Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown connections and files.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Fraction

Fraction

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 25 January 2016 - 09:43 PM

Hello, I am creating this thread because I believe that my computer may be infected.
 
I've recently noticed a few unknown outgoing connections in the Avast! Firewall from svchost and explorer.exe, and I have also noticed an unknown file (which has a Chinese name, I believe) in the 'Recent Places' section of Windows Explorer (which tells me it is located on my desktop, however I do not see the file there).
 
Any help is appreciated!
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Ninos (administrator) on NINOS-HP (26-01-2016 15:16:40)
Running from C:\Users\Ninos\Desktop
Loaded Profiles: Ninos &  (Available Profiles: Ninos & Guest & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TorchMedia Inc.) C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.)
HKLM\...\Run: [tcnz_McciTrayApp] => C:\Program Files\tcnz\pcTrayApp.exe [2782720 2013-07-26] (Alcatel-Lucent)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2015-10-04] (Greenshot)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-13] (QFX Software Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [68096 2012-04-25] (Hewlett-Packard Company)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Facebook Update] => C:\Users\Ninos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-10] (Facebook Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-01-19] (Nota Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Spotify Web Helper] => C:\Users\Ninos\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-09] (Spotify Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Spotify] => C:\Users\Ninos\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-09] (Spotify Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-08-04] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [433256 2015-11-06] (CyberGhost S.R.L.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [ApowersoftScreenCapture] => C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe [5417328 2015-09-29] (Apowersoft)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Shotty] => C:\Program Files\Shotty\Shotty.exe [724480 2015-10-14] (hxxp://shotty.devs-on.net)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-20] (Piriform Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [SMSetup] => "C:\Users\Ninos\AppData\Local\Temp\{6BE46F4D-CA68-489F-BB1B-4049B9BA9018}\SMSetup.exe"  /cnid 926458 /fpd /dsie /dsff /dsgc /hp /wait /ntp_ie /ms /restart <===== ATTENTION
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [21431912 2012-10-01] (Microsoft Corporation)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\MountPoints2: {ff1a2035-9996-11e5-9c74-4c80930097d0} - "G:\setup.exe" 
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [68096 2012-04-25] (Hewlett-Packard Company)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Ninos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-10] (Facebook Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-01-19] (Nota Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Ninos\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-09] (Spotify Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Ninos\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-09] (Spotify Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-08-04] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [433256 2015-11-06] (CyberGhost S.R.L.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApowersoftScreenCapture] => C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe [5417328 2015-09-29] (Apowersoft)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Shotty] => C:\Program Files\Shotty\Shotty.exe [724480 2015-10-14] (hxxp://shotty.devs-on.net)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-20] (Piriform Ltd)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SMSetup] => "C:\Users\Ninos\AppData\Local\Temp\{6BE46F4D-CA68-489F-BB1B-4049B9BA9018}\SMSetup.exe"  /cnid 926458 /fpd /dsie /dsff /dsgc /hp /wait /ntp_ie /ms /restart <===== ATTENTION
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [21431912 2012-10-01] (Microsoft Corporation)
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ff1a2035-9996-11e5-9c74-4c80930097d0} - "G:\setup.exe" 
HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-02] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-02] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-02] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-02] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-02] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-02] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-10-21]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-11-07]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{0a75bcff-9a4d-4195-8cd8-04511a6c9fd1}: [NameServer] 203.97.78.43,203.97.78.44
Tcpip\..\Interfaces\{db759bf5-ed71-4e7d-ba35-1ad58f3934cb}: [DhcpNameServer] 192.168.20.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/15
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/15
HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/15
HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/15
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1980966533-4281275361-78632846-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-05] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-27] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-13] (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-05] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-27] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-13] (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {BAD4FE2C-503B-45CC-88CD-4B0574057D11} hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
 
