Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Suspicious behavior of my PC


sok_pip
 Share

Recommended Posts

Hello. Lately I have been encountering some problems  with my PC. Fistly I have seen that it is going slower in some programs. Then I saw that it started freezing during some procedures (eg when I have many windows open with openoffice, it sometimes freezes). I also have problems when I open image files such as .tiff (freezes too). Today I saw that it cannot open image files with Preview. I can see them in windows explorer preview, but when I duoble click, it says that Picture Preview cannot read that file! I think that maybe I have some kind of virus. My system is Windows 7 64bit.

Can anyone help me? Thank you!

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,
 
Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt and Shortcut.txt are checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.


 

Let me see those logs....

Link to post
Share on other sites

Hi Kevin! This is MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/12/2015
Scan Time: 10:53
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.11.02
Rootkit Database: v2015.12.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 511148
Time Elapsed: 33 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.OptimizerPro, C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe, 2884, Delete-on-Reboot, [04cae3c0e2a916209f05f3b0e91947b9]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 69
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, Quarantined, [27a72380583338fe4aa06fe621e11de3], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, Quarantined, [27a72380583338fe4aa06fe621e11de3], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, Quarantined, [27a72380583338fe4aa06fe621e11de3], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\TYPELIB\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\INTERFACE\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WebCakeIEClient.Api.1, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WebCakeIEClient.Api, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebCakeIEClient.Api, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\WebCakeIEClient.Api, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebCakeIEClient.Api.1, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\WebCakeIEClient.Api.1, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6B0594-6008-4327-93E5-608AD710A6FA}, Quarantined, [f2dcd6cd9cef0630f7f482d30bf78a76], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, Quarantined, [03cb3172a8e34aec29c33c19659d39c7], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, Quarantined, [03cb3172a8e34aec29c33c19659d39c7], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, Quarantined, [f1ddf5aef596ef47fbf2371e54aefe02], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, Quarantined, [f1ddf5aef596ef47fbf2371e54aefe02], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WebCakeIEClient.Layers, Quarantined, [418d9d06b7d492a443a661f4e41e639d], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WebCakeIEClient.Layers.1, Quarantined, [636b069d36551c1aeffa76dfb54d59a7], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebCakeIEClient.Layers, Quarantined, [636b069d36551c1aeffa76dfb54d59a7], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WebCakeIEClient.Layers.1, Quarantined, [636b069d36551c1aeffa76dfb54d59a7], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\WebCakeIEClient.Layers, Quarantined, [636b069d36551c1aeffa76dfb54d59a7], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\WebCakeIEClient.Layers.1, Quarantined, [636b069d36551c1aeffa76dfb54d59a7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [ebe3bae95b3094a2c87bcc8c8979e818], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [b816c4df9af1d165e162bb9d18ea9c64], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [b816c4df9af1d165e162bb9d18ea9c64], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [b816c4df9af1d165e162bb9d18ea9c64], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [b816c4df9af1d165e162bb9d18ea9c64], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [b816c4df9af1d165e162bb9d18ea9c64], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [b816c4df9af1d165e162bb9d18ea9c64], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [d5f95251018aef47ab9889cf0ef48f71], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [c10d950e83081a1c4ff492c6b84a33cd], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\APPID\WebCakeIEClient.DLL, Quarantined, [319d703344474aecf7a7b00b38cb39c7], 
PUP.Optional.WebCake, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\WebCakeIEClient.DLL, Quarantined, [fcd2267d97f468cef1ad18a3659e916f], 
PUP.Optional.BetterSoft, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\schedule!3036567561, Delete-on-Reboot, [efdf356e99f24ee8f1def6cccf34b947], 
PUP.Optional.WebCake, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, Quarantined, [dbf30a99602b0a2c3f635269dd263ac6], 
PUP.Optional.DiscountBuddy, HKLM\SOFTWARE\WOW6432NODE\Discount Buddy, Quarantined, [ce0003a09eedfb3b0401fd91966de21e], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\WebCakeIEClient.DLL, Quarantined, [319d584b76152412722cefcc9b686898], 
PUP.Optional.WebCake, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, Quarantined, [7856adf63b5064d2b4edbffcb25118e8], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211671166}, Quarantined, [933be0c3325961d5998f8606689b8d73], 
PUP.Optional.BundleInstaller, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, Quarantined, [6b63f8abb2d9d46248cc077d2cd7b64a], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\TYPELIB\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\INTERFACE\{19DF2320-6A8A-4942-AC4C-C449949DFC27}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4325}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\INTERFACE\{5B113BE7-98FF-4DA7-8441-D3AAE3836AE4}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\INTERFACE\{662CA6E1-37D8-4C12-8586-3AC64DF96187}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\INTERFACE\{8A2DAA70-D6C9-4BAA-B9CA-DE8A9F49CA12}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{19DF2320-6A8A-4942-AC4C-C449949DFC27}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4325}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5B113BE7-98FF-4DA7-8441-D3AAE3836AE4}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{662CA6E1-37D8-4C12-8586-3AC64DF96187}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8A2DAA70-D6C9-4BAA-B9CA-DE8A9F49CA12}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{19DF2320-6A8A-4942-AC4C-C449949DFC27}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4325}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5B113BE7-98FF-4DA7-8441-D3AAE3836AE4}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{662CA6E1-37D8-4C12-8586-3AC64DF96187}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8A2DAA70-D6C9-4BAA-B9CA-DE8A9F49CA12}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
 
Registry Values: 3
PUP.Optional.StartPage, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, Quarantined, [7c52c3e05932e74f071e9eb75ca6e21e], 
PUP.Optional.StartPage, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, Quarantined, [7c52c3e05932e74f071e9eb75ca6e21e]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211671166}|AppName, Discount Buddy-bg.exe, Quarantined, [933be0c3325961d5998f8606689b8d73]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.Software.Updater, C:\Program Files (x86)\SoftwareUpdater, Quarantined, [339b3e65008b4beb41a40bb562a119e7], 
PUP.Optional.DiscountBuddy, C:\Users\PC\AppData\Local\Discount Buddy, Quarantined, [923c83204d3ec0768f216a19010143bd], 
PUP.Optional.ASK.Gen, C:\Users\PC\AppData\Local\Temp\APN-Stub, Quarantined, [616d8e1578133501ef3158497092fe02], 
PUP.Optional.OptimizerPro, C:\ProgramData\BetterSoft\OptimizerPro, Delete-on-Reboot, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, C:\ProgramData\BetterSoft\OptimizerPro\3036567561, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
 
