TechSpot

Remove infected tmp files

By nadiahri
Nov 16, 2015
  1. Hi and thanks in advance to all tech-experts, providing help to less-knowledgeable users like me who have managed to mess up their systems.

    I got downloaded two temp files in my Downloads yesterday, which now prevent me from using the Downloads folder at all. Every attempt to get rid of them, results in freezing of the mouse cursor, followed by a crash of the Downloads folder. Therefore I cannot access any of the files in my Downloads and I anticipate that these tmp files would continue to interfere with my system. I run CCleaner and full system scan with Avast, which didn't resolve the issue.
    To add, this is my work computer full of lovely software and data, which is why I am sick worried and grateful for any timely help!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Reopened.
     
  4. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Thank you! running farbar, will post the logs
     
  5. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
    Ran by Nadia (administrator) on PEGASUS (25-11-2015 22:27:14)
    Running from C:\Users\Nadia\Desktop
    Loaded Profiles: Nadia (Available Profiles: Nadia & Administrator)
    Platform: Windows 8.1 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (SafeNet Inc.) C:\Windows\System32\hasplms.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
    () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
    (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
    (Flux Software LLC) C:\Users\Nadia\AppData\Local\FluxSoftware\Flux\flux.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3272968 2014-04-17] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-06-17] (Qualcomm®Atheros®)
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55106080 2015-08-26] (Skype Technologies S.A.)
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\Run: [f.lux] => C:\Users\Nadia\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\MountPoints2: {24c41359-744c-11e5-beb3-2cd05abfd1d4} - "D:\AutoRun.exe"
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\MountPoints2: {24c413c8-744c-11e5-beb3-2cd05abfd1d4} - "D:\AutoRun.exe"
    AppInit_DLLs-x32: OGPDFLoader.dll => No File
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-20] (AVAST Software)
    ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {5111C2CE-6AB8-4655-9DF8-0019681062F0} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
    ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
    ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {5111C2CE-6AB8-4655-9DF8-0019681062F0} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BrainMaster 3.7i.lnk [2015-10-29]
    ShortcutTarget: BrainMaster 3.7i.lnk -> C:\brainm.20\bsetup30.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7945F3AE-53A4-4FC6-8F94-5B0E6E28D098}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
    SearchScopes: HKU\S-1-5-21-55422887-3470649353-2715885402-1001 -> DefaultScope {E58760E9-0807-4073-98A8-AF759D2639F6} URL =
    SearchScopes: HKU\S-1-5-21-55422887-3470649353-2715885402-1001 -> {E58760E9-0807-4073-98A8-AF759D2639F6} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-15] (AVAST Software)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-15] (AVAST Software)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @bitmanagement.com/BS Contact -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSContact.dll [2009-06-04] (Bitmanagement Software GmbH)
    FF Plugin-x32: @bitmanagement.com/BSVersion,version=1.006 -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSVersion_6.dll [2009-05-13] (Bitmanagement Software GmbH)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-07] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-55422887-3470649353-2715885402-1001: @bitmanagement.com/BS Contact -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSContact.dll [2009-06-04] (Bitmanagement Software GmbH)
    FF Plugin HKU\S-1-5-21-55422887-3470649353-2715885402-1001: @bitmanagement.com/BSVersion,version=1.006 -> C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSVersion_6.dll [2009-05-13] (Bitmanagement Software GmbH)
    FF Plugin HKU\S-1-5-21-55422887-3470649353-2715885402-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Nadia\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-09] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Users\Nadia\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-22] (Cisco WebEx LLC)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-20] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07]
    CHR Extension: (Google Docs) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
    CHR Extension: (Google Drive) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (YouTube) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
    CHR Extension: (Google Search) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Sheets) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
    CHR Extension: (Avast Online Security) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]
    CHR Extension: (Cisco WebEx Extension) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-03-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
    CHR Extension: (Gmail) - C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-06-17] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-20] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-20] (Avast Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
    R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-04-17] (ELAN Microelectronics Corp.)
    R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-23] (SafeNet Inc.)
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2014-12-02] (National Instruments, Inc.)
    R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [53032 2014-06-08] (National Instruments Corporation)
    R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
    R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-06-17] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [77912 2015-09-23] (SafeNet Inc.)
    S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [81368 2015-09-23] (SafeNet Inc.)
    S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [322560 2015-09-23] (SafeNet Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-20] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-20] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-20] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-20] (AVAST Software)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-06-17] (Qualcomm Atheros)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-06-17] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-22] (Microsoft Corporation)
    R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
    R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [350552 2015-09-23] (SafeNet Inc.)
    S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [124800 2014-05-16] (Huawei Technologies Co., Ltd.)