FireFox:
========
FF ProfilePath: C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-21] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-21] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-07-26] (Alcatel-Lucent)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-12-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy64.dll [No File]
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ninos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: TorchVLC -> C:\Users\Ninos\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy64.dll [No File]
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ninos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: TorchVLC -> C:\Users\Ninos\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Greasemonkey - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-03]
FF Extension: fasTun Tool - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\extensions\tool@fastun.com.xpi [2016-01-20]
FF Extension: Auto focus URL bar - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\AutoFocusUrlbar@czcp.co.cc.xpi [2015-10-21]
FF Extension: Hover Hand - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\chikit@gmail.com.xpi [2015-10-21]
FF Extension: Custom New Tab - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\CNT@ednovak.net.xpi [2015-10-21]
FF Extension: skyZIP - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\jid1-m3kqTBs1zKXXaA@jetpack.xpi [2015-12-30]
FF Extension: NewTabURL - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\newtaburl@sogame.cat.xpi [2015-10-21]
FF Extension: LastPass - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\support@lastpass.com [2016-01-20]
FF Extension: Yet Another Smooth Scrolling - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2016-01-20]
FF Extension: NoScript - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-01-20]
FF Extension: Web Developer - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-10-29]
FF Extension: Adblock Plus - C:\Users\Ninos\AppData\Roaming\Mozilla\Firefox\Profiles\29ly1irn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-08-18] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-14]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-14]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
 