Files: 16
PUP.Optional.Vittalia, C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe, Quarantined, [9539d8cb49423df96ceeaa1643bd45bb], 
PUP.Optional.Software.Updater, C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe, Quarantined, [f7d7782b95f682b4462b39fdc43d5ca4], 
PUP.Optional.VIT, C:\Users\PC\AppData\Local\Temp\itinstallerp.exe, Quarantined, [4b832d76c7c4e551c18c3b5e916f2bd5], 
PUP.Optional.OptimizePro, C:\Users\PC\AppData\Local\Temp\{E7246514-FF19-4584-A76F-B73B3CC747E2}\Addons\OptimizerProInstaller.exe, Quarantined, [bb13fca7e4a756e0b5124edfcc345ea2], 
PUP.Optional.BundleInstaller, C:\Windows\Temp\installer.exe, Quarantined, [f0de6f3433589e986187acf37094a45c], 
PUP.Optional.Software.Updater, C:\Program Files (x86)\SoftwareUpdater\Interop.Shell32.dll, Quarantined, [339b3e65008b4beb41a40bb562a119e7], 
PUP.Optional.Software.Updater, C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.config, Quarantined, [339b3e65008b4beb41a40bb562a119e7], 
PUP.Optional.Software.Updater, C:\Program Files (x86)\SoftwareUpdater\config.xml, Quarantined, [339b3e65008b4beb41a40bb562a119e7], 
PUP.Optional.Software.Updater, C:\Program Files (x86)\SoftwareUpdater\KeyGen.dll, Quarantined, [339b3e65008b4beb41a40bb562a119e7], 
PUP.Optional.Software.Updater, C:\Program Files (x86)\SoftwareUpdater\uninstall.exe, Quarantined, [339b3e65008b4beb41a40bb562a119e7], 
PUP.Optional.BetterSoft, C:\Windows\System32\Tasks\schedule!3036567561, Quarantined, [12bc03a06526b97d9d302f93b44fd12f], 
PUP.Optional.BetterSoft, C:\Windows\Tasks\schedule!3036567561.job, Quarantined, [24aa287b602b88ae8a444e74c73c1be5], 
PUP.Optional.OptimizerPro, C:\ProgramData\BetterSoft\OptimizerPro\3036567561.dll, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, C:\ProgramData\BetterSoft\OptimizerPro\3036567561.ini, Quarantined, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.OptimizerPro, C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe, Delete-on-Reboot, [04cae3c0e2a916209f05f3b0e91947b9], 
PUP.Optional.CrossRider, C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "13efa1a6c626c2382a3baeee685dcebe");), Replaced,[86484261e7a4b2842e719c06f01413ed]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

FRST Log: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by PC (administrator) on SOK (11-12-2015 11:38:12)
Running from C:\Σωκράτης\Downloads
Loaded Profiles: PC (Available Profiles: PC & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [929680 2011-09-29] (Samsung)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1583893340-779261840-703882173-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-29] ()
HKU\S-1-5-21-1583893340-779261840-703882173-1001\...\Run: [boxoft Tools] => "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
HKU\S-1-5-21-1583893340-779261840-703882173-1001\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2014-09-02] (Mobile Stream)
HKU\S-1-5-21-1583893340-779261840-703882173-1001\...\Run: [Dropbox Update] => C:\Users\PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2015-09-14] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-10-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Παρακολούθηση ειδοποιήσεων μελάνης - HP Deskjet 1510 series.lnk [2015-12-11]
ShortcutTarget: Παρακολούθηση ειδοποιήσεων μελάνης - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1583893340-779261840-703882173-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1CC3996E-3F1C-4A52-8097-5DCD334F6BE0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E8FD01D-96B9-46D7-ABD7-39D64D9B9B71}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8A0B600A-2CE0-421B-B025-55188F150DCC}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1583893340-779261840-703882173-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1583893340-779261840-703882173-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1583893340-779261840-703882173-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {E5883E74-ADB7-4813-8E33-6894B0E0E3C6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E00BB0E7-F3BE-4CD3-BEBF-3096E598EB19} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1583893340-779261840-703882173-1001 -> DefaultScope {E5883E74-ADB7-4813-8E33-6894B0E0E3C6} URL = 
SearchScopes: HKU\S-1-5-21-1583893340-779261840-703882173-1001 -> {E00BB0E7-F3BE-4CD3-BEBF-3096E598EB19} URL = 
SearchScopes: HKU\S-1-5-21-1583893340-779261840-703882173-1001 -> {E5883E74-ADB7-4813-8E33-6894B0E0E3C6} URL = 
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-02-06] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-02-06] (Sun Microsystems, Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> No File
BHO-x32: Βοηθός εισόδου του Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1583893340-779261840-703882173-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
 
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.gr
FF Keyword.URL: hxxp://www.google.com.gr/search?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 -> C:\windows\system32\npdeployJava1.dll [2013-02-06] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-02-06] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1583893340-779261840-703882173-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\PC\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\user.js [2013-07-25]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\searchplugins\s-amazon.xml [2012-01-18]
FF Extension: Logitech Device Detection - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\extensions\DeviceDetection@logitech.com [2011-10-13] [not signed]
FF Extension: YouTube to MP3 - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\extensions\youtube2mp3@mondayx.de.xpi [2015-06-03]
FF Extension: Google Translator for Firefox - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\extensions\translator@zoli.bod.xpi [2015-07-11]
FF Extension: No Name - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\Extensions\info@youtube-mp3.org.xpi [2015-06-02] [not signed]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-06]
FF Extension: Easy YouTube Video Downloader - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-08-05] [not signed]
FF Extension: Adblock Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2015-12-11]
 