    S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [379392 2014-05-04] (Huawei Technologies Co., Ltd.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-20] (AVAST Software)
    R3 Pcan_usb; C:\Windows\System32\drivers\PCAN_USB.SYS [267776 2015-05-13] (PEAK-System Technik GmbH, Darmstadt, Germany)
    R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-20] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-25 22:27 - 2015-11-25 22:28 - 00025207 _____ C:\Users\Nadia\Desktop\FRST.txt
    2015-11-25 22:27 - 2015-11-25 22:27 - 00000000 ____D C:\Users\Nadia\Desktop\FRST-OlderVersion
    2015-11-25 22:26 - 2015-11-25 22:27 - 00000000 ____D C:\FRST
    2015-11-25 18:52 - 2015-11-25 18:52 - 00974947 _____ C:\Users\Nadia\Downloads\EO 1.lor
    2015-11-25 18:00 - 2015-11-25 18:12 - 870693459 _____ C:\Users\Nadia\Downloads\inst_ng_2.8.6.2.zip
    2015-11-25 17:44 - 2015-11-25 17:44 - 00000000 ___RD C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-11-25 10:15 - 2015-11-25 10:15 - 00523315 _____ C:\Users\Nadia\Downloads\spin.pdf
    2015-11-25 10:15 - 2015-11-25 10:15 - 00070124 _____ C:\Users\Nadia\Documents\LiebowitzSocialAnxietyScale.pdf
    2015-11-25 08:38 - 2015-11-25 08:38 - 01717847 _____ C:\Users\Nadia\Downloads\Yash Ghai_Quantitative EEG LORETA report.pdf
    2015-11-24 22:40 - 2015-11-24 22:40 - 00691817 _____ C:\Users\Nadia\Downloads\ASPA_Christmas_Fair_2015_Floor_Plan__2_.pdf
    2015-11-24 19:21 - 2015-11-24 19:21 - 00004887 _____ C:\Users\Nadia\Downloads\XXXX.eml
    2015-11-23 10:29 - 2015-11-23 10:29 - 00366626 _____ C:\Users\Nadia\Documents\Presentation2.pptx
    2015-11-23 09:56 - 2015-11-23 09:56 - 00002274 _____ C:\Users\Nadia\Downloads\eegtrain 1-kanal beta + mu + gamma.zip
    2015-11-23 09:55 - 2015-11-23 09:55 - 00033080 _____ C:\Users\Nadia\Downloads\bm protokolle.zip
    2015-11-23 02:38 - 2015-11-23 02:38 - 00035805 _____ C:\Users\Nadia\Downloads\PETER PAN.pptx
    2015-11-22 11:03 - 2015-11-22 11:03 - 00000000 ____D C:\Users\Nadia\Desktop\New folder
    2015-11-22 10:13 - 2015-11-22 10:13 - 01579072 _____ C:\Users\Nadia\Documents\Presentation1.pptx
    2015-11-21 23:16 - 2015-11-21 23:16 - 00000000 ____D C:\Users\Nadia\AppData\Local\Microsoft Help
    2015-11-21 10:42 - 2015-11-21 10:42 - 00000000 ____D C:\Users\Nadia\DERBY EXP
    2015-11-20 10:54 - 2015-11-20 10:54 - 01908073 _____ C:\Users\Nadia\Downloads\Thibault.pdf
    2015-11-19 22:58 - 2015-11-19 22:58 - 00009342 _____ C:\Users\Nadia\Downloads\No Subject.eml
    2015-11-19 22:05 - 2015-11-19 22:05 - 00854336 _____ C:\Users\Nadia\Downloads\DELTA.pdf
    2015-11-19 21:57 - 2015-11-19 21:57 - 01085342 _____ C:\Users\Nadia\Downloads\SetPoint_CCFA_2012 (1).pdf
    2015-11-19 19:26 - 2015-11-19 19:26 - 02183744 _____ C:\Users\Nadia\Downloads\fMRI+&+LORETA+Z+score+NFB-Overview.pdf
    2015-11-18 17:37 - 2015-11-18 17:37 - 00093510 _____ C:\Users\Nadia\Downloads\17111539_Terms & Conditions.pdf
    2015-11-17 11:40 - 2015-11-17 11:40 - 862675252 _____ C:\WINDOWS\MEMORY.DMP
    2015-11-17 11:40 - 2015-11-17 11:40 - 00285728 _____ C:\WINDOWS\Minidump\111715-30359-01.dmp
    2015-11-16 19:30 - 2015-11-25 22:27 - 02348544 _____ (Farbar) C:\Users\Nadia\Desktop\FRST64.exe
    2015-11-16 19:30 - 2015-11-16 17:59 - 05637834 _____ (Swearware) C:\Users\Nadia\Desktop\ComboFix.exe
    2015-11-16 19:30 - 2015-11-16 17:39 - 18979400 _____ C:\Users\Nadia\Desktop\RogueKiller.exe
    2015-11-16 19:30 - 2015-11-16 17:35 - 01801288 _____ (Malwarebytes) C:\Users\Nadia\Desktop\JRT.exe
    2015-11-16 16:54 - 2015-11-16 16:54 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-11-16 16:54 - 2015-11-16 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-11-16 16:54 - 2015-11-16 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-11-16 16:54 - 2015-11-16 16:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-11-16 16:54 - 2015-04-14 10:39 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-11-16 16:54 - 2015-04-14 10:38 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-11-16 16:54 - 2015-04-14 10:38 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-11-15 23:57 - 2015-11-15 23:59 - 00000000 ____D C:\Users\Nadia\Desktop\DERBY_PSYCHOLOGY
    2015-11-15 14:56 - 2015-11-03 00:23 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-11-15 14:56 - 2015-11-03 00:23 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-11-15 14:42 - 2015-11-15 14:42 - 00418085 _____ C:\Users\Nadia\Downloads\Copying_the_license_file.pdf
    2015-11-15 14:41 - 2015-11-15 14:41 - 02260816 _____ C:\Users\Nadia\Downloads\User_Guide.pdf
    2015-11-15 00:28 - 2015-11-15 00:28 - 00603379 _____ C:\Users\Nadia\Downloads\EEG artifacts.pdf
    2015-11-14 19:17 - 2015-11-14 19:17 - 01677755 _____ C:\Users\Nadia\Downloads\ARTEFACTS.pdf
    2015-11-14 02:36 - 2015-11-14 02:36 - 00096481 _____ C:\Users\Nadia\Documents\GVB geliMED.pdf
    2015-11-14 01:47 - 2015-11-14 01:47 - 00005439 _____ C:\Users\Nadia\Documents\18_ohrelektrode_gesintert_englisch-5412768.pdf
    2015-11-14 01:39 - 2015-11-14 01:39 - 08476466 _____ C:\Users\Nadia\Documents\Katalog_GVB_2015_m.pdf
    2015-11-14 01:36 - 2015-11-14 01:36 - 03344048 _____ C:\Users\Nadia\Documents\pastenundgele_web-1016030.pdf
    2015-11-14 00:25 - 2015-11-14 00:25 - 00072348 _____ C:\Users\Nadia\Documents\sintered-electrodes.pdf
    2015-11-14 00:13 - 2015-11-14 00:13 - 07392408 _____ C:\Users\Nadia\Documents\GVB-Gelimed-katalog-potrošnog-materijala.pdf
    2015-11-14 00:03 - 2015-11-14 00:03 - 01001264 _____ C:\Users\Nadia\Documents\PNAS-2010-Nishikawa-10342-Networks&Compensatory structres.pdf
    2015-11-14 00:00 - 2015-11-14 00:00 - 00119530 _____ C:\Users\Nadia\Documents\DesinfectionEEG CAPS.pdf
    2015-11-13 23:54 - 2015-11-13 23:54 - 01040851 _____ C:\Users\Nadia\Documents\Can-EEG-Test-Helps-in-Identifying-Brain-Tumor.pdf
    2015-11-13 20:17 - 2015-11-13 20:17 - 00082934 _____ C:\Users\Nadia\Downloads\Hagedorn+2014+++Infection+Risk+Mitigation+for+Biofeedback+Providers.pdf
    2015-11-13 07:33 - 2015-11-13 07:33 - 00885225 _____ C:\Users\Nadia\Downloads\Delay Compensation Form 2 (1).pdf
    2015-11-13 02:47 - 2015-11-13 02:47 - 08524841 _____ C:\Users\Nadia\Downloads\Neuroimaging+distinction+between+neurological+and+psychiatric+disorders.pdf
    2015-11-13 02:43 - 2015-11-13 02:43 - 00873330 _____ C:\Users\Nadia\Downloads\ADHDMEGLORETAConnectivity2013.pdf
    2015-11-13 02:43 - 2015-11-13 02:43 - 00250010 _____ C:\Users\Nadia\Downloads\ADHDMEGLORETAConnectivity2013.Appendix.pdf
    2015-11-13 02:42 - 2015-11-13 02:42 - 02344055 _____ C:\Users\Nadia\Downloads\PalvaAlpha2011.pdf
    2015-11-13 02:42 - 2015-11-13 02:42 - 01933714 _____ C:\Users\Nadia\Downloads\Doelling.pdf
    2015-11-13 02:42 - 2015-11-13 02:42 - 01752104 _____ C:\Users\Nadia\Downloads\AlphaPhaseSynchronyFrontoparietal2012.pdf
    2015-11-13 02:42 - 2015-11-13 02:42 - 01041682 _____ C:\Users\Nadia\Downloads\PalvaAlpha2007TINS.pdf
    2015-11-13 01:52 - 2015-11-13 01:52 - 00885225 _____ C:\Users\Nadia\Downloads\Delay Compensation Form 2.pdf
     