Chrome: 
=======
CHR Profile: C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
CHR Extension: (Chrome Currency Converter) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbfhidldjknonaihbalghlebaijealk [2016-01-10]
CHR Extension: (Web Developer) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-10-29]
CHR Extension: (ColorZilla) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-06-26]
CHR Extension: (Google Cast) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-12]
CHR Extension: (Video Resumer) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bongjkoajofkfpofginnhecihgaeldpe [2015-12-19]
CHR Extension: (Battlefield Heroes) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2015-05-16]
CHR Extension: (Adblock Plus) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Linkification) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflchafndefoljnhhholeekfpgmbphaf [2015-07-14]
CHR Extension: (TrafficLight) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-05-28]
CHR Extension: (uBlock Origin) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-21]
CHR Extension: (Tampermonkey) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-16]
CHR Extension: (Word Replacer II) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djakfbefalbkkdgnhkkdiihelkjdpbfh [2016-01-19]
CHR Extension: (WebRTC Leak Prevent) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2016-01-22]
CHR Extension: (Page Eraser) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2015-06-20]
CHR Extension: (Star Wars Spoiler Blocker) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eleaenmahchceopnpofcookkbbfclokj [2015-12-18]
CHR Extension: (Authy Chrome Extension) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2016-01-03]
CHR Extension: (Authy) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2016-01-01]
CHR Extension: (Falcon Proxy) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf [2015-06-25]
CHR Extension: (FoxyProxy Standard) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-08-28]
CHR Extension: (CSSViewer) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-20]
CHR Extension: (Live HTTP Headers) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2015-05-28]
CHR Extension: (HTML5ify) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-06-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-12]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2016-01-13]
CHR Extension: (Ghostery) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-30]
CHR Extension: (SmoothScroll) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Bprod(uctive)) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiamoccpbchfhpiokdmojejefcnijhlk [2015-09-16]
CHR Extension: (ScriptSafe) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-12-23]
CHR Extension: (Hover Zoom+) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-01-25]
CHR Extension: (Data Saver (Beta)) - C:\Users\Ninos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2015-10-23]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
StartMenuInternet: Google Chrome.BTPZUH2WYHB4I7RRDHGDLXNMKQ - C:\Users\Ninos\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22528 2015-10-13] (Apache Software Foundation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-14] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-06] (CyberGhost S.R.L)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-06] (Dropbox, Inc.)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-27] (HP)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [140384 2013-06-25] (Futuremark Corporation)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-07] ()
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-07-26] (Alcatel-Lucent) [File not signed]
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4241920 2013-05-21] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [215688 2015-08-04] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-12] (TeamViewer GmbH)
R2 TorchCrashHandler; C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217400 2015-12-27] (TorchMedia Inc.) <==== ATTENTION
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [103824 2015-07-17] (Wondershare)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-22] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-19] (QFX Software Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2013-07-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 msvad_simple; C:\Windows\System32\solicall.sys [40664 2010-10-30] (SoliCall)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [40696 2013-05-21] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-08-04] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-15] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-05-09] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-07-31] (HP Inc.)