Chrome: 
=======
CHR StartupUrls: Profile 3 -> "hxxps://www.google.gr/"
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Έγγραφα Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-14]
CHR Extension: (Πληρωμές στο Chrome Web Store) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-14]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Διαφάνειες Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-14]
CHR Extension: (Έγγραφα Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-14]
CHR Extension: (Google Drive ) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-11-10]
CHR Extension: (Αναζήτηση Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Υπολογιστικά φύλλα Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-14]
CHR Extension: (Έγγραφα Google εκτός σύνδεσης) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pixlr Editor) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-11-02]
CHR Extension: (Norton Identity Safe) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-14]
CHR Extension: (Πληρωμές στο Chrome Web Store) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-14]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
StartMenuInternet: Google Chrome.AR3I22RO7WHMFEY6EO343C4RQM - C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
OPR Extension: (Violent monkey) - C:\Users\PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2015-09-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AcfXAudioService; C:\windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.) [File not signed]
R2 hasplms; C:\windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296576 2012-06-15] (SafeNet Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20151207.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2014-07-21] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R2 Hardlock; C:\windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R2 Hardlock; C:\windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) [File not signed]
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20151210.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20151210.023\ENG64.SYS [138488 2015-10-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20151210.023\EX64.SYS [2148080 2015-10-29] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 catchme; \??\C:\username123\catchme.sys [X]
S2 mdmxsdk; system32\DRIVERS\ACFSDK64.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S2 XAudio; system32\DRIVERS\ACFXAU64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 10:45 - 2015-12-11 11:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-11 10:45 - 2015-12-11 10:45 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-11 10:45 - 2015-12-11 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-11 10:45 - 2015-12-11 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-11 10:45 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-11 10:45 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-11 10:44 - 2015-12-11 11:38 - 00000000 ____D C:\FRST
2015-12-09 11:41 - 2015-12-09 11:41 - 09498816 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-09 10:19 - 2015-11-20 20:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-09 10:19 - 2015-11-20 20:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-09 10:19 - 2015-11-20 20:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-09 10:19 - 2015-11-20 20:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-12-09 10:19 - 2015-11-20 20:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-09 10:19 - 2015-11-20 20:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-09 10:19 - 2015-11-20 20:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-09 10:19 - 2015-11-20 20:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-12-09 10:19 - 2015-11-20 20:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-09 10:19 - 2015-11-11 20:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-09 10:19 - 2015-11-11 20:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-09 10:19 - 2015-11-11 20:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-09 10:19 - 2015-11-11 20:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-09 10:19 - 2015-11-10 20:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-09 10:19 - 2015-11-10 20:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-09 10:19 - 2015-11-10 20:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-09 10:19 - 2015-11-10 20:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-09 10:19 - 2015-11-10 20:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-09 10:19 - 2015-11-10 19:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-09 10:19 - 2015-11-05 21:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2015-12-09 10:19 - 2015-11-05 21:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2015-12-09 10:19 - 2015-11-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-12-09 10:19 - 2015-11-05 21:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-12-09 10:19 - 2015-11-05 11:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-09 10:19 - 2015-11-03 21:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-12-09 10:19 - 2015-11-03 20:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-12-09 10:19 - 2015-10-09 01:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2015-12-09 10:19 - 2015-10-09 01:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-09 10:19 - 2015-10-09 01:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-09 10:19 - 2015-10-09 01:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-09 10:19 - 2015-10-09 01:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-09 10:19 - 2015-10-09 01:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-09 10:19 - 2015-10-09 01:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-09 10:19 - 2015-10-09 01:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2015-12-09 10:19 - 2015-10-08 21:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2015-12-09 10:19 - 2015-10-08 20:52 - 00419928 _____ C:\windows\system32\locale.nls
2015-12-09 10:18 - 2015-11-11 23:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-09 10:18 - 2015-11-11 22:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-09 10:18 - 2015-11-11 18:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-09 10:18 - 2015-11-11 18:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-09 10:18 - 2015-11-11 17:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-12-09 10:18 - 2015-11-11 17:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-09 10:18 - 2015-11-11 17:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-09 10:18 - 2015-11-11 17:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-09 10:18 - 2015-11-11 16:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-12-09 10:18 - 2015-11-10 02:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-12-09 10:18 - 2015-11-10 02:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-09 10:18 - 2015-11-10 02:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-12-09 10:18 - 2015-11-10 02:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-12-09 10:18 - 2015-11-10 02:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-12-09 10:18 - 2015-11-10 02:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-09 10:18 - 2015-11-10 02:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-09 10:18 - 2015-11-10 02:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-12-09 10:18 - 2015-11-10 02:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-12-09 10:18 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-09 10:18 - 2015-11-10 02:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-12-09 10:18 - 2015-11-10 02:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-09 10:18 - 2015-11-10 02:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-12-09 10:18 - 2015-11-10 01:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 10:18 - 2015-11-10 01:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-12-09 10:18 - 2015-11-10 01:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-09 10:18 - 2015-11-10 01:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-12-09 10:18 - 2015-11-10 01:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-09 10:18 - 2015-11-10 01:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-09 10:18 - 2015-11-10 01:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-09 10:18 - 2015-11-10 01:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-12-09 10:18 - 2015-11-10 01:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-09 10:18 - 2015-11-10 01:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-09 10:18 - 2015-11-10 01:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-09 10:18 - 2015-11-09 00:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-12-09 10:18 - 2015-11-09 00:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-12-09 10:18 - 2015-11-09 00:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-12-09 10:18 - 2015-11-09 00:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-09 10:18 - 2015-11-09 00:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-09 10:18 - 2015-11-09 00:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-12-09 10:18 - 2015-11-09 00:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-12-09 10:18 - 2015-11-09 00:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-12-09 10:18 - 2015-11-09 00:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-12-09 10:18 - 2015-11-09 00:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-12-09 10:18 - 2015-11-09 00:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-09 10:18 - 2015-11-09 00:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-09 10:18 - 2015-11-09 00:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-09 10:18 - 2015-11-09 00:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-12-09 10:18 - 2015-11-09 00:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-12-09 10:18 - 2015-11-09 00:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-12-09 10:18 - 2015-11-08 23:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-12-09 10:18 - 2015-11-08 23:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-12-09 10:18 - 2015-11-08 23:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 10:18 - 2015-11-08 23:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-12-09 10:18 - 2015-11-08 23:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-09 10:18 - 2015-11-08 23:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-12-09 10:18 - 2015-11-08 23:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-09 10:18 - 2015-11-08 23:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-09 10:18 - 2015-11-08 23:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-09 10:18 - 2015-11-08 23:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-09 10:18 - 2015-11-08 23:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-12-09 10:18 - 2015-11-08 23:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-09 10:18 - 2015-11-08 22:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-09 10:18 - 2015-11-08 22:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-09 10:18 - 2015-11-08 22:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-09 10:16 - 2015-11-03 21:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2015-12-09 10:16 - 2015-11-03 20:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2015-12-07 11:06 - 2015-12-07 11:06 - 00026046 _____ C:\Users\PC\Documents\Έγγραφο που ανακτήθηκε 6.txt
2015-12-07 11:06 - 2015-12-07 11:06 - 00000003 _____ C:\Users\PC\Documents\Έγγραφο που ανακτήθηκε 5.txt
2015-12-03 10:13 - 2015-12-03 10:13 - 00464530 _____ C:\Users\PC\Documents\Εξοδα11.pdf
2015-12-03 10:10 - 2015-12-03 10:10 - 00015199 _____ C:\Users\PC\Desktop\20001.pdf
2015-12-02 11:03 - 2015-12-01 15:49 - 00158716 _____ C:\Users\PC\Documents\ΑΚΙΝΗΤΑ%20ΟΤΕ_ΕΠΙΦΑΝΕΙΕΣ_Νο3.xlsx_0_1.ods
2015-11-26 17:45 - 2015-11-26 16:47 - 00157206 _____ C:\Users\PC\Documents\ΑΚΙΝΗΤΑ%20ΟΤΕ_ΕΠΙΦΑΝΕΙΕΣ_Νο3.xlsx_0.ods