  6. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    2015-11-11 11:33 - 2015-11-11 11:33 - 00025207 _____ C:\Users\Nadia\Downloads\fax-20151111121625.pdf
    2015-11-11 07:40 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-11-11 07:40 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-11-11 07:40 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-11-11 07:40 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-11-11 07:40 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2015-11-11 07:40 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2015-11-11 07:40 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2015-11-11 07:40 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2015-11-11 07:40 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2015-11-11 07:40 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2015-11-11 07:40 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2015-11-11 07:40 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2015-11-11 07:40 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2015-11-11 07:40 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2015-11-11 07:40 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2015-11-11 07:40 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2015-11-11 07:40 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-11-11 07:40 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2015-11-11 07:40 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2015-11-11 07:40 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2015-11-11 07:40 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-11-11 07:40 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-11-11 07:40 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-11-11 07:40 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-11-11 07:40 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-11-11 07:40 - 2015-09-12 13:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2015-11-11 07:40 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
    2015-11-11 07:39 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-11-11 07:39 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-11-11 07:39 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-11-11 07:39 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-11-11 07:39 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-11-11 07:39 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-11-11 07:39 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-11-11 07:39 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-11-11 07:39 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-11-11 07:39 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-11-11 07:39 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-11-11 07:39 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-11-11 07:39 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-11-11 07:39 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-11-11 07:39 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-11-11 07:39 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-11-11 07:39 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-11-11 07:39 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-11-11 07:39 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-11-11 07:39 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-11-11 07:39 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-11-11 07:39 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-11-11 07:39 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-11-11 07:39 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-11-11 07:39 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-11-11 07:39 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-11-11 07:39 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-11-11 07:39 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-11-11 07:39 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-11-11 07:39 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-11-11 07:39 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-11-11 07:39 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-11-11 07:39 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-11-11 07:39 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-11-11 07:39 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-11-11 07:39 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2015-11-11 07:39 - 2015-09-29 12:24 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2015-11-11 07:39 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2015-11-11 07:39 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2015-11-11 07:39 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2015-11-11 07:39 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
    2015-11-11 07:39 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2015-11-11 07:39 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2015-11-11 07:39 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2015-11-11 07:39 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2015-11-11 07:39 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2015-11-11 07:39 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2015-11-11 07:39 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2015-11-11 07:39 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2015-11-11 07:39 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2015-11-11 07:39 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2015-11-11 00:02 - 2015-11-11 00:02 - 01085342 _____ C:\Users\Nadia\Downloads\SetPoint_CCFA_2012.pdf
    2015-11-10 07:42 - 2015-11-10 07:42 - 00109470 _____ C:\Users\Nadia\Downloads\Zack GPC.pdf
    2015-11-09 14:13 - 2015-11-09 14:13 - 00006708 _____ C:\Users\Nadia\Downloads\Nadia Hristova red room slot hire.pdf
    2015-11-09 11:50 - 2015-11-09 11:50 - 00000397 _____ C:\Users\Nadia\Downloads\Booking.ics
    2015-11-08 23:52 - 2015-11-08 23:52 - 00444000 _____ C:\Users\Nadia\Downloads\Tang3.pdf
    2015-11-08 23:35 - 2015-11-08 23:35 - 00684940 _____ C:\Users\Nadia\Downloads\Attention+System+of+the+brain+20+years+after-+Petersen+&+Posner.pdf
    2015-11-08 23:34 - 2015-11-08 23:34 - 01668114 _____ C:\Users\Nadia\Downloads\FrontoparietalExecutiveVincent2008.pdf
    2015-11-08 11:36 - 2015-11-08 11:36 - 00000000 ____D C:\Users\Nadia\Documents\BW
    2015-11-08 11:35 - 2014-09-29 16:57 - 00114263 _____ C:\Users\Nadia\Desktop\BioExplorer.txt
    2015-11-08 11:35 - 2014-09-29 16:57 - 00004096 _____ C:\Users\Nadia\Desktop\BioExplorerPrefs.dat
    2015-11-08 11:35 - 2014-05-02 18:39 - 00002001 _____ C:\Users\Nadia\Desktop\BioExplorer.lnk
    2015-11-08 00:22 - 2015-11-08 00:22 - 00394262 _____ C:\Users\Nadia\Downloads\Neurofeedback-London QEEG LORETA Assessment Questionnaire.pdf
    2015-11-07 23:41 - 2015-11-07 23:41 - 00351693 _____ C:\Users\Nadia\Downloads\abalone_en.pdf
    2015-11-07 23:28 - 2015-11-07 23:28 - 00395400 _____ C:\Users\Nadia\Downloads\DOC012 (2).PDF
    2015-11-07 17:55 - 2015-11-07 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PEAK-Drivers
    2015-11-07 17:55 - 2015-11-07 17:55 - 00000000 ____D C:\Program Files\PEAK-System
    2015-11-07 17:53 - 2015-11-25 18:36 - 00000000 ____D C:\NeuroField
    2015-11-07 17:53 - 2015-11-25 13:27 - 00000000 ____D C:\Users\Nadia\Desktop\NeuroField Documentation
    2015-11-07 17:53 - 2015-11-07 18:08 - 00000000 ____D C:\NFDBBackup
    2015-11-07 17:53 - 2015-09-02 08:49 - 00389498 _____ C:\Users\Nadia\Desktop\NeuroPlot InterSession v2.0.xlsm
    2015-11-07 17:51 - 2015-11-07 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeuroField
    2015-11-07 17:51 - 2015-11-07 17:51 - 00000000 ____D C:\Program Files (x86)\NeuroField
    2015-11-07 17:46 - 2015-11-07 17:48 - 00000000 ____D C:\NF875
    2015-11-07 17:17 - 2012-07-26 08:42 - 00001437 _____ C:\Users\Nadia\Desktop\NeuroField - Shortcut.lnk
    2015-11-07 12:46 - 2015-11-07 12:46 - 24356508 _____ C:\Users\Nadia\Downloads\CANBus (1).zip
    2015-11-07 12:41 - 2015-11-07 12:41 - 01158770 _____ C:\Users\Nadia\Downloads\NeuroField_Installation_Guide (1).pdf
    2015-11-07 08:43 - 2015-11-07 08:43 - 00015080 ____H C:\Users\Nadia\Desktop\~WRL0878.tmp
    2015-11-06 00:52 - 2015-11-06 00:52 - 00033892 _____ C:\Users\Nadia\Downloads\DVD solutions.pdf
    2015-11-06 00:48 - 2015-11-06 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2015-11-06 00:48 - 2011-01-28 08:00 - 00080896 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
    2015-11-06 00:48 - 2011-01-28 08:00 - 00000038 _____ C:\WINDOWS\avisplitter.ini
    2015-11-06 00:48 - 2010-12-10 16:57 - 00000590 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll.manifest
    2015-11-06 00:48 - 2010-12-07 18:40 - 00183808 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
    2015-11-06 00:48 - 2010-12-07 18:22 - 00810496 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
    2015-11-06 00:48 - 2010-11-03 19:08 - 00237568 _____ (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
    2015-11-06 00:48 - 2010-01-17 16:18 - 00151552 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm
    2015-11-06 00:48 - 2008-10-03 13:30 - 00000414 _____ C:\WINDOWS\SysWOW64\lame_acm.xml
    2015-11-06 00:48 - 2008-09-24 19:41 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\WINDOWS\SysWOW64\lameACM.acm
    2015-11-06 00:40 - 2015-11-06 00:41 - 14832709 _____ ( ) C:\K-Lite_Codec_Pack_690_Full (3).exe
    2015-11-05 19:59 - 2015-11-05 19:59 - 01068228 _____ C:\Users\Nadia\Downloads\invoice3515 powels NF 11-15.pdf
    2015-11-05 12:36 - 2015-11-05 12:36 - 00001292 _____ C:\Users\Nadia\Desktop\ng - Shortcut.lnk
    2015-11-05 12:34 - 2015-11-05 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeuroGuide
    2015-11-05 12:28 - 2015-11-25 10:47 - 00000000 ____D C:\Program Files (x86)\Neuroguide
    2015-11-05 12:23 - 2015-11-05 12:24 - 30702221 _____ C:\Users\Nadia\Documents\Neuroguide Manual.pdf
    2015-11-05 12:22 - 2015-11-05 12:22 - 02441030 _____ C:\Users\Nadia\Downloads\DialoguesClinNeurosci-16-103DEPRESSION&NFB.pdf
    2015-11-05 10:13 - 2015-11-05 10:13 - 00455589 _____ C:\Users\Nadia\Downloads\Neurofeedback-for-Recurrent-Migraine-Headaches.pdf
    2015-11-05 00:08 - 2015-11-05 00:08 - 05132116 _____ C:\Users\Nadia\Downloads\gtecCAT1314_web.pdf
    2015-11-04 21:15 - 2015-11-04 21:15 - 00395400 _____ C:\Users\Nadia\Downloads\DOC012 (1).PDF
    2015-11-04 21:14 - 2015-11-04 21:14 - 00395400 _____ C:\Users\Nadia\Downloads\DOC012.PDF