U3 idsvc; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-26 15:16 - 2016-01-26 15:16 - 00057502 _____ C:\Users\Ninos\Desktop\FRST.txt
2016-01-26 15:15 - 2016-01-26 15:16 - 02370560 _____ (Farbar) C:\Users\Ninos\Desktop\FRST64.exe
2016-01-26 15:15 - 2016-01-26 15:15 - 02370560 _____ (Farbar) C:\Users\Ninos\Downloads\FRST64.exe
2016-01-26 15:13 - 2016-01-26 15:13 - 00000000 ____D C:\Users\Ninos\Desktop\BCH
2016-01-26 15:00 - 2016-01-26 15:00 - 00016148 _____ C:\WINDOWS\system32\NINOS-HP_Ninos_HistoryPrediction.bin
2016-01-24 20:36 - 2016-01-24 20:36 - 00030416 _____ C:\Users\Ninos\Downloads\HabboLoginChecker.rar
2016-01-23 02:45 - 2016-01-23 02:45 - 00281432 _____ C:\WINDOWS\Minidump\012316-58531-01.dmp
2016-01-22 22:30 - 2016-01-22 22:30 - 05271256 _____ (Husdawg, LLC) C:\Users\Ninos\Downloads\Detection (1).exe
2016-01-21 23:17 - 2016-01-21 23:17 - 00000000 _____ C:\STFC121.tmp
2016-01-21 23:16 - 2016-01-21 23:16 - 00000000 _____ C:\STFE21B.tmp
2016-01-18 19:32 - 2016-01-18 19:32 - 00000000 ____D C:\Users\Ninos\AppData\Local\Temporary Projects
2016-01-17 18:12 - 2016-01-17 18:12 - 11145099 _____ C:\Users\Ninos\Downloads\Dillion Harper and Sinn Sage 3Way Mistress HD Porn Videos - SpankBang[via torchbrowser.com] (1).aac
2016-01-17 18:08 - 2016-01-17 18:41 - 00000000 ____D C:\Program Files (x86)\Hide Window Hotkey
2016-01-17 18:08 - 2016-01-17 18:08 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hide Window Hotkey
2016-01-17 18:07 - 2016-01-17 18:07 - 00885670 _____ C:\Users\Ninos\Downloads\HWHSetup.exe
2016-01-17 18:05 - 2016-01-17 18:05 - 11145099 _____ C:\Users\Ninos\Downloads\Dillion Harper and Sinn Sage 3Way Mistress HD Porn Videos - SpankBang[via torchbrowser.com].aac
2016-01-17 18:02 - 2016-01-17 18:12 - 178352568 _____ C:\Users\Ninos\Downloads\Dillion Harper and Sinn Sage 3Way Mistress HD Porn Videos - SpankBang[via torchbrowser.com] (1).mp4
2016-01-17 17:55 - 2016-01-17 18:05 - 101448802 _____ C:\Users\Ninos\Downloads\Dillion Harper and Sinn Sage 3Way Mistress HD Porn Videos - SpankBang[via torchbrowser.com].mp4
2016-01-16 19:47 - 2016-01-16 19:47 - 00000153 _____ C:\Users\Ninos\.gitconfig
2016-01-16 01:30 - 2016-01-16 01:30 - 01254135 _____ C:\Users\Ninos\Downloads\niawas2_2015_Term 2 (1).pdf
2016-01-15 01:44 - 2016-01-15 01:44 - 00565486 _____ C:\Users\Ninos\Downloads\Corporate-0014.zip
2016-01-15 01:42 - 2016-01-15 01:42 - 00759452 _____ C:\Users\Ninos\Downloads\Retro-Vintage-0006.zip
2016-01-15 01:19 - 2016-01-15 01:19 - 00005280 _____ C:\Users\Ninos\Downloads\UyBMtLsHKBKXelqf4x7VRQ.woff2
2016-01-14 18:53 - 2016-01-14 18:53 - 19338966 _____ C:\Users\Ninos\Downloads\Minecraft HACKER TROLLING - KILL AURA HACKERS BANNED!! - Ep. 4 ( Minecraft 1.8 Hacks ) - YouTube[via torchbrowser.com].aac
2016-01-14 18:51 - 2016-01-14 18:53 - 281400555 _____ C:\Users\Ninos\Downloads\Minecraft HACKER TROLLING - KILL AURA HACKERS BANNED!! - Ep. 4 ( Minecraft 1.8 Hacks ) - YouTube[via torchbrowser.com].mp4
2016-01-13 21:39 - 2016-01-26 15:01 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-01-13 21:39 - 2016-01-13 21:40 - 00001410 _____ C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2016-01-13 21:36 - 2016-01-13 21:36 - 01668008 _____ (Torch Media, Inc) C:\Users\Ninos\Downloads\TorchSetup-r20-n-bc.exe
2016-01-13 00:56 - 2016-01-23 02:44 - 986522515 _____ C:\WINDOWS\MEMORY.DMP
2016-01-11 19:34 - 2016-01-11 19:34 - 00024268 _____ C:\Users\Ninos\Downloads\rsclient_source.zip
2016-01-10 20:51 - 2016-01-10 20:51 - 00281352 _____ C:\WINDOWS\Minidump\011016-74953-01.dmp
2016-01-08 22:35 - 2016-01-08 22:36 - 00281872 _____ C:\WINDOWS\Minidump\010816-81546-01.dmp
2016-01-07 21:04 - 2016-01-07 21:05 - 00372736 _____ C:\Users\Ninos\Documents\Test.accdb
2016-01-07 20:41 - 2016-01-07 21:03 - 00271360 _____ C:\Outlook.pst
2016-01-07 20:28 - 2016-01-08 19:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-07 20:26 - 2016-01-07 20:26 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ninos\Downloads\mbar-1.09.3.1001.exe
2016-01-07 16:24 - 2016-01-07 16:24 - 00071291 _____ C:\Users\Ninos\Downloads\AutoSwitch-v5.2.2-mc1.8.jar
2016-01-07 16:23 - 2016-01-07 16:23 - 00048756 _____ C:\Users\Ninos\Downloads\ThebombzenAPI-v2.5.1-mc1.8.jar