2015-11-26 14:21 - 2015-11-26 16:00 - 00934400 _____ C:\Users\PC\Desktop\610100_PEF-000219_AEF-001548_ΣΕΡΡΕΣ Α'.xls
2015-11-25 11:39 - 2015-11-25 11:57 - 00013328 _____ C:\Users\PC\Desktop\Χωρίς τίτλο 1.ods
2015-11-23 11:16 - 2015-11-23 11:16 - 00000000 ____D C:\Users\PC\AppData\Local\CEF
2015-11-23 10:29 - 2015-11-26 11:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-23 10:29 - 2015-11-23 10:29 - 00002055 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-20 16:09 - 2015-11-20 16:09 - 00000000 ____D C:\Users\Public\Documents\sun
2015-11-20 16:03 - 2015-11-20 16:04 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2015-11-20 16:03 - 2015-11-20 16:03 - 00001058 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2015-11-20 16:00 - 2015-11-20 16:00 - 00000000 ____D C:\Users\PC\Desktop\OpenOffice 4.1.2 (el) Installation Files
2015-11-20 10:45 - 2015-11-20 10:45 - 00425940 _____ C:\Users\PC\Documents\Εξοδα10.pdf
2015-11-20 10:30 - 2015-11-20 10:30 - 00316591 _____ C:\Users\PC\Documents\Εξοδα8.pdf
2015-11-20 10:30 - 2015-11-20 10:30 - 00155998 _____ C:\Users\PC\Documents\Εξοδα9.pdf
2015-11-20 10:29 - 2015-11-20 10:29 - 00391033 _____ C:\Users\PC\Documents\Εξοδα7.pdf
2015-11-20 10:28 - 2015-11-20 10:28 - 00457319 _____ C:\Users\PC\Documents\Εξοδα6.pdf
2015-11-20 10:26 - 2015-11-20 10:26 - 00459358 _____ C:\Users\PC\Documents\Εξοδα5.pdf
2015-11-20 10:26 - 2015-11-20 10:26 - 00366371 _____ C:\Users\PC\Documents\Εξοδα4.pdf
2015-11-20 10:22 - 2015-12-03 10:10 - 00588190 _____ C:\Users\PC\Documents\Εξοδα3.pdf
2015-11-20 10:22 - 2015-11-20 10:22 - 00369992 _____ C:\Users\PC\Documents\Εξοδα2.pdf
2015-11-20 10:20 - 2015-11-20 10:20 - 00332291 _____ C:\Users\PC\Documents\Εξοδα1.pdf
2015-11-18 13:13 - 2015-11-18 13:13 - 00110287 _____ C:\Users\PC\Desktop\1ος με αλλαγές.pdf
2015-11-14 10:17 - 2015-11-14 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-14 10:17 - 2015-11-14 10:17 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-12 10:24 - 2015-10-20 03:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-12 10:24 - 2015-10-20 03:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-12 10:24 - 2015-10-20 03:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-12 10:24 - 2015-10-20 03:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-12 10:24 - 2015-10-20 03:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-12 10:24 - 2015-10-20 03:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-12 10:24 - 2015-10-20 03:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-12 10:24 - 2015-10-20 03:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-12 10:24 - 2015-10-20 03:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-12 10:24 - 2015-10-20 03:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-12 10:24 - 2015-10-20 03:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-12 10:24 - 2015-10-20 03:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-12 10:24 - 2015-10-20 03:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-12 10:24 - 2015-10-20 03:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-12 10:24 - 2015-10-20 03:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-12 10:24 - 2015-10-20 02:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-12 10:24 - 2015-10-20 02:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-12 10:24 - 2015-10-20 02:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-12 10:24 - 2015-10-20 02:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-12 10:24 - 2015-10-20 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-12 10:24 - 2015-10-20 02:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-12 10:24 - 2015-10-20 02:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-12 10:24 - 2015-10-20 02:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-12 10:24 - 2015-10-20 02:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-12 10:24 - 2015-10-20 02:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-12 10:24 - 2015-10-20 02:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-12 10:24 - 2015-10-20 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-12 10:24 - 2015-10-20 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 01:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-12 10:24 - 2015-10-20 01:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-12 10:24 - 2015-10-20 01:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-12 10:24 - 2015-10-20 01:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-12 10:24 - 2015-10-20 01:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-12 10:24 - 2015-10-20 01:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 01:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 01:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 10:24 - 2015-10-20 01:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 10:24 - 2015-09-23 15:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-12 10:24 - 2015-09-23 15:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-12 10:24 - 2015-09-23 15:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-12 10:23 - 2015-10-29 19:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-12 10:23 - 2015-10-29 19:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-12 10:23 - 2015-10-29 19:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-12 10:23 - 2015-10-29 19:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-12 10:23 - 2015-10-29 19:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-12 10:23 - 2015-10-29 19:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-12 10:23 - 2015-10-29 19:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-12 10:23 - 2015-10-13 18:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-12 10:23 - 2015-10-13 18:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-12 10:22 - 2015-10-13 06:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-12 10:22 - 2015-10-01 20:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-12 10:22 - 2015-10-01 20:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-12 10:22 - 2015-10-01 19:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-12 10:06 - 2015-11-12 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 11:43 - 2009-07-14 06:45 - 00024544 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:43 - 2009-07-14 06:45 - 00024544 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:41 - 2012-04-26 11:35 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-11 11:37 - 2015-07-31 11:21 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2015-12-11 11:36 - 2011-10-03 16:06 - 00000000 ___RD C:\Users\PC\Dropbox
2015-12-11 11:36 - 2011-10-03 16:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\Dropbox
2015-12-11 11:34 - 2013-07-17 14:45 - 00000274 __RSH C:\Users\PC\ntuser.pol
2015-12-11 11:34 - 2011-09-27 01:16 - 00000000 ____D C:\Users\PC
2015-12-11 11:32 - 2013-05-15 12:22 - 00000000 ____D C:\ProgramData\BetterSoft
2015-12-11 11:32 - 2011-10-05 09:32 - 00001180 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 11:32 - 2011-09-22 22:03 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-11 11:32 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-11 11:29 - 2009-07-14 05:20 - 00000000 ____D C:\windows\Web
2015-12-11 11:21 - 2015-06-16 19:11 - 00000906 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1583893340-779261840-703882173-1001UA.job
2015-12-11 10:56 - 2011-10-05 09:32 - 00001184 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 10:48 - 2015-10-16 12:41 - 00000384 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2015-12-11 10:45 - 2012-09-13 15:48 - 00000000 ____D C:\Users\PC\AppData\Roaming\Malwarebytes
2015-12-11 10:45 - 2012-09-13 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-11 10:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2015-12-10 22:43 - 2011-02-14 15:08 - 00609084 _____ C:\windows\system32\perfh008.dat
2015-12-10 22:43 - 2011-02-14 15:08 - 00112076 _____ C:\windows\system32\perfc008.dat
2015-12-10 22:43 - 2009-07-14 07:13 - 01490280 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-10 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2015-12-10 18:42 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-12-10 16:29 - 2012-10-01 14:28 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2015-12-10 16:29 - 2011-10-01 13:20 - 00000000 ____D C:\ProgramData\Norton
2015-12-10 15:52 - 2011-10-01 14:52 - 00000246 _____ C:\windows\Tasks\Epson Printer Software Downloader.job
2015-12-10 15:21 - 2015-06-16 19:11 - 00000854 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1583893340-779261840-703882173-1001Core.job
2015-12-10 14:36 - 2009-07-14 07:08 - 00032510 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-12-10 11:31 - 2014-12-11 12:54 - 00003850 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1418295262
2015-12-10 11:31 - 2014-12-11 12:51 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-10 09:36 - 2009-07-14 06:45 - 00406560 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-09 19:07 - 2012-05-11 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 19:06 - 2012-05-11 16:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 19:06 - 2012-05-11 16:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 19:01 - 2013-08-27 12:40 - 00000000 ____D C:\windows\system32\MRT
2015-12-09 18:20 - 2011-10-02 13:42 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-09 17:13 - 2011-10-01 15:21 - 00000000 ____D C:\Σωκράτης
2015-12-09 11:41 - 2012-04-26 11:35 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 11:41 - 2012-04-26 11:35 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 11:41 - 2011-10-02 14:22 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 05:39 - 2010-11-21 05:27 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-06 21:32 - 2011-10-01 16:14 - 00000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2015-12-06 16:51 - 2011-10-05 09:32 - 00004180 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-06 16:51 - 2011-10-05 09:32 - 00003928 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 13:19 - 2009-07-14 07:32 - 00000000 ____D C:\windows\system32\FxsTmp
2015-12-03 15:16 - 2013-07-19 11:00 - 00001994 _____ C:\Users\PC\Desktop\Alpha.lnk
2015-12-03 15:16 - 2012-08-30 15:50 - 00002007 _____ C:\Users\PC\Desktop\SXEDIA.lnk
2015-12-03 15:16 - 2011-10-01 15:32 - 00002054 _____ C:\Users\PC\Desktop\Taktopoiiseis.lnk
2015-12-02 16:33 - 2015-02-12 11:56 - 00000000 ____D C:\Users\PC\.qgis2
2015-12-02 15:18 - 2011-09-26 13:19 - 00104376 _____ C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-27 11:14 - 2013-03-28 13:10 - 00001272 _____ C:\Users\Public\Desktop\Google Earth.lnk
2015-11-23 11:16 - 2011-10-01 15:58 - 00000000 ____D C:\Users\PC\AppData\Local\Adobe
2015-11-23 10:30 - 2015-02-27 10:58 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-23 10:29 - 2011-02-23 09:22 - 00000000 ____D C:\ProgramData\Adobe
2015-11-23 10:29 - 2011-02-23 09:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-20 16:04 - 2014-02-05 12:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-11-18 13:13 - 2015-10-16 13:37 - 00105850 _____ C:\Users\PC\Documents\__ABI_abi_SXEDIA_Kogkol_Eyosmos_Άδεια_Κατόψεις13-10-2015 Model (1).pdf
2015-11-14 10:17 - 2015-07-24 09:53 - 00001902 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-12 17:55 - 2011-10-02 14:23 - 01463596 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-12 17:48 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-12 14:07 - 2012-06-14 13:23 - 00000000 ____D C:\Users\PC\AppData\Roaming\ObviousIdea
2015-11-12 10:43 - 2012-05-02 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2012-06-13 17:57 - 2012-06-13 17:57 - 0003584 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-09 13:12 - 2013-04-09 13:12 - 0000924 _____ () C:\Users\PC\AppData\Local\recently-used.xbel
2015-10-16 12:37 - 2015-10-16 12:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-07-23 10:23 - 2012-07-23 10:23 - 0000040 _____ () C:\ProgramData\zlknkewdfwrzftd
 