    2015-11-04 15:55 - 2015-11-04 15:55 - 00002972 _____ C:\Users\Nadia\Desktop\Display Preferences - Shortcut.lnk
    2015-11-04 08:44 - 2015-11-04 08:44 - 04629735 _____ C:\Users\Nadia\Downloads\Human-level+control+through+deep+reinforcement+learning+Mnih.pdf
    2015-11-04 08:44 - 2015-11-04 08:44 - 00241033 _____ C:\Users\Nadia\Downloads\Learning+to+see+and+act+Scholkopf.pdf
    2015-11-03 19:09 - 2015-11-03 19:09 - 00000000 ___HD C:\OneDriveTemp
    2015-11-03 09:28 - 2015-11-03 09:28 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\MPC-HC
    2015-11-02 23:31 - 2015-11-02 23:31 - 01599332 _____ C:\Users\Nadia\Downloads\Robustness.pdf
    2015-11-02 21:33 - 2015-11-02 21:33 - 00509532 _____ C:\Users\Nadia\Downloads\Quick.pdf
    2015-11-02 21:33 - 2015-11-02 21:33 - 00482771 _____ C:\Users\Nadia\Downloads\Install.pdf
    2015-11-02 21:33 - 2015-11-02 21:33 - 00400143 _____ C:\Users\Nadia\Downloads\Setup.pdf
    2015-11-02 21:31 - 2015-11-02 21:31 - 00195011 _____ C:\Users\Nadia\Downloads\EEGAudio.pdf
    2015-11-02 10:37 - 2015-11-04 08:42 - 00056832 ____H C:\Users\Nadia\Downloads\~WRL3062.tmp
    2015-11-02 10:37 - 2015-11-02 10:37 - 00034816 ____H C:\Users\Nadia\Downloads\~WRL3961.tmp
    2015-11-02 09:31 - 2015-11-02 09:31 - 04641179 _____ C:\Users\Nadia\Downloads\IMG_3438.MOV
    2015-11-01 23:04 - 2015-11-01 23:04 - 00758080 _____ C:\Users\Nadia\Downloads\Alpha NFB improves motor 2015 (1).pdf
    2015-11-01 23:04 - 2015-11-01 23:04 - 00434477 _____ C:\Users\Nadia\Downloads\P3a for PD 2015.pdf
    2015-11-01 23:04 - 2015-11-01 23:04 - 00038310 _____ C:\Users\Nadia\Downloads\Phillipens monkey study.pdf
    2015-11-01 23:03 - 2015-11-01 23:03 - 00758080 _____ C:\Users\Nadia\Downloads\Alpha NFB improves motor 2015.pdf
    2015-11-01 20:44 - 2015-11-01 20:44 - 14832709 _____ ( ) C:\Users\Nadia\Downloads\K-Lite_Codec_Pack_690_Full (2).exe
    2015-11-01 19:43 - 2015-11-01 19:43 - 00659663 _____ C:\Users\Nadia\Downloads\Goodkind.pdf
    2015-11-01 19:40 - 2015-11-01 19:40 - 02709447 _____ C:\Users\Nadia\Downloads\Charles Zorumski and Eugene Rubin-Psychiatry and Clinical Neuroscience-Oxford University Press (2011) (1).pdf
    2015-11-01 19:38 - 2015-11-01 19:38 - 01599590 _____ C:\Users\Nadia\Downloads\homeostatic+plasticity-Inhibition+tunes+brain+networks-homeostasis-Hellyer.pdf
    2015-11-01 19:36 - 2015-11-01 19:36 - 01708035 _____ C:\Users\Nadia\Downloads\Finn.pdf
    2015-11-01 19:35 - 2015-11-01 19:35 - 04669392 _____ C:\Users\Nadia\Downloads\Riganello (1).pdf
    2015-11-01 19:35 - 2015-11-01 19:35 - 01545769 _____ C:\Users\Nadia\Downloads\Lomas (1).pdf
    2015-11-01 19:30 - 2015-11-01 19:30 - 02709447 _____ C:\Users\Nadia\Downloads\Charles Zorumski and Eugene Rubin-Psychiatry and Clinical Neuroscience-Oxford University Press (2011).pdf
    2015-11-01 01:50 - 2015-11-01 01:50 - 00013643 _____ C:\Users\Nadia\Downloads\Invoice_6498_from_Light_Centre.pdf
    2015-11-01 01:49 - 2015-11-01 01:49 - 00105699 _____ C:\Users\Nadia\Documents\Light Practice Standing Order.pdf
    2015-10-31 15:30 - 2015-10-31 15:30 - 05285007 _____ C:\Users\Nadia\Downloads\Tataryn-Unlocking-Parkinsons-ISNR-2014.pdf
    2015-10-30 09:48 - 2015-10-30 09:48 - 00583936 _____ C:\Users\Nadia\Downloads\Tansey.pdf
    2015-10-30 09:34 - 2015-10-30 09:34 - 00130776 _____ C:\Users\Nadia\Downloads\Electromagnetic_Stimulation_Approaches.pdf
    2015-10-29 21:50 - 2015-10-29 21:50 - 00001603 _____ C:\Users\Public\Desktop\BrainMaster 3.7i.lnk
    2015-10-29 21:39 - 2015-10-29 21:45 - 304815400 _____ (BrainMaster Technologies, Inc.) C:\Users\Nadia\Downloads\BMrSetup3.7ix64.exe
    2015-10-29 01:38 - 2015-10-29 01:38 - 00617126 _____ C:\Users\Nadia\Downloads\Harris2.pdf
    2015-10-27 23:17 - 2015-10-27 23:17 - 24959280 _____ C:\Users\Nadia\Downloads\531-320_BrainMaster3.0UserManual_v2.0_2-10-12.pdf
    2015-10-27 23:16 - 2015-10-27 23:16 - 02744851 _____ C:\Users\Nadia\Downloads\Client Folder.pdf
    2015-10-27 20:08 - 2015-10-30 13:04 - 00000000 ____D C:\Users\Nadia\AppData\Local\LogMeIn Rescue Applet
    2015-10-27 20:08 - 2015-10-27 20:08 - 01588472 _____ (LogMeIn, Inc.) C:\Users\Nadia\Downloads\Support-LogMeInRescue.exe
    2015-10-27 19:58 - 2015-10-27 19:58 - 00001506 _____ C:\Users\Nadia\Desktop\BioExplorer - Shortcut.lnk
    2015-10-27 14:02 - 2015-10-27 14:02 - 00003434 _____ C:\WINDOWS\System32\Tasks\Settings
    2015-10-27 13:57 - 2015-10-27 13:57 - 00000000 ____D C:\Program Files\Elantech
    2015-10-27 13:33 - 2015-10-27 13:33 - 00000000 ____D C:\Program Files\DIFX
    2015-10-27 13:26 - 2012-10-08 20:03 - 02212208 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-25 22:26 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
    2015-11-25 22:23 - 2015-03-10 07:31 - 00007889 _____ C:\WINDOWS\BRRBCOM.INI
    2015-11-25 22:19 - 2015-03-07 19:54 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-25 19:29 - 2015-04-10 21:55 - 00000000 ____D C:\Users\Nadia\Desktop\IMAGES
    2015-11-25 18:05 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2015-11-25 18:04 - 2015-03-07 20:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-11-25 17:50 - 2015-03-15 13:35 - 00768742 _____ C:\WINDOWS\system32\perfh007.dat
    2015-11-25 17:50 - 2015-03-15 13:35 - 00163660 _____ C:\WINDOWS\system32\perfc007.dat
    2015-11-25 17:50 - 2014-11-22 01:01 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-11-25 17:50 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
    2015-11-25 17:47 - 2015-04-16 17:41 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\Skype
    2015-11-25 17:46 - 2015-03-15 15:50 - 00000000 ____D C:\Users\Nadia\OneDrive
    2015-11-25 17:46 - 2015-03-07 20:09 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-11-25 17:42 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-11-25 17:40 - 2015-03-15 14:40 - 00000000 ____D C:\Users\Nadia
    2015-11-25 13:34 - 2015-10-16 13:05 - 00011705 _____ C:\Users\Nadia\Desktop\qEEG Interpret Guide.xlsx
    2015-11-25 13:28 - 2015-10-11 12:53 - 00000000 ___RD C:\Users\Nadia\Desktop\SHORTCUTS
    2015-11-25 13:27 - 2015-10-07 21:22 - 00000000 ____D C:\Users\Nadia\Documents\REPORTS EURIBION
    2015-11-25 13:27 - 2015-02-12 12:05 - 00000000 ____D C:\Users\Nadia\Documents\DESKTOP CLEAR UP
    2015-11-25 13:25 - 2015-08-08 15:44 - 01562357 _____ C:\Users\Nadia\Documents\BrainWorks Vertrag.zip
    2015-11-25 13:22 - 2015-08-08 15:32 - 00000000 ____D C:\Users\Nadia\Documents\BrainWorks Vertrag
    2015-11-25 13:21 - 2015-10-11 12:51 - 00000000 ____D C:\Users\Nadia\Documents\PATIENTS NEUROFEEDBACK-LONDON
    2015-11-25 09:30 - 2014-04-15 09:06 - 06176768 ___SH C:\Users\Nadia\Desktop\Thumbs.db
    2015-11-24 18:35 - 2015-10-05 16:26 - 00001910 _____ C:\Users\Public\Desktop\Samsung Update.lnk
    2015-11-24 10:30 - 2015-09-25 21:03 - 00000000 ____D C:\Users\Nadia\AppData\Local\CrashDumps
    2015-11-23 10:30 - 2015-09-20 19:37 - 01000251 _____ C:\Users\Nadia\Documents\sari euribion.pptx
    2015-11-23 10:09 - 2015-03-05 20:28 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-55422887-3470649353-2715885402-1001
    2015-11-23 08:58 - 2015-03-05 20:19 - 00000000 ____D C:\Users\Nadia\AppData\Local\Packages
    2015-11-22 10:26 - 2014-07-26 09:53 - 00000000 ____D C:\Users\Nadia\Documents\INVOICES
    2015-11-21 15:07 - 2014-10-13 11:49 - 00024064 ___SH C:\Users\Nadia\Documents\Thumbs.db
    2015-11-21 15:07 - 2014-07-13 08:33 - 03461632 ___SH C:\Users\Nadia\Downloads\Thumbs.db
    2015-11-17 11:48 - 2013-02-28 05:14 - 00000000 ____D C:\ProgramData\WinClon
    2015-11-17 11:40 - 2015-04-03 14:16 - 00000000 ____D C:\WINDOWS\Minidump
    2015-11-16 11:05 - 2015-03-28 23:47 - 00000000 ____D C:\Program Files (x86)\TorTalk
    2015-11-16 11:05 - 2015-03-28 23:46 - 00000000 ____D C:\ProgramData\Package Cache
    2015-11-16 09:48 - 2015-09-25 21:05 - 00000000 ____D C:\Users\Nadia\Downloads\PDFS
    2015-11-16 09:48 - 2015-02-12 17:16 - 00000000 ____D C:\Users\Nadia\Downloads\NFCFC
    2015-11-16 00:00 - 2015-10-17 19:54 - 00000000 ____D C:\Users\Nadia\Desktop\116___10
    2015-11-15 20:14 - 2015-03-27 09:32 - 00000000 ____D C:\Users\Nadia\Documents\ALL
    2015-11-15 14:53 - 2013-08-22 14:44 - 00516152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-11-15 14:48 - 2013-08-22 15:36 - 00000000 ___RD C:\WINDOWS\ToastData
    2015-11-15 14:45 - 2015-10-15 19:19 - 00000000 ____D C:\Users\Nadia\AppData\Local\IIIQF
    2015-11-15 14:37 - 2015-04-08 12:42 - 00000000 ____D C:\ProgramData\Isolated Storage
    2015-11-13 07:51 - 2012-07-26 07:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-11-13 07:49 - 2015-03-11 00:05 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-11-13 07:43 - 2015-03-11 00:05 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-11-11 11:04 - 2014-11-24 11:54 - 00000000 ____D C:\NFviewer
    2015-11-10 13:08 - 2015-09-05 17:55 - 00000000 ____D C:\Users\Nadia\Documents\LIBRARY
    2015-11-07 17:59 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-11-07 17:51 - 2015-03-27 20:52 - 00249856 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
    2015-11-07 17:51 - 2015-03-27 20:52 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
    2015-11-07 16:00 - 2014-08-18 23:18 - 00000000 ___RD C:\Users\Nadia\Documents\Scanned Documents
    2015-11-07 02:45 - 2015-03-07 20:09 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2015-11-07 02:45 - 2015-03-07 20:09 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2015-11-06 00:48 - 2015-07-16 14:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2015-11-06 00:48 - 2015-03-28 22:45 - 00000000 ____D C:\Program Files (x86)\DScaler5
    2015-11-01 23:22 - 2015-02-02 21:19 - 00000000 ___SD C:\Users\Nadia\Documents\My Data Sources
    2015-10-29 21:50 - 2015-03-28 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DScaler5
    2015-10-29 21:50 - 2014-11-24 11:54 - 00000000 ____D C:\SR1
    2015-10-29 21:50 - 2014-11-24 11:54 - 00000000 ____D C:\PUZZLE1
    2015-10-29 21:50 - 2014-11-24 11:54 - 00000000 ____D C:\NFplayer
    2015-10-29 21:50 - 2014-11-24 11:54 - 00000000 ____D C:\brainm.20
    2015-10-29 21:48 - 2015-03-28 22:42 - 00000000 ____D C:\Users\Nadia\AppData\Local\Downloaded Installations
    2015-10-29 21:39 - 2015-10-17 20:13 - 00000000 ____D C:\Users\Nadia\Desktop\WORKSHOP PICS
    2015-10-27 14:01 - 2013-02-28 04:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    2015-10-27 13:34 - 2015-03-15 14:25 - 00000000 ____D C:\Program Files (x86)\Intel
    2015-10-27 13:34 - 2013-02-28 05:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

