Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
Ran by Nadia (administrator) on PEGASUS (25-11-2015 22:27:14)
Running from C:\Users\Nadia\Desktop
Loaded Profiles: Nadia (Available Profiles: Nadia & Administrator)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Flux Software LLC) C:\Users\Nadia\AppData\Local\FluxSoftware\Flux\flux.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3272968 2014-04-17] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-06-17] (Qualcomm®Atheros®)
HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55106080 2015-08-26] (Skype Technologies S.A.)
HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\Run: [f.lux] => C:\Users\Nadia\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\MountPoints2: {24c41359-744c-11e5-beb3-2cd05abfd1d4} - "D:\AutoRun.exe"
HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\MountPoints2: {24c413c8-744c-11e5-beb3-2cd05abfd1d4} - "D:\AutoRun.exe"
AppInit_DLLs-x32: OGPDFLoader.dll => No File
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-20] (AVAST Software)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {5111C2CE-6AB8-4655-9DF8-0019681062F0} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {5111C2CE-6AB8-4655-9DF8-0019681062F0} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BrainMaster 3.7i.lnk [2015-10-29]
ShortcutTarget: BrainMaster 3.7i.lnk -> C:\brainm.20\bsetup30.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7945F3AE-53A4-4FC6-8F94-5B0E6E28D098}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-55422887-3470649353-2715885402-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.msn.com/?PC=AV01
HKU\S-1-5-21-55422887-3470649353-2715885402-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-55422887-3470649353-2715885402-1001 -> DefaultScope {E58760E9-0807-4073-98A8-AF759D2639F6} URL =
SearchScopes: HKU\S-1-5-21-55422887-3470649353-2715885402-1001 -> {E58760E9-0807-4073-98A8-AF759D2639F6} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-15] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-15] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @bitmanagement.com/BS Contact -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSContact.dll [2009-06-04] (Bitmanagement Software GmbH)
FF Plugin-x32: @bitmanagement.com/BSVersion,version=1.006 -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSVersion_6.dll [2009-05-13] (Bitmanagement Software GmbH)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-55422887-3470649353-2715885402-1001: @bitmanagement.com/BS Contact -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSContact.dll [2009-06-04] (Bitmanagement Software GmbH)
FF Plugin HKU\S-1-5-21-55422887-3470649353-2715885402-1001: @bitmanagement.com/BSVersion,version=1.006 -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSVersion_6.dll [2009-05-13] (Bitmanagement Software GmbH)
FF Plugin HKU\S-1-5-21-55422887-3470649353-2715885402-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Nadia\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-09] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Nadia\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-22] (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-20] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07]
CHR Extension: (Google Docs) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (Google Drive) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07]
CHR Extension: (Google Docs Offline) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-06-17] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-20] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-04-17] (ELAN Microelectronics Corp.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-23] (SafeNet Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2014-12-02] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [53032 2014-06-08] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-06-17] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [77912 2015-09-23] (SafeNet Inc.)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [81368 2015-09-23] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [322560 2015-09-23] (SafeNet Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-20] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-06-17] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-06-17] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-22] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [350552 2015-09-23] (SafeNet Inc.)