Some files in TEMP:
====================
C:\Users\PC\AppData\Local\Temp\79744-667383-winrar.exe
C:\Users\PC\AppData\Local\Temp\AcDeltree.exe
C:\Users\PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuer2eq.dll
C:\Users\PC\AppData\Local\Temp\instloffer.exe
C:\Users\PC\AppData\Local\Temp\i_view32.exe
C:\Users\PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.129.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.130.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.131.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.132.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.133.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.134.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.135.exe
C:\Users\PC\AppData\Local\Temp\KMP_4.0.0.0.exe
C:\Users\PC\AppData\Local\Temp\KMP_4.0.1.5.exe
C:\Users\PC\AppData\Local\Temp\MouseKeyboardCenterx64_1032.exe
C:\Users\PC\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\PC\AppData\Local\Temp\paint.net.4.0.install.exe
C:\Users\PC\AppData\Local\Temp\pdftk.exe
C:\Users\PC\AppData\Local\Temp\wget.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-10 18:33
 
==================== End of FRST.txt ============================

Shortcut.txt

Addition.txt

Link to post
Share on other sites

Thanks for those logs, ontinue as follows:

 

Uninstall the following via Programs and Features:

 

ContinueToSave
Search Assistant WebSearch

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Post those logs, also give an update on any remaining issues or concerns.....

 

Thank you,

 

Kevin..