2016-01-06 21:16 - 2016-01-06 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-01-06 21:11 - 2016-01-26 15:16 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-06 21:11 - 2016-01-26 15:00 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-06 21:11 - 2016-01-06 21:16 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-01-06 21:11 - 2016-01-06 21:11 - 00003984 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-01-06 21:11 - 2016-01-06 21:11 - 00003752 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-01-06 21:11 - 2016-01-06 21:11 - 00000000 ____D C:\Users\Ninos\AppData\Local\Dropbox
2016-01-06 21:11 - 2016-01-06 21:11 - 00000000 ____D C:\ProgramData\Dropbox
2016-01-06 21:09 - 2016-01-06 21:11 - 55976344 _____ (Dropbox, Inc.) C:\Users\Ninos\Downloads\Dropbox 3.12.6 Offline Installer.exe
2016-01-06 19:50 - 2016-01-06 19:53 - 944487647 _____ C:\Users\Ninos\Downloads\Archive-5f99.zip
2016-01-05 19:15 - 2016-01-05 19:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-05 19:15 - 2016-01-05 19:15 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-01-04 17:37 - 2016-01-04 17:37 - 00891392 _____ (Farbar) C:\Users\Ninos\Downloads\MiniToolBox.exe
2016-01-04 17:35 - 2016-01-04 17:35 - 00899584 _____ (Farbar) C:\Users\Ninos\Downloads\FSS.exe
2016-01-04 17:27 - 2016-01-04 17:27 - 00852720 _____ C:\Users\Ninos\Downloads\SecurityCheck.exe
2016-01-02 02:35 - 2016-01-02 03:21 - 2568195209 _____ C:\Users\Ninos\Downloads\WeLiveTogether.12.07.05.Bree.Daniels.Dani.Daniels.And.Elle.Alexandra.Star.Attraction.XXX.1080p.mp4
2016-01-02 02:34 - 2016-01-02 02:34 - 00012911 _____ C:\Users\Ninos\Downloads\1799DFE996F08AC8220E4DEBDDCD135B9DA28B76.torrent
2016-01-02 02:29 - 2016-01-02 02:29 - 00733546 _____ C:\Users\Ninos\Downloads\WeLiveTogether   Bree Daniels  Dani Daniels  amp  Elle Alexandra.cab
2016-01-01 21:39 - 2016-01-01 21:39 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-30 15:34 - 2015-12-30 15:35 - 96154592 _____ (Torch Media, Inc) C:\Users\Ninos\Downloads\TorchSetupstubFull-r0-n-bc.exe
2015-12-28 22:51 - 2015-12-28 22:51 - 00281344 _____ C:\WINDOWS\Minidump\122815-70921-01.dmp
2015-12-28 18:56 - 2015-12-28 18:56 - 05271256 _____ (Husdawg, LLC) C:\Users\Ninos\Downloads\Detection.exe
2015-12-28 04:28 - 2015-12-28 04:28 - 00281152 _____ C:\WINDOWS\Minidump\122815-67765-01.dmp
2015-12-28 04:19 - 2015-12-28 04:19 - 04231233 _____ C:\Users\Ninos\Downloads\Minecraft Songs- Revenge- Captain Sparklez - YouTube[via torchbrowser.com] (1).aac
2015-12-28 04:18 - 2015-12-28 04:19 - 37841599 _____ C:\Users\Ninos\Downloads\Minecraft Songs- Revenge- Captain Sparklez - YouTube[via torchbrowser.com] (1).mp4
2015-12-28 04:17 - 2015-12-28 04:17 - 37841599 _____ C:\Users\Ninos\Downloads\Minecraft Songs- Revenge- Captain Sparklez - YouTube[via torchbrowser.com].mp4
2015-12-28 04:17 - 2015-12-28 04:17 - 04231233 _____ C:\Users\Ninos\Downloads\Minecraft Songs- Revenge- Captain Sparklez - YouTube[via torchbrowser.com].aac
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-26 15:18 - 2013-09-01 20:01 - 00000000 _____ C:\WINDOWS\system32\RzMaelstromVADAudioDeviceManager_log.txt
2016-01-26 15:17 - 2015-07-11 00:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-26 15:16 - 2015-05-08 20:35 - 00000000 ____D C:\FRST
2016-01-26 15:09 - 2014-12-22 20:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 15:04 - 2012-01-16 12:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-26 15:02 - 2011-12-26 19:43 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\Skype
2016-01-26 15:00 - 2013-04-05 21:45 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 15:00 - 2011-12-26 04:02 - 00000000 ____D C:\Users\Ninos\AppData\LocalLow\AuthenTec
2016-01-26 14:45 - 2013-04-05 21:45 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 14:37 - 2015-07-31 21:16 - 00000000 ____D C:\Users\Ninos
2016-01-26 14:37 - 2015-07-11 01:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-26 05:21 - 2011-12-26 17:03 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3F67BCA1-34E4-4FEF-A671-347712FE25B1}
2016-01-26 04:33 - 2013-12-13 21:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-26 04:13 - 2013-11-10 22:08 - 00000928 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1980966533-4281275361-78632846-1000UA.job
2016-01-26 01:16 - 2011-12-26 17:14 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\.minecraft
2016-01-25 22:57 - 2014-12-18 19:00 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNinos
2016-01-25 22:57 - 2014-12-18 18:59 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNinos.job