S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [124800 2014-05-16] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [379392 2014-05-04] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-20] (AVAST Software)
R3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [267776 2015-05-13] (PEAK-System Technik GmbH, Darmstadt, Germany)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-20] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-25 22:27 - 2015-11-25 22:28 - 00025207 _____ C:\Users\Nadia\Desktop\FRST.txt
2015-11-25 22:27 - 2015-11-25 22:27 - 00000000 ____D C:\Users\Nadia\Desktop\FRST-OlderVersion
2015-11-25 22:26 - 2015-11-25 22:27 - 00000000 ____D C:\FRST
2015-11-25 18:52 - 2015-11-25 18:52 - 00974947 _____ C:\Users\Nadia\Downloads\EO 1.lor
2015-11-25 18:00 - 2015-11-25 18:12 - 870693459 _____ C:\Users\Nadia\Downloads\inst_ng_2.8.6.2.zip
2015-11-25 17:44 - 2015-11-25 17:44 - 00000000 ___RD C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-11-25 10:15 - 2015-11-25 10:15 - 00523315 _____ C:\Users\Nadia\Downloads\spin.pdf
2015-11-25 10:15 - 2015-11-25 10:15 - 00070124 _____ C:\Users\Nadia\Documents\LiebowitzSocialAnxietyScale.pdf
2015-11-25 08:38 - 2015-11-25 08:38 - 01717847 _____ C:\Users\Nadia\Downloads\Yash Ghai_Quantitative EEG LORETA report.pdf
2015-11-24 22:40 - 2015-11-24 22:40 - 00691817 _____ C:\Users\Nadia\Downloads\ASPA_Christmas_Fair_2015_Floor_Plan__2_.pdf
2015-11-24 19:21 - 2015-11-24 19:21 - 00004887 _____ C:\Users\Nadia\Downloads\XXXX.eml
2015-11-23 10:29 - 2015-11-23 10:29 - 00366626 _____ C:\Users\Nadia\Documents\Presentation2.pptx
2015-11-23 09:56 - 2015-11-23 09:56 - 00002274 _____ C:\Users\Nadia\Downloads\eegtrain 1-kanal beta + mu + gamma.zip
2015-11-23 09:55 - 2015-11-23 09:55 - 00033080 _____ C:\Users\Nadia\Downloads\bm protokolle.zip
2015-11-23 02:38 - 2015-11-23 02:38 - 00035805 _____ C:\Users\Nadia\Downloads\PETER PAN.pptx
2015-11-22 11:03 - 2015-11-22 11:03 - 00000000 ____D C:\Users\Nadia\Desktop\New folder
2015-11-22 10:13 - 2015-11-22 10:13 - 01579072 _____ C:\Users\Nadia\Documents\Presentation1.pptx
2015-11-21 23:16 - 2015-11-21 23:16 - 00000000 ____D C:\Users\Nadia\AppData\Local\Microsoft Help
2015-11-21 10:42 - 2015-11-21 10:42 - 00000000 ____D C:\Users\Nadia\DERBY EXP
2015-11-20 10:54 - 2015-11-20 10:54 - 01908073 _____ C:\Users\Nadia\Downloads\Thibault.pdf
2015-11-19 22:58 - 2015-11-19 22:58 - 00009342 _____ C:\Users\Nadia\Downloads\No Subject.eml
2015-11-19 22:05 - 2015-11-19 22:05 - 00854336 _____ C:\Users\Nadia\Downloads\DELTA.pdf
2015-11-19 21:57 - 2015-11-19 21:57 - 01085342 _____ C:\Users\Nadia\Downloads\SetPoint_CCFA_2012 (1).pdf
2015-11-19 19:26 - 2015-11-19 19:26 - 02183744 _____ C:\Users\Nadia\Downloads\fMRI+&+LORETA+Z+score+NFB-Overview.pdf
2015-11-18 17:37 - 2015-11-18 17:37 - 00093510 _____ C:\Users\Nadia\Downloads\17111539_Terms & Conditions.pdf
2015-11-17 11:40 - 2015-11-17 11:40 - 862675252 _____ C:\WINDOWS\MEMORY.DMP
2015-11-17 11:40 - 2015-11-17 11:40 - 00285728 _____ C:\WINDOWS\Minidump\111715-30359-01.dmp
2015-11-16 19:30 - 2015-11-25 22:27 - 02348544 _____ (Farbar) C:\Users\Nadia\Desktop\FRST64.exe
2015-11-16 19:30 - 2015-11-16 17:59 - 05637834 _____ (Swearware) C:\Users\Nadia\Desktop\ComboFix.exe
2015-11-16 19:30 - 2015-11-16 17:39 - 18979400 _____ C:\Users\Nadia\Desktop\RogueKiller.exe
2015-11-16 19:30 - 2015-11-16 17:35 - 01801288 _____ (Malwarebytes) C:\Users\Nadia\Desktop\JRT.exe