Link to post
Share on other sites

This is Fixlog.txt : 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by PC (2015-12-11 13:58:01) Run:1
Running from C:\Σωκράτης\Downloads
Loaded Profiles: PC (Available Profiles: PC & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1583893340-779261840-703882173-1001\...\Run: [boxoft Tools] => "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
C:\ProgramData\Boxtools
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1583893340-779261840-703882173-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1583893340-779261840-703882173-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\user.js [2013-07-25]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 catchme; \??\C:\username123\catchme.sys [X]
S2 mdmxsdk; system32\DRIVERS\ACFSDK64.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S2 XAudio; system32\DRIVERS\ACFXAU64.sys [X]
C:\ProgramData\zlknkewdfwrzftd
C:\Users\PC\AppData\Local\Temp\79744-667383-winrar.exe
C:\Users\PC\AppData\Local\Temp\AcDeltree.exe
C:\Users\PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuer2eq.dll
C:\Users\PC\AppData\Local\Temp\instloffer.exe
C:\Users\PC\AppData\Local\Temp\i_view32.exe
C:\Users\PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.129.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.130.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.131.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.132.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.133.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.134.exe
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.135.exe
C:\Users\PC\AppData\Local\Temp\KMP_4.0.0.0.exe
C:\Users\PC\AppData\Local\Temp\KMP_4.0.1.5.exe
C:\Users\PC\AppData\Local\Temp\MouseKeyboardCenterx64_1032.exe
C:\Users\PC\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\PC\AppData\Local\Temp\paint.net.4.0.install.exe
C:\Users\PC\AppData\Local\Temp\pdftk.exe
C:\Users\PC\AppData\Local\Temp\wget.exe
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
EmptyTemp:
end
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1583893340-779261840-703882173-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Boxoft Tools => value removed successfully
C:\ProgramData\Boxtools => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1583893340-779261840-703882173-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1583893340-779261840-703882173-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\user.js => moved successfully
Andbus => service removed successfully
AndDiag => service removed successfully
AndGps => service removed successfully
ANDModem => service removed successfully
androidusb => service removed successfully
catchme => service removed successfully
mdmxsdk => service removed successfully
usbbus => service removed successfully
UsbDiag => service removed successfully
USBModem => service removed successfully
VBoxNetFlt => service removed successfully
XAudio => service removed successfully
C:\ProgramData\zlknkewdfwrzftd => moved successfully
C:\Users\PC\AppData\Local\Temp\79744-667383-winrar.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\AcDeltree.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuer2eq.dll => moved successfully
C:\Users\PC\AppData\Local\Temp\instloffer.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\i_view32.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\jre-8u45-windows-au.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.0.126.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.129.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.130.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.131.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.132.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.133.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.134.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_3.9.1.135.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_4.0.0.0.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\KMP_4.0.1.5.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\MouseKeyboardCenterx64_1032.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\paint.net.4.0.install.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\pdftk.exe => moved successfully
C:\Users\PC\AppData\Local\Temp\wget.exe => moved successfully
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
EmptyTemp: => 20.8 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:07:07 ====
Link to post
Share on other sites

Adwcleaner:

 

# AdwCleaner v5.024 - Logfile created 11/12/2015 at 14:40:00
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : PC - SOK
# Running from : C:\Users\PC\Desktop\AdwCleaner (2).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\OApps
[-] Folder Deleted : C:\Program Files (x86)\orbitdownloader
[-] Folder Deleted : C:\ProgramData\BetterSoft
[-] Folder Deleted : C:\ProgramData\StarApp
[-] Folder Deleted : C:\Users\PC\AppData\Local\blekkotb_031
[-] Folder Deleted : C:\Users\PC\AppData\Roaming\GrabPro
[-] Folder Deleted : C:\Users\PC\AppData\Roaming\ProgSense
[#] Folder Deleted : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\ProgSense
[-] Key Deleted : HKLM\SOFTWARE\Vittalia
[-] Key Deleted : HKLM\SOFTWARE\Cam2ScanV2
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cam2ScanV2
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\prefs.js] [Preference] Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
[-] [C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\prefs.js] [Preference] Deleted : user_pref("extentions.webcake.installId", "2af0642a-b6b3-448a-8f0d-6570432bc3ad");
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[R1].txt - [15054 bytes] - [19/10/2012 09:10:21]
C:\AdwCleaner[R2].txt - [15115 bytes] - [19/10/2012 09:56:59]
C:\AdwCleaner[R3].txt - [6927 bytes] - [06/06/2013 12:21:53]
C:\AdwCleaner[s1].txt - [15002 bytes] - [19/10/2012 09:57:11]
C:\AdwCleaner[s2].txt - [7045 bytes] - [06/06/2013 12:22:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3990 bytes] ##########
Link to post
Share on other sites

JRT: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64 
Ran by PC (Administrator) on ¨ 11/12/2015 at 14:47:12,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 12 
 
Successfully deleted: C:\Users\PC\AppData\Local\{0DC6B34F-685E-468A-B4B1-1FF6700BB9BA} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{16563B9A-27DD-4D66-8629-67897264FF6D} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{4E037180-A038-4C95-BBA3-F8F7D825DD71} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{5836D9C7-4492-44FB-BFAD-A4E3FFE55800} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{94510230-AE6E-4FCE-B380-1985E102ABB9} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{C9BDDE71-181E-4593-82BF-396C174DDABD} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{D4290032-1D32-4F5D-9259-7415CDE09B18} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{DCE476A0-ADDC-4286-A88D-BE46833FDBEA} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{DFA07693-7256-44C3-B11A-F41610098A34} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{ED2773A7-9DCB-4A0C-9A1F-C7441931DA03} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Local\{F140EF75-CAAD-4878-B91F-E2BCCC3703CE} (Empty Folder)
Successfully deleted: C:\Users\PC\AppData\Roaming\getrighttogo (Folder) 
 