2016-01-25 22:13 - 2013-11-10 22:08 - 00000906 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1980966533-4281275361-78632846-1000Core.job
2016-01-25 21:20 - 2015-07-31 21:15 - 00007434 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-25 20:31 - 2011-12-26 22:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-25 18:04 - 2015-04-17 22:43 - 00000000 ____D C:\Users\Ninos\AppData\Local\Steam
2016-01-24 21:08 - 2015-07-10 22:05 - 00000000 ____D C:\Windows
2016-01-24 21:08 - 2013-11-03 18:28 - 00002294 _____ C:\WINDOWS\Sandboxie.ini
2016-01-24 21:00 - 2015-10-26 16:17 - 00000000 ____D C:\Users\Ninos\.VirtualBox
2016-01-24 16:54 - 2015-07-11 00:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-23 02:45 - 2015-08-01 13:02 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-23 01:30 - 2012-02-19 18:58 - 00000000 ____D C:\Users\Ninos\Documents\My Games
2016-01-23 01:26 - 2015-07-31 21:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-22 21:02 - 2015-07-10 22:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-01-22 20:56 - 2015-09-11 21:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-22 20:46 - 2011-12-31 19:15 - 00006656 _____ C:\Users\Ninos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-21 22:57 - 2011-12-26 04:03 - 00000000 ____D C:\Users\Ninos\AppData\Local\Hewlett-Packard
2016-01-21 21:23 - 2015-01-29 04:05 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-01-21 21:22 - 2015-01-29 04:05 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-01-21 21:14 - 2011-10-14 17:32 - 00000000 ____D C:\ProgramData\Skype
2016-01-21 00:16 - 2011-12-26 23:23 - 00000024 _____ C:\Users\Ninos\random.dat
2016-01-20 23:41 - 2015-06-05 13:39 - 00000023 _____ C:\Users\Ninos\jagexappletviewer.preferences
2016-01-20 23:26 - 2011-12-26 23:23 - 00000044 _____ C:\Users\Ninos\jagex_cl_runescape_LIVE.dat
2016-01-20 22:10 - 2015-07-10 23:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-20 14:59 - 2015-11-07 16:16 - 00000000 ____D C:\ProgramData\MEGAsync
2016-01-20 03:51 - 2013-03-27 19:28 - 00000000 ___RD C:\Users\Ninos\Dropbox
2016-01-20 03:50 - 2013-03-27 19:26 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\Dropbox
2016-01-20 03:11 - 2015-08-18 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-20 02:44 - 2015-07-08 20:15 - 00003516 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-01-20 02:44 - 2015-04-29 00:15 - 00003380 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2016-01-20 02:44 - 2015-04-29 00:15 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-01-20 01:48 - 2015-07-31 22:39 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-18 19:31 - 2015-01-27 02:02 - 00000000 ____D C:\Users\Ninos\Documents\Visual Studio 2013
2016-01-17 19:09 - 2012-10-05 03:18 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\vlc
2016-01-16 19:53 - 2015-12-22 15:17 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\GitHub
2016-01-16 19:53 - 2015-12-22 15:17 - 00000000 ____D C:\Users\Ninos\AppData\Local\GitHub
2016-01-16 19:47 - 2015-12-22 15:11 - 00000000 ____D C:\Users\Ninos\AppData\Local\Deployment
2016-01-15 04:43 - 2012-02-20 16:34 - 00000132 _____ C:\Users\Ninos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-01-15 04:40 - 2015-05-01 22:14 - 00001456 _____ C:\Users\Ninos\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-01-13 21:39 - 2015-12-03 03:11 - 00000000 ____D C:\Users\Ninos\AppData\Local\Torch
2016-01-10 23:33 - 2011-12-26 04:02 - 00000000 ____D C:\Users\Ninos\AppData\Local\VirtualStore
2016-01-10 21:30 - 2012-01-18 19:24 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-08 04:05 - 2015-07-03 00:27 - 00000000 ____D C:\Users\Ninos\AppData\Local\Popcorn-Time
2016-01-08 00:24 - 2015-07-11 00:04 - 00000000 ____D C:\WINDOWS\appcompat
2016-01-05 03:38 - 2015-06-21 23:22 - 00000000 ____D C:\Users\Ninos\AppData\Local\Spotify
2016-01-05 03:38 - 2015-06-21 23:19 - 00000000 ____D C:\Users\Ninos\AppData\Roaming\Spotify
2016-01-04 19:22 - 2015-07-11 00:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-04 19:15 - 2012-04-19 02:21 - 00000000 ____D C:\Users\Ninos\AppData\Local\ElevatedDiagnostics
2016-01-04 19:08 - 2013-03-28 19:14 - 00000000 ____D C:\WINDOWS\pss
2016-01-03 20:49 - 2015-10-14 23:26 - 00000000 ____D C:\Users\Ninos\AppData\Local\Shotty
2015-12-29 16:50 - 2013-01-26 19:07 - 00000000 ____D C:\Program Files\Sublime Text 2
2015-12-27 03:35 - 2015-12-14 17:02 - 00003148 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1450065674
2015-12-27 03:35 - 2015-12-14 17:02 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
 
