Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVAST URL:Mal Infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 cchris75

cchris75

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 13 July 2014 - 11:15 AM

Mod Edit: moved to Malware removal Logs ~~ boopme

Hello Everyone and thanks in advance for anyone's Assistance. (I think its great that there are kind enough people to help us non computer experts out)
 
I have read many postings but I cannot find an answer so here it is.
 
Yesterday I was trying to download a Free E-Book (Pdf). Once the zipped. exe hit my downloads AVAST blocked it and I never went through with installing anything. I just deleted.
 
Ever since then, I keep getting the same pop up from Avast warning me of a URL:Mal infection Process:C:\Windows\System32\svchost32.exe
 
(http://www.avast.com/en-us/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_90_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_vir=VVJMOk1hbA&p_prc=C:\Windows\System32\svchost.exe&p_obj=aHR0cDovL2dldG11emljYXMuaW5mby8_ZT1wY2hvJmNodD0yJmRjdT0xJmNwYXRjaD0yJmRjcz0xJnBmPTEmdW5wPUF6bTlDZE9MdjdEVkR5eEVDeUZQZzd4OUFlMEtCZlVLQWU0TUJHMFZXem5MRGU0UEJOcTlnZUZJJnB1Ymxpc2hlcj0xNDgxJmRkPTQmY291bnRyeT1HUiZpbmQ9NDI2MTc2OTA1OTE3MDU0NDgwMiZleGlkPTAmc3NkPTEzNTAwMzQyMzU5ODk0OTU3NTY1JmhpZD0xOTg1NjgxNjIxNTMzNjUxNzE5Jm9zaWQ9NjAxJmNoYW5uZWw9MCZzZng9MSZqYz0xJmNhdGVnb3J5X25hbWU9UHJpY2VDaG9wJmluc3RhbGxfZGF0ZT0yMDEzMDcxMg&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_elm=7&p_lex=350&p_lid=en-us&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=empty&p_vep=9&p_ves=0&p_vbd=2021&p_hid=19fb63c1-23e7-4de8-9b2e-b743bf557643&p_ram=3957&p_cpu=6.6 )
 
 
Avast or Anti-Malware do not seem to find anything. I have tried several tips from what you folks have given, so I guess I just need someone to look over some of my loggs. I would appreciate if you can tell me which logs to post on here and go from there.
 
 
I thank you in advance
 
cchris75

Edited by boopme, 14 July 2014 - 09:03 AM.


BC AdBot (Login to Remove)

 


#2 cchris75

cchris75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 14 July 2014 - 04:11 AM

In case this would help more, please see the log file from Farbar Recovery.
 