    ==================== Files in the root of some directories =======

    2015-10-18 18:11 - 2015-10-18 18:13 - 32926624 _____ (CyberEvolution, Inc ) C:\Program Files (x86)\BE1.6.3.650Setup.exe
    2015-07-11 10:06 - 2015-07-11 10:06 - 43131503 _____ () C:\Program Files (x86)\inst_LORETASourceCorrelation_1.zip
    2015-07-11 10:09 - 2015-07-11 10:13 - 835109181 _____ () C:\Program Files (x86)\inst_ng_2.8.5.4.zip
    2015-07-11 09:41 - 2015-07-11 09:43 - 185743196 _____ () C:\Program Files (x86)\Inst_nla_1.0.1.zip
    2015-07-16 12:13 - 2015-07-16 12:14 - 36783747 _____ ( ) C:\Program Files (x86)\K-Lite_Codec_Pack_1128_Full.exe
    2015-04-03 15:38 - 2015-04-03 15:38 - 4824090 _____ () C:\Program Files (x86)\patch_ng_2.8.4.1.zip
    2015-07-14 20:44 - 2015-07-14 20:45 - 104288545 _____ () C:\Program Files (x86)\Setup-BasicFeedbackSuite(NeuroGuide).exe
    2015-09-23 08:36 - 2015-09-23 08:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-02-28 05:05 - 2013-02-19 07:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
    2013-02-28 05:05 - 2013-01-12 14:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
    2015-03-29 00:09 - 2015-03-29 00:09 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-24 07:23

    ==================== End of FRST.txt ============================
     
  7. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
    Ran by Nadia (2015-11-25 22:28:54)
    Running from C:\Users\Nadia\Desktop
    Windows 8.1 (X64) (2015-03-15 15:45:50)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-55422887-3470649353-2715885402-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-55422887-3470649353-2715885402-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-55422887-3470649353-2715885402-1009 - Limited - Enabled)
    Nadia (S-1-5-21-55422887-3470649353-2715885402-1001 - Administrator - Enabled) => C:\Users\Nadia

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    ANI Z-Score Biofeedback DLL (HKLM-x32\...\{FBAC1989-EB79-40BD-9FD9-9BA3BB7F30B0}) (Version: 1.1.1 - Applied NeuroScience, Inc.)
    Anna_De (HKLM-x32\...\{9B3A0E2E-CF09-48B7-918D-A0DC6C366652}) (Version: 1.0.0 - TorTalk AB)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
    Basic Feedback Suite for NeuroGuide (HKLM-x32\...\Basic Feedback Suite for NeuroGuide) (Version: - )
    BioExplorer (HKLM-x32\...\{EC75AC08-B4CE-4DFB-BD29-42C81508B0B4}) (Version: 1.00.10393 - CyberEvolution, Inc)
    Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
    BrainMaster 3.0 Series Software (HKLM-x32\...\{2E33CD70-546B-4291-AC70-37F91DE6A0FD}) (Version: 3.70.1000 - BrainMaster Technologies, Inc.)
    BrainMaster 3.0 Software (HKLM-x32\...\{88D753C1-CFFE-42A1-A873-63D6108C9033}) (Version: 3.70.5100 - BrainMaster Technologies, Inc.)
    BrainMaster Peripheral Package Suite For the 2.5 & 3.0 Series Software (HKLM-x32\...\{8E33B183-D8FF-47B6-8DD2-C55DCA3F2F51}) (Version: 1.00.0000 - BrainMaster Technologies, Inc.)
    BS Contact (HKLM-x32\...\BS Contact) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
    Cybernetic Interface System (HKLM-x32\...\Cybernetic Interface System) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version: - )
    Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
    ETDWare X64 11.7.23.4_WHQL (HKLM\...\Elantech) (Version: 11.7.23.4 - ELAN Microelectronic Corp.)
    EZ View (HKLM-x32\...\{B7CB1416-38DB-401D-AF31-9316BF5FE2EE}) (Version: 1.5.0.280 - Actions-Micro)
    f.lux (HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\Flux) (Version: - )
    Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
    Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.19.04.55 - Huawei Technologies Co.,Ltd)
    K-Lite Codec Pack 6.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.9.0 - )
    Kubios HRV (HKLM-x32\...\Kubios HRV_is1) (Version: Kubios HRV (version 2.2) - Biosignal Analysis and Medical Imaging Group)
    LORETA 2003-June (HKLM-x32\...\LORETA) (Version: - )
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Markus_GED (HKLM-x32\...\{7608F692-9BB9-49D3-A461-BFE2B2DE0A5F}) (Version: 1.0.0 - TorTalk AB)
    Math Kernel Libraries (64-bit) (Version: 14.0.6 - National Instruments) Hidden
    Math Kernel Libraries (x32 Version: 14.0.6 - National Instruments) Hidden
    MATLAB Compiler Runtime 7.17 (32-bit) (HKLM-x32\...\MATLAB Compiler Runtime R2012a) (Version: 7.17 - The MathWorks, Inc.)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mind-Body Training Tools Platform (HKLM-x32\...\{530E3CA0-6B6B-4D22-81A6-9A860DC3751F}) (Version: 1.0.0 - York Biofeedback)
    MMToolsFix (x32 Version: 1.0.0 - BeyondVR, LLC) Hidden
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MyCalmBeat (HKLM-x32\...\{5B4E8F49-E6ED-47AE-BD69-4F6A19F52C03}) (Version: 5.7.0.0 - MyBrainSolutions)
    National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
    NeuroField (HKLM-x32\...\ST6UNST #1) (Version: - )
    NeuroGuide (HKLM-x32\...\NIMDFDeployment.{61CDE810-6B77-4E73-AE38-E613496AF382}) (Version: 2.8.6 - Applied Neuroscience, Inc.)
    NeuroGuide (x32 Version: 2.8.6 - Applied Neuroscience, Inc.) Hidden
    NeuroGuide LORETA Source Correlation (HKLM-x32\...\{65C30DAB-6388-404A-BF14-17E4387D5FFC}) (Version: 1.0.0 - Applied NeuroScience, Inc.)
    NeuroGuide Patch (HKLM-x32\...\NIMDFDeployment.{257EC7E7-55CE-43B4-9897-C0E8433FA0BC}) (Version: 2.8.4 - Applied Neuroscience, Inc.)
    NeuroGuide Patch (x32 Version: 2.8.4 - Applied Neuroscience, Inc.) Hidden
    NeuroLink (HKLM-x32\...\NIMDFDeployment.{C31EC453-5881-4AE4-8589-7A986C695242}) (Version: 1.0.1 - Applied Neuroscience, Inc.)
    NeuroLink (x32 Version: 1.0.1 - Applied Neuroscience, Inc.) Hidden
    NI ActiveX Container (64-bit) (Version: 14.0.5 - National Instruments) Hidden
    NI ActiveX Container (x32 Version: 14.0.5 - National Instruments) Hidden
    NI Curl 14.0.0 (64-bit) (Version: 14.0.294 - National Instruments) Hidden
    NI Curl 2014 (x32 Version: 14.0.295 - National Instruments) Hidden
    NI Error Reporting Interface 14.0 (x32 Version: 14.0.241 - National Instruments) Hidden
    NI Error Reporting Interface 14.0 for Windows (64-bit) (Version: 14.0.241 - National Instruments) Hidden
    NI EulaDepot (x32 Version: 3.30.282 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 .NET Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 .NET Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Analysis Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Analysis Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Low-Level Driver (Original) (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Low-Level Driver (Updated) (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Network Streams Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Network Streams Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Network Variable Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 Network Variable Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS .NET Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS .NET Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS Analysis Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS Analysis Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS NS Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS NS Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS NV Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS NV Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS TDMS Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 SxS TDMS Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 TDMS Library (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI 2013 SP2 TDMS Library (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI Run-Time Engine 2013 SP2 (Updated) (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI Shared Run-Time Engine 2013 SP2 (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI Shared Run-Time Engine 2013 SP2 (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI Side-By-Side Run-Time Engine 2013 SP2 (x32 Version: 13.0.2278 - National Instruments) Hidden
    NI LabWindows/CVI SxS Run-Time Engine 2013 SP2 (64-bit) (Version: 13.0.2278 - National Instruments) Hidden
    NI Logos 5.6 (64-bit) (Version: 5.6.257 - National Instruments) Hidden
    NI Logos 5.6 (x32 Version: 5.6.257 - National Instruments) Hidden
    NI Logos XT Support (x32 Version: 5.6.253 - National Instruments) Hidden
    NI Logos64 XT Support (Version: 5.6.253 - National Instruments) Hidden
    NI MAX Remote Configuration 64-bit Installer 14.5 (Version: 14.50.49152 - National Instruments) Hidden
    NI MAX Remote Configuration Installer 14.5 (x32 Version: 14.50.49152 - National Instruments) Hidden
    NI MDF Support (x32 Version: 3.30.282 - National Instruments) Hidden
    NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
    NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
    NI SSL Support (64-bit) (Version: 14.5.10 - National Instruments) Hidden
    NI SSL Support (x32 Version: 14.5.10 - National Instruments) Hidden
    NI System API Windows 32-bit 14.5.0 (x32 Version: 14.50.84 - National Instruments) Hidden
    NI System API Windows 64-bit 14.5.0 (Version: 14.50.84 - National Instruments) Hidden
    NI TDM Streaming 14.0 (64-bit) (Version: 14.0.43 - National Instruments) Hidden
    NI TDM Streaming 14.0 (x32 Version: 14.0.43 - National Instruments) Hidden
    NI Uninstaller (x32 Version: 3.30.282 - National Instruments) Hidden
    NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
    NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
    NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
    NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
    NI Visual C++ 2008 Redistributable Package (x32 Version: 9.00.49152 - National Instruments) Hidden
    NI Visual C++ 2010 Redistributable Package (x32 Version: 10.10.16385 - National Instruments) Hidden
    NI WS Repl Library 2014SP1 (64-bit) (Version: 14.5.11 - National Instruments) Hidden
    NI WS Repl Library 2014SP1 (x32 Version: 14.5.12 - National Instruments) Hidden
    NI-Mesa (Version: 13.0.3 - National Instruments) Hidden
    NI-Mesa (x32 Version: 13.0.3 - National Instruments) Hidden
    NI-RPC 14.0.0f0 (x32 Version: 14.00.49152 - National Instruments) Hidden
    NI-RPC 14.0.0f0 for 64 Bit Windows (Version: 14.00.49152 - National Instruments) Hidden
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
    Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
    Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.)
    PDF OwnerGuard User Edition (HKLM-x32\...\PDFUser) (Version: 12.7.7 - Armjisoft DRM Systems)
    PEAK-Drivers (HKLM\...\{7521CAFF-C141-41D8-8288-00AB295E9164}) (Version: 4.0.14.0 - PEAK-System Technik GmbH)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
    Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
    Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.1 - Samsung Electronics CO., LTD.)
    S Agent (Version: 1.1.54 - Samsung Electronics CO., LTD.) Hidden
    Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.)
    Sentinel Runtime (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
    Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
    Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
    Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
    Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-55422887-3470649353-2715885402-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Restore Points =========================