Deleted the following from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\as1heki2.default\prefs.js
user_pref(extensions.register@pgport.com.data, {ef522540-89f5-46b9-b6fe-1829e2b572c6},0,9999,999.999.999,9999,|{c50ca3c4-5656-43c2-a061-13e717f73fc8},5300,5300,4.0.1,5300,f
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E00BB0E7-F3BE-4CD3-BEBF-3096E598EB19} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E5883E74-ADB7-4813-8E33-6894B0E0E3C6} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ¨ 11/12/2015 at 14:51:26,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Goodmorning Kevin!! This is the log from ESET:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b8a239d1264b784697336310ec6a1103
# end=init
# utc_time=2015-12-11 04:38:25
# local_time=2015-12-11 06:38:25 )
# country="Greece"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27155
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b8a239d1264b784697336310ec6a1103
# end=updated
# utc_time=2015-12-11 04:46:58
# local_time=2015-12-11 06:46:58 )
# country="Greece"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b8a239d1264b784697336310ec6a1103
# engine=27155
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-11 07:21:59
# local_time=2015-12-11 09:21:59 )
# country="Greece"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton AntiVirus'
# compatibility_mode=3593 16777213 100 96 10546814 268879905 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 18335582 144046529 0 0
# scanned=459475
# found=47
# cleaned=0
# scan_time=9300
sh=D5FD723F55D3CC045CCCD6A3E61935234C26A866 ft=1 fh=124a0eb7e4364e43 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\instloffer.exe.xBAD"
sh=D3485CFDEFCA1678BA3E791EF29D592A1E32945A ft=1 fh=db92cf0e9f804cf4 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\KMP_3.9.0.126.exe.xBAD"
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\KMP_3.9.1.129.exe.xBAD"
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\KMP_3.9.1.130.exe.xBAD"
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\KMP_3.9.1.131.exe.xBAD"
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\KMP_3.9.1.132.exe.xBAD"
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\KMP_3.9.1.133.exe.xBAD"
sh=E92883004C40EA3F8C8EF19A375F800123FC5F77 ft=1 fh=6307f76d9b6c2ab3 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\PC\AppData\Local\Temp\KMP_3.9.1.134.exe.xBAD"
sh=38BF3285B5CEB09C2D39A05F636D83C52EDE86C7 ft=1 fh=58ffdcd7e1da4fb8 vn="Win32/RiskWare.WebServer.SmallHTTP.305 application" ac=I fn="C:\shttps\uninst.exe"
sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\PC\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe"
sh=A89BFD90EB4C95357FDCF3CAFC8F5A10810C0F37 ft=1 fh=18fdc7f56fdb6717 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\PC\Downloads\HP Downloads\HP Deskjet 1510 e-All-in-One Printer series Full Feature Software and Drivers - DJ1510_188.exe"
sh=4EE6103691F2B5619D68F154DD44C50909A6E9B3 ft=1 fh=23a325ea65fe00a1 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\camtoscanlite-setup.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\cbsidlm-tr1_13-TIFF_Splitter-ORG-10438809.exe"
sh=E90684A7D9D2D3AB8428AEBCCA964E077F34DF44 ft=1 fh=a9cc839b9994eecc vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\cbsidlm-tr1_6-Ashampoo_Burning_Studio_Free-10776287.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\ccsetup401.exe"
sh=4993352D1432A528D50C17527E51173B88DC00D2 ft=1 fh=3409d20bf65cddfb vn="a variant of Win32/GetNow.D potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\chicco eletta user guide provided through pdfretriever.com.exe"
sh=A614E0A5B80F0FB9DE8C053793E2B39D627DDBD2 ft=1 fh=bb1f3b8f31397a69 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\cnet2_K-Lite_Codec_Pack_800_Mega_exe.exe"
sh=550519E7BC774162BCB2B329BD0DF41568E57103 ft=1 fh=bb1f3b8fc42b434b vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\cnet2_PDFCombine_exe.exe"
sh=0C92DFD3A5E415620934B16B0AF546C5286A3D5B ft=1 fh=bb1f3b8f7317bfe9 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\cnet2_PDFCompressor_exe.exe"
sh=101C5D226BFC605B5665D1DFCC8EE8C98549BE11 ft=1 fh=bb1f3b8fcdb066cc vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\cnet_office-convert-pdf-to-jpg-jpeg-tiff-free_exe(1).exe"
sh=101C5D226BFC605B5665D1DFCC8EE8C98549BE11 ft=1 fh=bb1f3b8fcdb066cc vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\cnet_office-convert-pdf-to-jpg-jpeg-tiff-free_exe.exe"
sh=9BF9AD26905468017C8030705365EDE7503E5772 ft=1 fh=12cb482e0191ec72 vn="a variant of Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\HC2Setup64.exe"
sh=EF3CB3EC461FE77A48206D0D023912CC4AF8B67C ft=1 fh=90e4b4528bb01847 vn="Win32/Toggle potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\installer_allied_data_tornado_563.exe"
sh=ACFA42C6284A80A86B69A251855B3AD6CADF6B65 ft=1 fh=abe1092b8cf1c424 vn="Win32/InffinityInternet potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\installer_winrar.exe"
sh=7C65EFED552695DF0A63DD4C20A6C74A582789BA ft=1 fh=420e23918685a64f vn="Win32/Toggle.A potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\installer_wmv_to_avi_converter.exe"
sh=BD3D451BFB56B02EDD3D2D1FEA10E29EC94F1A8C ft=1 fh=3d6c1e353acd28fa vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\InternationalPrimoPDF (1).exe"
sh=BD3D451BFB56B02EDD3D2D1FEA10E29EC94F1A8C ft=1 fh=3d6c1e353acd28fa vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\InternationalPrimoPDF.exe"
sh=E8344F37CB7B6154A66C737DEDC0E50B67C50923 ft=1 fh=71455adf46ba2d46 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\KMPlayer_EN_3.0.0.1442.exe"
sh=46AC24CFCF8E45C5E34D40577D17098B6D93DBED ft=1 fh=c2702d7866be41e2 vn="Win32/Adware.Linkular.AC application" ac=I fn="C:\Σωκράτης\Downloads\light_image_resizer4_setup_4.3.1.0_linkular.exe"
sh=C14D7375EBEC56A2A4DDD4FE0D7455B86716A872 ft=1 fh=426321fbaf1dd14e vn="Win32/Somoto potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\msnweather.gadget.exe"
sh=2F9D0B89CC61359B568C941FC61C8E9CBB11D37B ft=1 fh=936ce12fb7e2d651 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\OrbitDownloaderSetup.exe"
sh=8BB4DE9ECD04EBAE4959F0DC032B798B7EA61809 ft=1 fh=fadcd2a8a9319f5e vn="Win32/Adware.1ClickDownload.AN application" ac=I fn="C:\Σωκράτης\Downloads\Parks_and_Recreation_-_The_Complete_Season_4_HDTV.exe"
sh=D326F351743EBFC23CF389FA5D42C77C6E752DCF ft=1 fh=dd265d88a16fc592 vn="a variant of Win32/Toolbar.Iminent.K potentially unwanted application" ac=I fn="C:\Σωκράτης\Downloads\Pazera_Free_MP4_to_AVI_Converter.exe"
sh=3A850827FB087FB18C4E794850BAAE943D7A2B7B ft=1 fh=cb07b7692be9da1c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\rcsetup152 (1).exe"
sh=3A850827FB087FB18C4E794850BAAE943D7A2B7B ft=1 fh=cb07b7692be9da1c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\rcsetup152.exe"
sh=770E160D19144190B80CAC41DA3096C149398457 ft=1 fh=23acf19f7c40be44 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\setup_free_pdf_merger(1).exe"
sh=770E160D19144190B80CAC41DA3096C149398457 ft=1 fh=23acf19f7c40be44 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\setup_free_pdf_merger.exe"
sh=CC2E828C8A06F3E5B4F041751081EC140B0B7D65 ft=1 fh=c24d0b3a00974cce vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\spsetup117.exe"
sh=02B63400D5BC82093A821BA6B1FABC529FAD9FB9 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Σωκράτης\Downloads\SuperOneClickv2.3.3-ShortFuse.zip"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Σωκράτης\Downloads\LG_Flash_Package\LG_Flash_Package\ROOT\ROOT\SuperOneClickv1.7-ShortFuse\psneuter"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Σωκράτης\Downloads\LG_Flash_Package\LG_Flash_Package\ROOT\ROOT\SuperOneClickv2.1.1-ShortFuse\Exploits\psneuter"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Σωκράτης\Downloads\LG_Flash_Package\LG_Flash_Package\ROOT\ROOT\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter"
sh=E3CCAF47AC03F0F48E51320295693FA0FE81616D ft=1 fh=6da53da5d547651b vn="a variant of Win32/Server-Web.SmallHTTP.AA potentially unsafe application" ac=I fn="C:\Σωκράτης\Downloads\LG_Flash_Package\LG_Flash_Package\SERVER\shttp3.exe"
sh=FB83708E3AA68FF724BEC0A11B84168D06D5D839 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AirPush.A potentially unwanted application" ac=I fn="C:\Σωκράτης\sd\TitaniumBackup\com.androidlab.gpsfix-5cb8e0edb98794792346304a5065b69e.apk.gz"
sh=FB83708E3AA68FF724BEC0A11B84168D06D5D839 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AirPush.A potentially unwanted application" ac=I fn="C:\Σωκράτης\sd 21-03-2012\TitaniumBackup\com.androidlab.gpsfix-5cb8e0edb98794792346304a5065b69e.apk.gz"
sh=FB83708E3AA68FF724BEC0A11B84168D06D5D839 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AirPush.A potentially unwanted application" ac=I fn="C:\Σωκράτης\sd-13-2-2012\TitaniumBackup\com.androidlab.gpsfix-5cb8e0edb98794792346304a5065b69e.apk.gz"
sh=DF63365A92E79F26383590F7F6A9BA49F98CF3C5 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AirPush.J potentially unwanted application" ac=I fn="C:\Σωκράτης\Εσωτερική sd 15-09-2014\download\blackmart.apk"
Link to post
Share on other sites