2015-11-16 16:54 - 2015-11-16 16:54 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 16:54 - 2015-11-16 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 16:54 - 2015-11-16 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-16 16:54 - 2015-11-16 16:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 16:54 - 2015-04-14 10:39 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-16 16:54 - 2015-04-14 10:38 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-16 16:54 - 2015-04-14 10:38 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-15 23:57 - 2015-11-15 23:59 - 00000000 ____D C:\Users\Nadia\Desktop\DERBY_PSYCHOLOGY
2015-11-15 14:56 - 2015-11-03 00:23 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-15 14:56 - 2015-11-03 00:23 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-15 14:42 - 2015-11-15 14:42 - 00418085 _____ C:\Users\Nadia\Downloads\Copying_the_license_file.pdf
2015-11-15 14:41 - 2015-11-15 14:41 - 02260816 _____ C:\Users\Nadia\Downloads\User_Guide.pdf
2015-11-15 00:28 - 2015-11-15 00:28 - 00603379 _____ C:\Users\Nadia\Downloads\EEG artifacts.pdf
2015-11-14 19:17 - 2015-11-14 19:17 - 01677755 _____ C:\Users\Nadia\Downloads\ARTEFACTS.pdf
2015-11-14 02:36 - 2015-11-14 02:36 - 00096481 _____ C:\Users\Nadia\Documents\GVB geliMED.pdf
2015-11-14 01:47 - 2015-11-14 01:47 - 00005439 _____ C:\Users\Nadia\Documents\18_ohrelektrode_gesintert_englisch-5412768.pdf
2015-11-14 01:39 - 2015-11-14 01:39 - 08476466 _____ C:\Users\Nadia\Documents\Katalog_GVB_2015_m.pdf
2015-11-14 01:36 - 2015-11-14 01:36 - 03344048 _____ C:\Users\Nadia\Documents\pastenundgele_web-1016030.pdf
2015-11-14 00:25 - 2015-11-14 00:25 - 00072348 _____ C:\Users\Nadia\Documents\sintered-electrodes.pdf
2015-11-14 00:13 - 2015-11-14 00:13 - 07392408 _____ C:\Users\Nadia\Documents\GVB-Gelimed-katalog-potrošnog-materijala.pdf
2015-11-14 00:03 - 2015-11-14 00:03 - 01001264 _____ C:\Users\Nadia\Documents\PNAS-2010-Nishikawa-10342-Networks&Compensatory structres.pdf
2015-11-14 00:00 - 2015-11-14 00:00 - 00119530 _____ C:\Users\Nadia\Documents\DesinfectionEEG CAPS.pdf
2015-11-13 23:54 - 2015-11-13 23:54 - 01040851 _____ C:\Users\Nadia\Documents\Can-EEG-Test-Helps-in-Identifying-Brain-Tumor.pdf
2015-11-13 20:17 - 2015-11-13 20:17 - 00082934 _____ C:\Users\Nadia\Downloads\Hagedorn+2014+++Infection+Risk+Mitigation+for+Biofeedback+Providers.pdf
2015-11-13 07:33 - 2015-11-13 07:33 - 00885225 _____ C:\Users\Nadia\Downloads\Delay Compensation Form 2 (1).pdf
2015-11-13 02:47 - 2015-11-13 02:47 - 08524841 _____ C:\Users\Nadia\Downloads\Neuroimaging+distinction+between+neurological+and+psychiatric+disorders.pdf
2015-11-13 02:43 - 2015-11-13 02:43 - 00873330 _____ C:\Users\Nadia\Downloads\ADHDMEGLORETAConnectivity2013.pdf
2015-11-13 02:43 - 2015-11-13 02:43 - 00250010 _____ C:\Users\Nadia\Downloads\ADHDMEGLORETAConnectivity2013.Appendix.pdf
2015-11-13 02:42 - 2015-11-13 02:42 - 02344055 _____ C:\Users\Nadia\Downloads\PalvaAlpha2011.pdf
2015-11-13 02:42 - 2015-11-13 02:42 - 01933714 _____ C:\Users\Nadia\Downloads\Doelling.pdf
2015-11-13 02:42 - 2015-11-13 02:42 - 01752104 _____ C:\Users\Nadia\Downloads\AlphaPhaseSynchronyFrontoparietal2012.pdf
2015-11-13 02:42 - 2015-11-13 02:42 - 01041682 _____ C:\Users\Nadia\Downloads\PalvaAlpha2007TINS.pdf
2015-11-13 01:52 - 2015-11-13 01:52 - 00885225 _____ C:\Users\Nadia\Downloads\Delay Compensation Form 2.pdf