    23-09-2015 08:23:27 Installed SW Update
    24-09-2015 09:57:02 Installed Samsung Update
    05-10-2015 16:25:42 Installed Samsung Update
    08-10-2015 23:41:22 Removed MyOffice.NET
    16-10-2015 07:05:53 Windows Update
    18-10-2015 19:33:09 Installed BioExplorer
    22-10-2015 08:01:44 Windows Update
    27-10-2015 13:57:47 Installed Settings
    29-10-2015 21:49:07 Installed BrainMaster 3.0 Series Software.
    07-11-2015 17:54:46 Installed PEAK-Drivers
    13-11-2015 07:40:21 Windows Update
    16-11-2015 00:04:19 NOV2015postvir

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
  8. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {06B30901-DACC-4ACE-ABF1-455E27AEFF0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.)
    Task: {1E34032E-A7BA-4160-95FA-DDAA738AD11C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
    Task: {2EDB7B2D-60F3-4509-96AF-C454B9AA62A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
    Task: {4E806AB6-B52B-4C8D-829E-757C6DC34FA6} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-08-05] (Samsung Electronics CO., LTD.)
    Task: {53E248E6-7860-4417-B311-A0155710BB53} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
    Task: {632F8675-3959-4EF6-B061-4374D3849DD6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
    Task: {97F6541F-6DE1-4E05-80E5-53DCBDFD1FE9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-13] (Microsoft Corporation)
    Task: {BA8286D6-CE1C-41BD-9EC3-AFFEC297AB29} - System32\Tasks\{15177FDF-512C-4AC4-BB52-0F3C6CE43D7F} => pcalua.exe -a "C:\Users\Nadia\Desktop\LORETAsetup (3).exe" -d C:\Users\Nadia\Desktop
    Task: {BB672A06-F03B-49B1-A873-28F561DF90F6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-20] (AVAST Software)
    Task: {CB281BA2-F3EA-47A5-AFBD-90A642FD23C9} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
    Task: {E0F64493-1A6C-47DB-A009-1E401A8FCAAE} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2015-07-14] (SEC)
    Task: {EA2EF5FC-2F0E-456B-A1EB-0CE9E50B1D31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.)
    Task: {ED32D153-8914-4D45-A9B9-7EA024B4CC0E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
    Task: {F32612E9-0E7B-41DB-B2DA-72FB961647F9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
    Task: {F864A15B-AC73-4055-86BD-57E3C4465AA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
    Task: {FE062096-7614-4C13-8B0D-D4A9192A4DDA} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BioEra Pro\BioEra (console).lnk -> C:\Program Files (x86)\BioEraPro\start_console.bat () <==== ATTENTION
    Shortcut: C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BioEra Pro\BioEra (runtime only).lnk -> C:\Program Files (x86)\BioEraPro\start_runtime.bat () <==== ATTENTION
    Shortcut: C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BioEra Pro\BioEra Pro.lnk -> C:\Program Files (x86)\BioEraPro\start.bat () <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2014-01-15 03:42 - 2014-01-15 03:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
    2015-10-17 14:34 - 2014-04-26 06:15 - 00682064 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    2015-10-30 08:36 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-08-05 15:32 - 2015-08-05 15:32 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
    2014-06-17 07:32 - 2014-06-17 07:32 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2014-06-17 07:29 - 2014-06-17 07:29 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2014-10-01 19:54 - 2014-10-01 19:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-06-17 07:35 - 2014-06-17 07:35 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2014-06-17 07:36 - 2014-06-17 07:36 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
    2015-03-07 20:29 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-09-20 14:44 - 2015-09-20 14:44 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-09-20 14:44 - 2015-09-20 14:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-11-25 14:28 - 2015-11-25 14:28 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112500\algo.dll
    2015-11-25 22:30 - 2015-11-25 22:30 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112501\algo.dll
    2015-10-17 14:34 - 2013-08-16 06:53 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
    2015-10-17 14:34 - 2013-08-16 06:53 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
    2015-10-17 14:34 - 2014-02-15 07:31 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
    2015-10-17 14:34 - 2014-02-15 07:33 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
    2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
    2015-09-20 14:44 - 2015-09-20 14:44 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-10-05 16:28 - 2013-09-16 11:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-11-11 19:20 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
    2015-11-11 19:20 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
    2015-11-11 19:20 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
    2015-03-07 20:29 - 2015-03-07 20:29 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2015-08-22 10:12 - 2015-09-25 02:28 - 00194728 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\IEAWSDC.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nadia\Desktop\brain active.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "Bitcasa"
    HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{FE47F8AA-077A-498E-A47B-9A01362A232D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{49D5AF97-F09B-41D3-98FE-2EC0476D5382}] => (Allow) LPort=1900
    FirewallRules: [{1F019AE4-D335-4982-9DD2-0AF1F6249806}] => (Allow) LPort=2869
    FirewallRules: [{B29D34E5-1A5E-4A7D-8D31-178FEDFC7A1F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{B8B1677C-D8E7-4493-BBF2-1851B5C8A4DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{3E834AFF-0192-4EEC-B30E-093AF2534F7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{2E7E7787-8E2A-4B65-B187-2EFAC69E839D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{D5474C53-0536-4119-949C-E4AD23EA45FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0C69C99D-6AB2-4166-B11E-F50829C9BA4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{055C0A6F-C7AD-425B-BDAC-C6BF93C98DE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{112ED5A4-C8ED-4608-ADE3-1AEA9C0278EA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{F086AF3B-0061-4FB6-8713-D91F3251C411}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{680F8D81-A14C-4507-99F2-A41A95F188B0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{F8D690EB-246A-4B40-B964-527D53F40BDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{BD28E979-C989-412A-8A74-A3E2BC31659E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{E16F5F87-3E0A-4FDD-87A6-863F6C9B80D2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{C763DE46-4B02-4086-852E-741C72901854}C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe] => (Allow) C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe
    FirewallRules: [UDP Query User{E8E11067-0AB2-4E6D-A669-D90C1C2BED2E}C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe] => (Allow) C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe
    FirewallRules: [TCP Query User{ECF34E45-BD6A-4708-AE19-600423EA16D8}C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe] => (Allow) C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe
    FirewallRules: [UDP Query User{13524D83-21B5-4C71-B922-3B98A5DC73B8}C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe] => (Allow) C:\program files (x86)\cis\ng\basic feedback suite\basic feedback suite.exe
    FirewallRules: [{BED925ED-EAE7-4B4E-BCED-ADB48FECF9C5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{B9B887A8-946F-40A1-BA4E-2CBC0C70298B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [TCP Query User{51657E97-A3ED-48FB-96D8-B01D9E06729C}C:\program files (x86)\ez view\ez view.exe] => (Allow) C:\program files (x86)\ez view\ez view.exe
    FirewallRules: [UDP Query User{6315E4D8-AAB7-45D6-839C-A8331890F1F5}C:\program files (x86)\ez view\ez view.exe] => (Allow) C:\program files (x86)\ez view\ez view.exe
    FirewallRules: [{83D5D2D5-6C2B-4932-86D0-BB940D9FC77F}] => (Allow) C:\WINDOWS\system32\hasplms.exe
    FirewallRules: [{FF331EFD-BB88-4A78-80A7-B651BD9DDCA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{8087E0BF-D7A3-4C31-95DE-BC31BBFEAA36}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{1C1024D9-3173-452B-BF5B-B4BCFAAE65F7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

    ==================== Faulty Device Manager Devices =============

    Name: Unknown USB Device (Device Descriptor Request Failed)
    Description: Unknown USB Device (Device Descriptor Request Failed)
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/24/2015 11:09:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program VLC_WinRT.Windows.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: cc0

    Start Time: 01d1270d24aea7d0

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\VideoLAN.VLCforWindows8_1.4.1.0_x86__paz6r1rewnh0a\VLC_WinRT.Windows.exe

    Report Id: 6c2c45b2-9300-11e5-bebc-2cd05abfd1d4

    Faulting package full name: VideoLAN.VLCforWindows8_1.4.1.0_x86__paz6r1rewnh0a

    Faulting package-relative application ID: App

    Error: (11/24/2015 11:09:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PEGASUS)
    Description: App VideoLAN.VLCforWindows8_1.4.1.0_x86__paz6r1rewnh0a+App did not launch within its allotted time.

