - 2012-03-18 14:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-14 03:36 - 2013-08-16 16:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 03:14 - 2011-12-28 18:24 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:06 - 2012-05-19 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 23:22 - 2012-03-18 14:34 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\SoftGrid Client
2015-05-10 16:31 - 2009-07-14 14:34 - 00000430 _____ () C:\Windows\win.ini
2015-05-10 16:30 - 2015-02-10 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2015-05-10 14:47 - 2011-12-26 03:03 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Hewlett-Packard
2015-05-10 14:47 - 2011-10-14 16:32 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-05-09 22:49 - 2015-01-29 03:05 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-09 22:49 - 2015-01-29 03:05 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-09 22:49 - 2015-01-29 03:05 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-09 22:49 - 2015-01-29 03:05 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-09 22:49 - 2015-01-29 03:05 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-09 22:49 - 2015-01-29 03:05 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-09 22:49 - 2015-01-29 03:05 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-09 22:48 - 2015-01-29 03:05 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-08 21:41 - 2012-01-18 16:30 - 00000000 ____D () C:\Fraps
2015-05-06 20:35 - 2012-01-27 13:00 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Paint.NET
2015-05-05 15:45 - 2015-04-16 23:20 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-04 22:20 - 2013-09-07 13:36 - 00000000 ____D () C:\Users\Ninos\AppData\Roaming\Maxthon3
2015-05-04 21:27 - 2013-12-13 20:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-04 21:27 - 2012-07-18 16:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-04 21:27 - 2011-10-14 16:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 21:26 - 2012-01-06 20:32 - 00000000 ____D () C:\Users\Ninos\AppData\Local\Adobe
2015-05-03 22:55 - 2015-05-01 21:14 - 00001456 _____ () C:\Users\Ninos\AppData\Local\Adobe Save for Web 12.0 Prefs
 