I still think the performance of the PC is kind of slow. When I open some tiff files the computer failes to manage them quickly. I also have some performance issues when I run some big files in other programs. It is an old PC (about 5 years ago) but I think it is still quite powerfull for having such a slow performance. I used to manage that kind of files quite fast in the past!

Link to post
Share on other sites

The ESET log has no major concerns, flagged enties either already Quarantined FRST folder or are installers in the Downloads folder. The later have been flagged because the installer is bundled with unwanted extras.

Install the following: http://unchecky.com/ This is a free utility that runs in the backgound, if you run an installer that comes bundled with unwanted extras UnChecky will stop the unwanted additions such as malicious toolbars or browser hijackers etc....

 

Regarding system performance lets run your sytem in "Clean Boot" mode, see if that makes any difference. Basically all none System 3rd party services are disabled at boot, see if you note any differences.

If clean boot makes a big difference we then have to find which 3rd party service(s) are at fault.... Full instructions at the following link:

 

https://support.microsoft.com/en-us/kb/929135

 

Expand the option for Windows 7 and follow those instructions..

 

Thank you,

 

Kevin

Link to post
Share on other sites

I did ran a Clean Boot, and I think that my computer is faster now. And I just saw a problem: I tried to start Autocad and it wont start. I double click on the icon, it performs a start, but then it stops running. It is like something is killing the application when it is trying to start. I will test more of the PC on the weekend and I will give you feedback! Thank you!! 

Link to post
Share on other sites

Autocad will be one of the 3rd party services that will have been disabled to run in "Clean Boot" mode.

 

The idea of clean boot is to check if any 3rd party service(s) (none microsoft) is/are the cause of the problem, in your case this seems to be true. What we need to do now is find the problem service(s) that cause the issue.
 

So with the system in clean boot (all none ms services disabled) follow the instructions again to open MSCONFIG, keep microsoft services hidden. Now manually enable the top half of the "none ms services" close out MSCONFIG and reboot your system.
 

How does it respond now, is it still fast or is the issue back. If still fast we have proven that the issue service is not among the ones we enabled. So once again follow the instructions to open MSCONFIG, hide all ms services, disable all none ms services and then enable the bottom half. Close MSCONFIG and reboot, is lethargy now present (it probably will be) if so we now know the problem issue is among the bottom half of none microsoft services.

 

So we follow the instructions again to open MSCONFIG, with all microsoft services hidden and only bottom half of none microsoft services enabled we disable each one of bottom half one at a time, it is essential to "reboot" after each none ms service is disabled. Eventually we locate the problem service. I know its a laborious task, but it is the only way to find the problem.

 

It is essential to keep diasabling until all none ms services are checked, it could be more than one that causes the issue.... When you have completed the hunt let me know which service(s) are at fault....

 

Thank you,

 

Kevin.....

Link to post
Share on other sites

Hello Kevin! Well I did several tests and I seem to have these problems:

1) Sometimes when I ran Autocad my pc  freezes (This happens especially when I open several files together. In the past even If I had many files opened together, it didnt cause any problem), 

2) When I open tiff files in preview (even if it is not big files eg. less than 5MB) my pc freezes  

3) Sometimes office (I have office2003) and openoffice freezes, but I think this is when they interact with tiff files. I have uninstalled "Filevalidation add in" because in the past I had some performance problems in office 2003 with it.

So what do I do now?

Thank you!

Link to post
Share on other sites

You are not wasting my time, Boot to clean boot mode (Instructions here: https://support.microsoft.com/en-us/kb/929135) see how your system responds. If there is an improvement that would indicate a 3rd party service(s) are causing the problem.

 

To locate the problem service(s)

 

The idea of clean boot is to check if any 3rd party service(s) (none microsoft) is/are the cause of the problem, in your case this seems to be true. What we need to do now is find the problem service(s) that cause the issue.

 

So with the system in clean boot (all none ms services disabled) follow the instructions again to open MSCONFIG, keep microsoft services hidden. Now manually enable the top half of the "none ms services" close out MSCONFIG and reboot your system.

 

How does it respond now, is it still fast or is the issue back. If still fast we haved proven that the issue service is not among the ones we enabled. So once again follow the instructions to open MSCONFIG, hide all ms services, disable all none ms services and then enable the bottom half. Close MSCONFIG and reboot, is lethargy now present (it probably will be) if so we now know the problem issue is among the bottom half of none microsoft services.

 

So we follow the instructions again to open MSCONFIG, with all microsoft services hidden and only bottom half of none microsoft services enabled we disable each one of bottom half one at a time, it is essential to "reboot" after each none ms service is disabled. Eventually we locate the problem service. I know its a laborious task, but it is the only way to find the problem.

 

It is essential to keep diasabling until all none ms services are checked, it could be more than one that causes the issue.... When you have completed the hunt let me know which service(s) are at fault....

 

Thank you,

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.