==================== Files in the root of some directories =======
 
2015-07-31 22:33 - 2015-10-21 17:32 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-08-05 19:22 - 2012-08-05 19:41 - 0000012 _____ () C:\Users\Ninos\AppData\Roaming\.minecraftlan.properties
2012-02-11 13:36 - 2012-02-11 13:36 - 0001472 _____ () C:\Users\Ninos\AppData\Roaming\.minecraftleeched-full.txt
2012-02-20 16:34 - 2016-01-15 04:43 - 0000132 _____ () C:\Users\Ninos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-09-28 17:18 - 2011-09-28 17:18 - 0020944 _____ (Intel Corporation) C:\Users\Ninos\AppData\Roaming\JomCap.dll
2012-07-11 23:04 - 2013-05-19 18:09 - 0090112 ___SH () C:\Users\Ninos\AppData\Roaming\Thumbs.db
2012-12-02 21:02 - 2012-12-02 21:03 - 0017472 ____T (Un4seen Developments) C:\Users\Ninos\AppData\Roaming\Microsoft\1eaadjc.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 0018724 ____T () C:\Users\Ninos\AppData\Roaming\Microsoft\bass.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 1758720 ____T () C:\Users\Ninos\AppData\Roaming\Microsoft\engine_vx.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 0016448 ____T (Un4seen Developments) C:\Users\Ninos\AppData\Roaming\Microsoft\kfgresk.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 0014456 ____T () C:\Users\Ninos\AppData\Roaming\Microsoft\mjcriu.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 0012352 ____T (Un4seen Developments) C:\Users\Ninos\AppData\Roaming\Microsoft\peaadje.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 0029784 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\Ninos\AppData\Roaming\Microsoft\qwadjb.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 0017472 ____T (Un4seen Developments) C:\Users\Ninos\AppData\Roaming\Microsoft\rsaadjd.dll
2012-12-02 21:02 - 2012-12-02 21:03 - 0105016 ____T (Un4seen Developments) C:\Users\Ninos\AppData\Roaming\Microsoft\~DFK1d16495.tmp
2015-05-01 22:14 - 2016-01-15 04:40 - 0001456 _____ () C:\Users\Ninos\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-04 19:49 - 2014-01-04 20:07 - 13447637 _____ () C:\Users\Ninos\AppData\Local\AndroidRootingScript.zip
2011-12-31 19:15 - 2016-01-22 20:46 - 0006656 _____ () C:\Users\Ninos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-13 20:45 - 2012-05-13 20:45 - 0000093 _____ () C:\Users\Ninos\AppData\Local\fusioncache.dat
2013-07-10 18:24 - 2013-07-10 18:24 - 0000682 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130710.172405.txt
2013-07-23 22:57 - 2013-07-23 22:57 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.215711.txt
2013-07-23 23:00 - 2013-07-23 23:00 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.220037.txt
2013-07-23 23:01 - 2013-07-23 23:01 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20130723.220128.txt
2013-11-17 17:06 - 2013-11-17 17:06 - 0001656 _____ () C:\Users\Ninos\AppData\Local\PDLSetup.20131117.170618.txt
2013-08-06 17:55 - 2013-08-06 17:55 - 0044218 _____ () C:\Users\Ninos\AppData\Local\RAContactHistory.xml
2013-09-29 15:16 - 2013-09-29 15:16 - 0000218 _____ () C:\Users\Ninos\AppData\Local\recently-used.xbel
2013-05-17 20:09 - 2013-08-06 16:03 - 0007603 _____ () C:\Users\Ninos\AppData\Local\Resmon.ResmonCfg
2015-04-24 23:36 - 2015-04-24 23:36 - 0000003 _____ () C:\Users\Ninos\AppData\Local\updater.log
2015-04-24 23:36 - 2015-04-24 23:36 - 0000424 _____ () C:\Users\Ninos\AppData\Local\UserProducts.xml
2015-01-30 03:53 - 2015-01-30 03:53 - 0000000 _____ () C:\Users\Ninos\AppData\Local\{61D662A5-8C6D-4A9B-8E17-53E1B163A8A1}
2012-02-26 14:28 - 2012-02-26 14:28 - 0219542 _____ () C:\ProgramData\1330219325.bdinstall.bin
2012-02-27 18:45 - 2012-02-27 18:45 - 0034071 _____ () C:\ProgramData\1330321511.bdinstall.bin
2012-03-02 17:23 - 2012-03-02 17:23 - 0148971 _____ () C:\ProgramData\1330662119.bdinstall.bin
2012-06-15 17:20 - 2012-06-15 17:20 - 0168430 _____ () C:\ProgramData\1339733957.bdinstall.bin
2012-06-15 17:21 - 2012-06-15 17:21 - 0022638 _____ () C:\ProgramData\1339734069.bdinstall.bin
2012-06-15 17:31 - 2012-06-15 17:38 - 0004513 _____ () C:\ProgramData\1339734363.2160.bin
2012-06-15 17:26 - 2012-06-15 17:38 - 0021369 _____ () C:\ProgramData\1339734363.4628.bin
2012-06-15 17:31 - 2012-06-15 17:31 - 0000201 _____ () C:\ProgramData\1339734363.4812.bin
2012-06-15 17:37 - 2012-06-15 17:37 - 0001164 _____ () C:\ProgramData\1339734363.5224.bin
2012-06-15 17:26 - 2012-06-15 17:38 - 0086749 _____ () C:\ProgramData\1339734363.6128.bin
2012-06-15 17:31 - 2012-06-15 17:38 - 0071462 _____ () C:\ProgramData\1339734363.616.bin
2012-06-15 17:26 - 2012-06-15 17:38 - 0056111 _____ () C:\ProgramData\1339734363.6500.bin
2012-06-15 17:31 - 2012-06-15 17:31 - 0004469 _____ () C:\ProgramData\1339734363.7196.bin
2012-06-15 17:30 - 2012-06-15 17:30 - 0010194 _____ () C:\ProgramData\1339734363.7920.bin
2012-06-15 17:30 - 2012-06-15 17:32 - 0006918 _____ () C:\ProgramData\1339734363.7924.bin
2012-06-15 17:30 - 2012-06-15 17:38 - 0001404 _____ () C:\ProgramData\1339734363.7928.bin
2012-06-15 17:30 - 2012-06-15 17:31 - 0001404 _____ () C:\ProgramData\1339734363.7932.bin
2012-07-16 21:07 - 2012-07-16 21:07 - 0158782 _____ () C:\ProgramData\1342425786.bdinstall.bin
2013-12-03 22:28 - 2013-12-03 22:28 - 0001534 _____ () C:\ProgramData\ss.ini
 