    Error: (11/24/2015 10:30:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Faulting module name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Exception code: 0xc0000005
    Fault offset: 0x002d2e5b
    Faulting process ID: 0x2368
    Faulting application start time: 0xng.exe0
    Faulting application path: ng.exe1
    Faulting module path: ng.exe2
    Report ID: ng.exe3
    Faulting package full name: ng.exe4
    Faulting package-relative application ID: ng.exe5

    Error: (11/24/2015 10:30:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Faulting module name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Exception code: 0xc0000005
    Fault offset: 0x002d2e5b
    Faulting process ID: 0x1c80
    Faulting application start time: 0xng.exe0
    Faulting application path: ng.exe1
    Faulting module path: ng.exe2
    Report ID: ng.exe3
    Faulting package full name: ng.exe4
    Faulting package-relative application ID: ng.exe5

    Error: (11/24/2015 10:30:10 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Faulting module name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Exception code: 0xc0000005
    Fault offset: 0x002d2e5b
    Faulting process ID: 0x273c
    Faulting application start time: 0xng.exe0
    Faulting application path: ng.exe1
    Faulting module path: ng.exe2
    Report ID: ng.exe3
    Faulting package full name: ng.exe4
    Faulting package-relative application ID: ng.exe5

    Error: (11/22/2015 05:33:24 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/22/2015 05:33:19 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/22/2015 03:19:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Faulting module name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Exception code: 0xc0000005
    Fault offset: 0x002d2e5b
    Faulting process ID: 0x1a78
    Faulting application start time: 0xng.exe0
    Faulting application path: ng.exe1
    Faulting module path: ng.exe2
    Report ID: ng.exe3
    Faulting package full name: ng.exe4
    Faulting package-relative application ID: ng.exe5

    Error: (11/22/2015 03:19:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Faulting module name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Exception code: 0xc0000005
    Fault offset: 0x002d2e5b
    Faulting process ID: 0x2040
    Faulting application start time: 0xng.exe0
    Faulting application path: ng.exe1
    Faulting module path: ng.exe2
    Report ID: ng.exe3
    Faulting package full name: ng.exe4
    Faulting package-relative application ID: ng.exe5

    Error: (11/22/2015 03:19:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Faulting module name: ng.exe, version: 2.8.6.2, time stamp: 0x5617d1ee
    Exception code: 0xc0000005
    Fault offset: 0x002d2e5b
    Faulting process ID: 0x1b2c
    Faulting application start time: 0xng.exe0
    Faulting application path: ng.exe1
    Faulting module path: ng.exe2
    Report ID: ng.exe3
    Faulting package full name: ng.exe4
    Faulting package-relative application ID: ng.exe5


    System errors:
    =============
    Error: (11/25/2015 05:42:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Internet Manager. OUC service failed to start due to the following error:
    %%1053

    Error: (11/25/2015 05:42:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Internet Manager. OUC service to connect.

    Error: (11/25/2015 05:40:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

    Error: (11/17/2015 00:22:53 PM) (Source: disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (11/17/2015 11:44:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (11/17/2015 11:44:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with the following service-specific error:
    %%2147749126

    Error: (11/17/2015 11:42:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The TeamViewer 10 service did not respond on starting.

    Error: (11/17/2015 11:41:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Internet Manager. OUC service failed to start due to the following error:
    %%1053

    Error: (11/17/2015 11:41:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Internet Manager. OUC service to connect.

    Error: (11/17/2015 11:40:45 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x0000007e (0xffffffffc0000005, 0xfffff800b48c43de, 0xffffd00023524c08, 0xffffd00023524410)C:\WINDOWS\MEMORY.DMP111715-30359-01


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
    Percentage of memory in use: 31%
    Total physical RAM: 8077.69 MB
    Available physical RAM: 5524.13 MB
    Total Virtual: 16269.69 MB
    Available Virtual: 13280.74 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:910.14 GB) (Free:485.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: BEE0E1E4)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  9. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Thank you. What do I do next?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Fix result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
    Ran by Nadia (2015-11-26 00:32:00) Run:1
    Running from C:\Users\Nadia\Desktop
    Loaded Profiles: Nadia (Available Profiles: Nadia & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\MountPoints2: {24c41359-744c-11e5-beb3-2cd05abfd1d4} - "D:\AutoRun.exe"
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\...\MountPoints2: {24c413c8-744c-11e5-beb3-2cd05abfd1d4} - "D:\AutoRun.exe"
    AppInit_DLLs-x32: OGPDFLoader.dll => No File
    SearchScopes: HKU\S-1-5-21-55422887-3470649353-2715885402-1001 -> DefaultScope {E58760E9-0807-4073-98A8-AF759D2639F6} URL =
    SearchScopes: HKU\S-1-5-21-55422887-3470649353-2715885402-1001 -> {E58760E9-0807-4073-98A8-AF759D2639F6} URL =
    2015-10-18 18:11 - 2015-10-18 18:13 - 32926624 _____ (CyberEvolution, Inc ) C:\Program Files (x86)\BE1.6.3.650Setup.exe
    2015-07-11 10:06 - 2015-07-11 10:06 - 43131503 _____ () C:\Program Files (x86)\inst_LORETASourceCorrelation_1.zip
    2015-07-11 10:09 - 2015-07-11 10:13 - 835109181 _____ () C:\Program Files (x86)\inst_ng_2.8.5.4.zip
    2015-07-11 09:41 - 2015-07-11 09:43 - 185743196 _____ () C:\Program Files (x86)\Inst_nla_1.0.1.zip
    2015-07-16 12:13 - 2015-07-16 12:14 - 36783747 _____ ( ) C:\Program Files (x86)\K-Lite_Codec_Pack_1128_Full.exe
    2015-04-03 15:38 - 2015-04-03 15:38 - 4824090 _____ () C:\Program Files (x86)\patch_ng_2.8.4.1.zip
    2015-07-14 20:44 - 2015-07-14 20:45 - 104288545 _____ () C:\Program Files (x86)\Setup-BasicFeedbackSuite(NeuroGuide).exe
    2015-09-23 08:36 - 2015-09-23 08:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-02-28 05:05 - 2013-02-19 07:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
    2013-02-28 05:05 - 2013-01-12 14:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
    2015-03-29 00:09 - 2015-03-29 00:09 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    *****************

    "HKU\S-1-5-21-55422887-3470649353-2715885402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c41359-744c-11e5-beb3-2cd05abfd1d4}" => key removed successfully
    HKCR\CLSID\{24c41359-744c-11e5-beb3-2cd05abfd1d4} => key not found.
    "HKU\S-1-5-21-55422887-3470649353-2715885402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c413c8-744c-11e5-beb3-2cd05abfd1d4}" => key removed successfully
    HKCR\CLSID\{24c413c8-744c-11e5-beb3-2cd05abfd1d4} => key not found.
    "OGPDFLoader.dll" => Value data removed successfully.
    HKU\S-1-5-21-55422887-3470649353-2715885402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-55422887-3470649353-2715885402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E58760E9-0807-4073-98A8-AF759D2639F6}" => key removed successfully
    HKCR\CLSID\{E58760E9-0807-4073-98A8-AF759D2639F6} => key not found.
    C:\Program Files (x86)\BE1.6.3.650Setup.exe => moved successfully
    C:\Program Files (x86)\inst_LORETASourceCorrelation_1.zip => moved successfully
    C:\Program Files (x86)\inst_ng_2.8.5.4.zip => moved successfully
    C:\Program Files (x86)\Inst_nla_1.0.1.zip => moved successfully
    C:\Program Files (x86)\K-Lite_Codec_Pack_1128_Full.exe => moved successfully
    C:\Program Files (x86)\patch_ng_2.8.4.1.zip => moved successfully
    C:\Program Files (x86)\Setup-BasicFeedbackSuite(NeuroGuide).exe => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\MakeMarkerFile.exe => moved successfully
    C:\ProgramData\MakeMarkerFile.xml => moved successfully
    C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => moved successfully

    ==== End of Fixlog 00:32:01 ====
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  13. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Thank you for taking the time, Broni.
    Apologies for creating an extra topic, wasn't sure to what extent to follow the instructions.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No problem :)
     
  15. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Reader 10.1.14 Adobe Reader out of Date!
    Google Chrome (46.0.2490.80)
    Google Chrome (46.0.2490.86)
    ````````Process Check: objlist.exe by Laurent````````
    Internet Manager OnlineUpdate ouc.exe
    Symantec Norton Online Backup NOBuAgent.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast ng vbox\AvastVBoxSVC.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 10-06-2014
    Ran by Nadia (administrator) on 26-11-2015 at 00:45:03
    Running from "C:\Users\Nadia\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
     
  16. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    TFC from the link above is classified as a malware and blocked by avast. TFC from alternative location is allowed. Is it ok/necessary to use the alternative one?
    Thank you.
     