I am looking forward to your help
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by EJCHRISTOULAKIS (administrator) on TOSHIBA-LAPTOP on 14-07-2014 11:59:24
Running from C:\Users\EJCHRISTOULAKIS\Desktop\VIRUS 12 07 14\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [571304 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-12] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3696313362-1897745090-1807183069-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: suarf aNd  keep - {F0E1006B-6641-9799-B834-E8276502DAAA} - C:\Program Files (x86)\suarf aNd  keep\6TQVyTqOq.x64.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Mozilla\Firefox\Profiles\y5n0yyle.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-17]
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://gr.msn.com/?pc=UP97&ocid=UP97DHP&dt=071813
CHR StartupUrls: "hxxp://gr.msn.com/?pc=UP97&ocid=UP97DHP&dt=071813"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (RealPlayer Downloader) - C:\Users\EJCHRISTOULAKIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\EJCHRISTOULAKIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\EJCHRISTOULAKIS\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-06] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-20] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-07] (Disc Soft Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Tosrfcom; No ImagePath
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-14 02:18 - 2014-07-14 02:19 - 29611712 _____ (Microsoft Corporation) C:\Users\EJCHRISTOULAKIS\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-14 02:00 - 2014-07-14 02:00 - 00000056 _____ () C:\Windows\setupact.log
2014-07-14 02:00 - 2014-07-14 02:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 01:53 - 2014-07-14 01:54 - 00052339 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\Result.txt
2014-07-14 01:52 - 2014-07-14 01:52 - 00401920 _____ (Farbar) C:\Users\EJCHRISTOULAKIS\Downloads\MiniToolBox.exe
2014-07-13 20:22 - 2014-07-13 20:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-13 18:30 - 2014-07-13 18:30 - 00002792 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-13 18:30 - 2014-07-13 18:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-13 14:33 - 2014-07-13 14:33 - 00048619 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\Addition.txt
2014-07-13 14:11 - 2014-07-14 01:57 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Desktop\VIRUS 12 07 14
2014-07-13 14:07 - 2014-07-14 11:59 - 00000000 ____D () C:\FRST
2014-07-12 17:40 - 2014-07-13 19:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 17:40 - 2014-07-12 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 17:39 - 2014-07-12 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-12 17:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-12 17:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-12 15:00 - 2014-07-12 15:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-12 15:00 - 2014-07-12 15:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-11 22:16 - 2014-07-11 22:16 - 00001761 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR816 - YIANGOS.lnk
2014-07-11 22:03 - 2014-07-11 22:03 - 00012587 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR806 - SERENDIPITY.lnk
2014-07-11 21:55 - 2014-07-11 21:55 - 00012583 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR814 - GLADIATOR.lnk
2014-07-09 06:57 - 2014-07-14 02:17 - 00003394 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3696313362-1897745090-1807183069-1000
2014-07-09 00:30 - 2014-06-18 05:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 00:30 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 00:30 - 2014-06-18 04:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 00:30 - 2014-06-06 13:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 00:30 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 00:30 - 2014-05-30 09:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 00:29 - 2014-06-20 23:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 00:29 - 2014-06-20 22:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 00:29 - 2014-06-19 04:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 00:29 - 2014-06-19 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 00:29 - 2014-06-19 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 00:29 - 2014-06-19 03:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 00:29 - 2014-06-19 03:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 00:29 - 2014-06-19 03:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 00:29 - 2014-06-19 03:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 00:29 - 2014-06-19 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 00:29 - 2014-06-19 03:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 00:29 - 2014-06-19 03:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 00:29 - 2014-06-19 03:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 00:29 - 2014-06-19 03:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 00:29 - 2014-06-19 03:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 00:29 - 2014-06-19 03:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 00:29 - 2014-06-19 03:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 00:29 - 2014-06-19 03:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 00:29 - 2014-06-19 03:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 00:29 - 2014-06-19 02:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 00:29 - 2014-06-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 00:29 - 2014-06-19 02:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 00:29 - 2014-06-19 02:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 00:29 - 2014-06-19 02:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 00:29 - 2014-06-19 02:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 00:29 - 2014-06-19 02:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 00:29 - 2014-06-19 02:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 00:29 - 2014-06-19 02:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 00:29 - 2014-06-19 02:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 00:29 - 2014-06-19 02:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 00:29 - 2014-06-19 02:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 00:29 - 2014-06-19 02:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 00:29 - 2014-06-19 02:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 00:29 - 2014-06-19 02:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 00:29 - 2014-06-19 02:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 00:29 - 2014-06-19 02:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 00:29 - 2014-06-19 02:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 00:29 - 2014-06-19 02:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 00:29 - 2014-06-19 02:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 00:29 - 2014-06-19 02:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 00:29 - 2014-06-19 02:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 00:29 - 2014-06-19 02:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 00:29 - 2014-06-19 01:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 00:29 - 2014-06-19 01:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 00:29 - 2014-06-19 01:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 00:29 - 2014-06-19 01:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 00:29 - 2014-06-19 01:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 00:29 - 2014-06-19 01:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 00:29 - 2014-06-19 01:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 00:29 - 2014-06-19 01:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 00:29 - 2014-06-19 01:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 