Files to move or delete:
====================
C:\Users\Ninos\test.exe
 
 
Some files in TEMP:
====================
C:\Users\Ninos\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Ninos\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Ninos\AppData\Local\Temp\sqlite3.dll
C:\Users\Ninos\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Ninos\AppData\Local\Temp\update.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ICSharpCode.SharpZipLib.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-15 00:13
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:06 PM

Posted 27 January 2016 - 10:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs features applet.
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Popcorn Time (HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Popcorn Time) (Version: - Popcorn Official)
Popcorn Time (HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Popcorn Time) (Version: - Popcorn Official)
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
C:\Users\Ninos\AppData\Local\Temp\{6BE46F4D-CA68-489F-BB1B-4049B9BA9018}\SMSetup.exe"  /cnid 926458 /fpd /dsie /dsff /dsgc /hp /wait /ntp_ie /ms /restart <===== ATTENTION
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy.dll [No File]
C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy64.dll [No File]
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]
C:\Users\Ninos\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217400 2015-12-27] (TorchMedia Inc.) <==== ATTENTION
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Torch (HKU\S-1-5-21-1980966533-4281275361-78632846-1000\...\Torch) (Version: 45.0.0.10802 - Torch Media, Inc) <==== ATTENTION
Torch (HKU\S-1-5-21-1980966533-4281275361-78632846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Torch) (Version: 45.0.0.10802 - Torch Media, Inc) <==== ATTENTION
Task: {1654E03E-B45A-4972-BB59-092FE595CA3D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1EC78284-E6DA-49ED-8ADB-9DCDA1576F4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {30FE4EFF-E757-4095-8A43-B6AAF0C5E132} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {44CC3537-990B-4CE9-B760-63FDF528D0FB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5035817C-7B28-4F64-9D95-241C0E703C77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {55342450-93FF-44DC-957F-F6C5DB6EDB60} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6841756E-D684-4E29-8363-EAF07CDC88A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {83E8F77D-E381-4FD5-9989-78BDC5FF8D44} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {938917FB-F7C9-455E-89F5-D7BA14FBFCBA} - System32\Tasks\{7393D652-00B5-4B95-81F1-109C5D88E704} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.59.105/en/go/help.faq.installer?LastError=1603
Task: {A9475614-5FFC-49CE-BEFB-E7964AB8F852} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AECF1DC0-484E-4A72-9611-B7FCA5930317} - \Game_Booster_Startup -> No File <==== ATTENTION
Task: {C3B0EA6B-85BD-4F69-811D-5B9CBECE47BE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C69BC0F6-E9A7-4B00-9D3E-69E9AEB54C40} - System32\Tasks\{532B8047-92D3-4EBD-8CC8-246AAFCD9788} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603
Task: {E8C7FFBF-435A-4A8B-B1BE-E56525E18C84} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E92BD94E-5D9E-4D3D-9259-8A8A5DE70143} - \TotalSystemCare.Scanning -> No File <==== ATTENTION
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-1980966533-4281275361-78632846-1000\Software\Classes\exefile:  <===== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:9E00596C
C:\Users\Ninos\AppData\Local\Torch
C:\Program Files (x86)\Skillbrains
C:\Users\Ninos\AppData\Local\Temp\{6BE46F4D-CA68-489F-BB1B-4049B9BA9018}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)

Please post the fixlog.txt and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:06 PM

Posted 01 February 2016 - 08:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:06 PM

Posted 08 February 2016 - 08:07 AM

Reopened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users