    Last edited: Nov 25, 2015
  17. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Dear Broni, I would need to go and get a few hours sleep now... Will wait for your answer and will post the rest tomorrow morning.
    I am so grateful for your help!
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Disable Avast temporarily and then get TFC.
     
  19. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Ok, done, thank you, Broni.
    Log from TFC window

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default.migrated

    User: EasySurvey

    User: Nadia
    ->Temp folder emptied: 5988710 bytes
    ->Temporary Internet Files folder emptied: 86971556 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 355627264 bytes
    ->Flash cache emptied: 790 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8672433 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 674942249 bytes
    Process complete!

    Total Files Cleaned = 1,080.00 mb
     
  20. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Just an update... running sophos.... for hours. Will paste a log, once done
    Thank you.
     
  21. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    2015-11-26 15:18:10.542 Sophos Virus Removal Tool version 2.5.5
    2015-11-26 15:18:10.542 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-11-26 15:18:10.542 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-11-26 15:18:10.542 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2015-11-26 15:18:10.543 Checking for updates...
    2015-11-26 15:18:10.551 Update progress: proxy server not available
    2015-11-26 15:18:18.953 Option all = no
    2015-11-26 15:18:18.953 Option recurse = yes
    2015-11-26 15:18:23.563 Option archive = no
    2015-11-26 15:18:23.563 Option service = yes
    2015-11-26 15:18:23.563 Option confirm = yes
    2015-11-26 15:18:23.563 Option sxl = yes
    2015-11-26 15:18:23.563 Option max-data-age = 35
    2015-11-26 15:18:23.563 Option EnableSafeClean = yes
    2015-11-26 15:18:29.257 Option vdl-logging = yes
    2015-11-26 15:18:29.267 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-11-26 15:18:29.267 Machine ID: cc1f101cdd7e44b8bd40c22d2d163f9d
    2015-11-26 15:18:29.268 Component SVRTcli.exe version 2.5.5
    2015-11-26 15:18:29.269 Component control.dll version 2.5.5
    2015-11-26 15:18:29.269 Component SVRTservice.exe version 2.5.5
    2015-11-26 15:18:29.269 Component engine\osdp.dll version 1.44.1.2230
    2015-11-26 15:18:29.269 Component engine\veex.dll version 3.63.0.2230
    2015-11-26 15:18:29.269 Component engine\savi.dll version 9.0.0.2230
    2015-11-26 15:18:29.269 Component rkdisk.dll version 1.5.30.0
    2015-11-26 15:18:29.270 Version info: Product version 2.5.5
    2015-11-26 15:18:29.270 Version info: Detection engine 3.63.0
    2015-11-26 15:18:29.270 Version info: Detection data 5.21
    2015-11-26 15:18:29.270 Version info: Build date 10/11/2015
    2015-11-26 15:18:29.270 Version info: Data files added 205
    2015-11-26 15:18:29.270 Version info: Last successful update (not yet updated)
    2015-11-26 15:18:50.038 Downloading updates...
    2015-11-26 15:18:50.040 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-11-26 15:18:50.040 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-11-26 15:18:50.040 Update progress: [I49502] Found supplement IDE522 LATEST
    2015-11-26 15:18:50.040 Update progress: [I49502] Found supplement IDE523 LATEST
    2015-11-26 15:18:50.040 Update progress: [I49502] Found supplement IDE524 LATEST
    2015-11-26 15:18:50.040 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-11-26 15:18:50.040 Update progress: [I19463] Syncing product SAVIW32 62
    2015-11-26 15:18:50.261 Update progress: [I19463] Syncing product IDE522 134
    2015-11-26 15:18:50.383 Installing updates...
    2015-11-26 15:18:50.986 Error level 1
    2015-11-26 15:18:50.999 Update progress: [I19463] Syncing product IDE523 73
    2015-11-26 15:18:50.999 Update progress: [I19463] Syncing product IDE524 1
    2015-11-26 15:19:28.960 Update successful
    2015-11-26 15:19:47.470 Option all = no
    2015-11-26 15:19:47.470 Option recurse = yes
    2015-11-26 15:19:47.470 Option archive = no
    2015-11-26 15:19:47.470 Option service = yes
    2015-11-26 15:19:47.470 Option confirm = yes
    2015-11-26 15:19:47.470 Option sxl = yes
    2015-11-26 15:19:47.471 Option max-data-age = 35
    2015-11-26 15:19:47.471 Option EnableSafeClean = yes
    2015-11-26 15:19:47.981 Option vdl-logging = yes
    2015-11-26 15:19:47.984 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-11-26 15:19:47.984 Machine ID: cc1f101cdd7e44b8bd40c22d2d163f9d
    2015-11-26 15:19:47.984 Component SVRTcli.exe version 2.5.5
    2015-11-26 15:19:47.984 Component control.dll version 2.5.5
    2015-11-26 15:19:47.984 Component SVRTservice.exe version 2.5.5
    2015-11-26 15:19:47.985 Component engine\osdp.dll version 1.44.1.2230
    2015-11-26 15:19:47.985 Component engine\veex.dll version 3.63.0.2230
    2015-11-26 15:19:47.985 Component engine\savi.dll version 9.0.0.2230
    2015-11-26 15:19:47.985 Component rkdisk.dll version 1.5.30.0
    2015-11-26 15:19:47.985 Version info: Product version 2.5.5
    2015-11-26 15:19:47.985 Version info: Detection engine 3.63.0
    2015-11-26 15:19:47.985 Version info: Detection data 5.21
    2015-11-26 15:19:47.985 Version info: Build date 10/11/2015
    2015-11-26 15:19:47.985 Version info: Data files added 205
    2015-11-26 15:19:47.985 Version info: Last successful update 26/11/2015 15:19:28

    2015-11-26 15:44:14.803 >>> Virus 'Mal/VBCheMan-C' found in file C:\brainm.20\extrasw\George Martin Games\SR1\Space.exe
    2015-11-26 15:44:22.947 Could not open C:\hiberfil.sys
    2015-11-26 15:44:55.353 Could not open C:\pagefile.sys
    2015-11-26 16:05:21.140 Could not open C:\swapfile.sys
    2015-11-26 16:05:22.185 Could not open C:\System Volume Information\{2099f45b-6ce7-11e5-beb3-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.185 Could not open C:\System Volume Information\{209a0cf8-6ce7-11e5-beb3-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.185 Could not open C:\System Volume Information\{24c41c4c-744c-11e5-beb3-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.186 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.186 Could not open C:\System Volume Information\{38e0b23b-7cb4-11e5-beb6-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.187 Could not open C:\System Volume Information\{3a754d22-7636-11e5-beb4-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.187 Could not open C:\System Volume Information\{42ea9a08-8579-11e5-beb9-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.187 Could not open C:\System Volume Information\{60b0562d-69d5-11e5-beb1-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.187 Could not open C:\System Volume Information\{7b634484-7cb1-11e5-beb5-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.188 Could not open C:\System Volume Information\{7f4b72dc-8bcd-11e5-bebb-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.188 Could not open C:\System Volume Information\{828c34e8-61f2-11e5-beaf-1867b0326f8a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.188 Could not open C:\System Volume Information\{9252f939-83d2-11e5-beb8-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.188 Could not open C:\System Volume Information\{c432632a-939b-11e5-bebd-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:22.189 Could not open C:\System Volume Information\{ee09a311-6081-11e5-bead-2cd05abfd1d4}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-11-26 16:05:29.872 Could not open C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2015-11-26 16:05:29.872 Could not open C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    2015-11-26 16:05:30.025 Could not check C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK (virus scan failed)
    2015-11-26 16:05:30.081 Could not check C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-11-26 16:05:43.513 Could not check C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
    2015-11-26 16:05:43.518 Could not check C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
    2015-11-26 16:05:43.922 Could not check C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-11-26 16:05:45.439 Could not check C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
    2015-11-26 16:05:45.548 Could not check C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-11-26 16:48:29.336 Password protected file C:\Users\Nadia\Downloads\BAWL-R.xls
    2015-11-26 16:59:05.028 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-11-26 16:59:05.029 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-11-26 16:59:08.917 Could not open C:\Windows\System32\config\BBI
    2015-11-26 16:59:09.220 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-11-26 16:59:09.252 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-11-26 16:59:09.254 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-11-26 16:59:09.268 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-11-26 16:59:09.270 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-11-26 17:11:27.144 Could not open C:\Windows\Temp\TmpFile1
    2015-11-26 17:26:27.453 The following items will be cleaned up:
    2015-11-26 17:26:27.461 Mal/VBCheMan-C
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  23. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Thank you so much Broni!
    Can you, please, tell me, if the problem in my computer was created by the virus listed in the last line of the sophos report?

    Another, perhaps silly question, in the sophos report log there were several "could not open" and "virus scan failed" statements. Does this mean that some viruses might have escaped the check?

    Thank you.
     
    Last edited: Nov 26, 2015
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No and no.

    Good luck and stay safe :)
     
  25. nadiahri

    nadiahri TS Rookie Topic Starter Posts: 21

    Cannot thank you enough, Broni.
    Getting quick and professional help (and free of charge) when you really need it, feels not only great but it is inspiring too. With my computer fixed I would be able to do this for others as well.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...