==================== Files in the root of some directories =======
 
2012-08-05 18:22 - 2012-08-05 18:41 - 0000012 _____ () C:\Users\Ninos\AppData\Roaming\.minecraftlan.properties
2012-02-11 12:36 - 2012-02-11 12:36 - 0001472 _____ () C:\Users\Ninos\AppData\Roaming\.minecraftleeched-full.txt
2012-02-20 15:34 - 2015-05-30 17:46 - 0000132 _____ () C:\Users\Ninos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-09-28 16:18 - 2011-09-28 16:18 - 0020944 _____ (Intel Corporation) C:\Users\Ninos\AppData\Roaming\JomCap.dll
2012-07-11 22:04 - 2013-05-19 17:09 - 0090112 ___SH () C:\Users\Ninos\AppData\Roaming\Thumbs.db
2015-05-01 21:14 - 2015-05-03 22:55 - 0001456 _____ () C:\Users\Ninos\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-04 18:49 - 2014-01-04 19:07 - 13447637 _____ () C:\Users\Ninos\AppData\Local\AndroidRootingScript.zip
2011-12-31 18:15 - 2015-06-01 03:06 - 0006656 _____ () C:\Users\Ninos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-13 19:45 - 2012-05-13 19:45 - 0000093 _____ () C:\Users\Ninos\AppData\Local\fusioncache.dat
2013-07-10 17:24 - 2013-07-10 17:24 - 0000682 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130710.172405.txt
2013-07-23 21:57 - 2013-07-23 21:57 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.215711.txt
2013-07-23 22:00 - 2013-07-23 22:00 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.220037.txt
2013-07-23 22:01 - 2013-07-23 22:01 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.220128.txt
2013-11-17 16:06 - 2013-11-17 16:06 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20131117.170618.txt
2013-08-06 16:55 - 2013-08-06 16:55 - 0044218 _____ () C:\Users\Ninos\AppData\Local\RAContactHistory.xml
2013-09-29 14:16 - 2013-09-29 14:16 - 0000218 _____ () C:\Users\Ninos\AppData\Local\recently-used.xbel
2013-05-17 19:09 - 2013-08-06 15:03 - 0007603 _____ () C:\Users\Ninos\AppData\Local\Resmon.ResmonCfg
2015-04-24 22:36 - 2015-04-24 22:36 - 0000003 _____ () C:\Users\Ninos\AppData\Local\updater.log
2015-04-24 22:36 - 2015-04-24 22:36 - 0000424 _____ () C:\Users\Ninos\AppData\Local\UserProducts.xml
2015-01-30 02:53 - 2015-01-30 02:53 - 0000000 _____ () C:\Users\Ninos\AppData\Local\{61D662A5-8C6D-4A9B-8E17-53E1B163A8A1}
2012-02-26 13:28 - 2012-02-26 13:28 - 0219542 _____ () C:\ProgramData\1330219325.bdinstall.bin
2012-02-27 17:45 - 2012-02-27 17:45 - 0034071 _____ () C:\ProgramData\1330321511.bdinstall.bin
2012-03-02 16:23 - 2012-03-02 16:23 - 0148971 _____ () C:\ProgramData\1330662119.bdinstall.bin
2012-06-15 16:20 - 2012-06-15 16:20 - 0168430 _____ () C:\ProgramData\1339733957.bdinstall.bin
2012-06-15 16:21 - 2012-06-15 16:21 - 0022638 _____ () C:\ProgramData\1339734069.bdinstall.bin
2012-06-15 16:31 - 2012-06-15 16:38 - 0004513 _____ () C:\ProgramData\1339734363.2160.bin
2012-06-15 16:26 - 2012-06-15 16:38 - 0021369 _____ () C:\ProgramData\1339734363.4628.bin
2012-06-15 16:31 - 2012-06-15 16:31 - 0000201 _____ () C:\ProgramData\1339734363.4812.bin
2012-06-15 16:37 - 2012-06-15 16:37 - 0001164 _____ () C:\ProgramData\1339734363.5224.bin
2012-06-15 16:26 - 2012-06-15 16:38 - 0086749 _____ () C:\ProgramData\1339734363.6128.bin
2012-06-15 16:31 - 2012-06-15 16:38 - 0071462 _____ () C:\ProgramData\1339734363.616.bin
2012-06-15 16:26 - 2012-06-15 16:38 - 0056111 _____ () C:\ProgramData\1339734363.6500.bin
2012-06-15 16:31 - 2012-06-15 16:31 - 0004469 _____ () C:\ProgramData\1339734363.7196.bin
2012-06-15 16:30 - 2012-06-15 16:30 - 0010194 _____ () C:\ProgramData\1339734363.7920.bin
2012-06-15 16:30 - 2012-06-15 16:32 - 0006918 _____ () C:\ProgramData\1339734363.7924.bin
2012-06-15 16:30 - 2012-06-15 16:38 - 0001404 _____ () C:\ProgramData\1339734363.7928.bin
2012-06-15 16:30 - 2012-06-15 16:31 - 0001404 _____ () C:\ProgramData\1339734363.7932.bin
2012-07-16 20:07 - 2012-07-16 20:07 - 0158782 _____ () C:\ProgramData\1342425786.bdinstall.bin
2013-12-03 21:28 - 2013-12-03 21:28 - 0001534 _____ () C:\ProgramData\ss.ini
 
Files to move or delete:
====================
C:\Users\Ninos\test.exe
 
 
Some files in TEMP:
====================
C:\Users\Ninos\AppData\Local\Temp\Quarantine.exe
C:\Users\Ninos\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ICSharpCode.SharpZipLib.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 19:05
 
==================== End of log ============================

Edited by Keyload, 31 May 2015 - 10:57 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 31 May 2015 - 01:00 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

(TorchMedia Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: TorchVLC -> C:\Users\Ninos\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll No File
CHR Extension: (Avast Online Security) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-28]
CHR Extension: (Bprod(uctive)) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiamoccpbchfhpiokdmojejefcnijhlk [2015-05-23]
R2 TorchCrashHandler; C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-05-12] (TorchMedia Inc.) <==== ATTENTION
C:\Users\Ninos\AppData\Local\Torch
C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiamoccpbchfhpiokdmojejefcnijhlk

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

If you get a BSOD please make a note of the exact error message and post it for my review.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 06 June 2015 - 07:18 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 12 June 2015 - 07:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:31 PM

Posted 03 July 2015 - 08:15 AM

This topic has been re-opened at the request of the person who originally posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users