00:29 - 2014-06-19 01:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 00:29 - 2014-06-19 01:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 00:29 - 2014-06-19 01:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 00:29 - 2014-06-19 01:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 00:29 - 2014-06-19 01:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 00:29 - 2014-05-30 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 00:29 - 2014-05-30 11:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 00:29 - 2014-05-30 11:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 00:29 - 2014-05-30 11:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 00:29 - 2014-05-30 11:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 00:29 - 2014-05-30 11:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 00:29 - 2014-05-30 11:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 00:29 - 2014-05-30 10:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 00:29 - 2014-05-30 10:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 00:29 - 2014-05-30 10:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 00:29 - 2014-05-30 10:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 00:29 - 2014-05-30 10:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 00:29 - 2014-05-30 10:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 00:29 - 2014-05-30 10:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 00:28 - 2014-06-05 17:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 00:28 - 2014-06-05 17:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 00:28 - 2014-06-05 17:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 21:04 - 2014-07-08 08:04 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-07 21:04 - 2014-07-07 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-07 21:04 - 2014-07-07 21:04 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-07 20:31 - 2014-07-07 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-07 20:30 - 2014-07-13 19:11 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\DAEMON Tools Lite
2014-07-07 20:30 - 2014-07-07 20:30 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-07 20:30 - 2014-07-07 20:30 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-07 20:29 - 2014-07-07 21:07 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-07 20:05 - 2014-07-07 21:32 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Downloads\Dutch
2014-07-07 20:02 - 2014-07-07 20:02 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Downloads\Rosetta Stone 3.4.7
2014-07-07 19:36 - 2014-07-07 19:36 - 00002649 _____ () C:\Windows\SysWOW64\qtplugin.log
2014-07-07 19:36 - 1999-11-10 11:05 - 00086016 _____ (MindVision) C:\Windows\unvise32qt.exe
2014-07-07 19:31 - 2014-07-07 19:36 - 00001409 _____ () C:\Windows\QTFont.for
2014-07-07 19:31 - 2014-07-07 19:36 - 00000000 ____D () C:\Windows\SysWOW64\QuickTime
2014-07-07 19:31 - 2014-07-07 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-07 19:31 - 2014-07-07 19:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-07 19:31 - 2014-07-07 19:31 - 00054156 ____H () C:\Windows\QTFont.qfn
2014-07-07 19:31 - 2014-07-07 19:31 - 00000000 ____D () C:\ProgramData\QuickTime
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmpB9DFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp9EDFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp65EFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp5AA00.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp51CFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp3BEFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp27CFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp11FFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp0CCFF.FOT
2014-07-07 19:24 - 2014-07-07 19:30 - 00002222 _____ () C:\Users\Guest\Desktop\The Rosetta Stone.lnk
2014-07-07 19:23 - 2014-07-07 19:30 - 00000000 ____D () C:\Program Files (x86)\The Rosetta Stone
2014-07-07 17:43 - 2014-07-07 17:43 - 00012609 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR775 - ANGELIC GLORY.lnk
2014-07-07 16:26 - 2014-07-07 16:26 - 00012539 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR799 - KLIMA.lnk
2014-07-06 11:05 - 2014-07-06 11:05 - 00012657 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR802 - SAPPORO PRINCESS.lnk
2014-07-06 11:04 - 2014-07-06 11:04 - 00013309 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR800 - LENA RIVER.lnk
2014-07-06 11:04 - 2014-07-06 11:04 - 00012626 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR796 - ALPINE TRADER.lnk
2014-07-06 11:03 - 2014-07-06 11:03 - 00013321 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR803 - ARMADA ULYSSES.lnk
2014-07-06 11:01 - 2014-07-06 11:01 - 00012658 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR790 - PONTONOSTOS.lnk
2014-07-06 11:01 - 2014-07-06 11:01 - 00012639 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR794 - UNITED EMBLEM.lnk
2014-07-06 11:00 - 2014-07-06 11:00 - 00001774 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR784 - SHANGHAI.lnk
2014-07-06 11:00 - 2014-07-06 11:00 - 00001761 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR801 - BEIJING.lnk
2014-07-05 11:37 - 2014-04-02 18:44 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Desktop\SECURITY PHOTOS
2014-06-25 07:31 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-06-25 07:31 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-06-25 07:31 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-06-25 07:31 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-06-25 07:31 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-06-25 07:31 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-06-25 07:31 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-06-25 07:31 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-06-25 07:31 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-06-25 07:31 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-06-25 07:31 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-06-25 07:31 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-06-25 07:31 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-06-25 07:31 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-06-22 20:41 - 2014-06-22 20:41 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\{7F394EA6-0C98-4866-BC8A-A9D12C09E389}
2014-06-22 17:39 - 2014-06-22 17:41 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Downloads\Parenting Isn't For Cowards
2014-06-22 17:38 - 2014-06-22 17:38 - 00035815 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]parenting.isn.t.for.cowards.dobson.torrent
2014-06-22 17:37 - 2014-06-22 17:37 - 03272299 ____R () C:\Users\EJCHRISTOULAKIS\Documents\Simplicity Parenting_ Using the Extraord - Kim John (m.ed) Payne.epub
2014-06-22 17:36 - 2014-06-22 17:36 - 00004987 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]simplicity.parenting.using.the.extraordinary.power.of.less.to.raise.calmer.happier.and.more.secure.kids.epub.gooner.torrent
2014-06-22 17:36 - 2014-06-22 17:36 - 00001231 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]parenting.a.child.with.asperger.syndrome.200.tips.and.strategies.pdf.torrent
2014-06-22 17:35 - 2014-06-22 17:35 - 00002641 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]the.big.book.of.parenting.solutions.101.answers.to.your.everyday.challenges.and.wildest.worries.pdf.gooner.torrent
2014-06-22 11:51 - 2014-06-22 11:56 - 01530857 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\Marine Transportation Management.zip
2014-06-22 09:34 - 2014-06-22 09:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 17:07 - 2014-06-17 17:07 - 00000000 ____D () C:\Program Files (x86)\AtoBviaC
2014-06-17 17:07 - 2007-01-29 15:36 - 00919040 _____ (AtoBviaC Plc) C:\Windows\SysWOW64\AtoBviaC22100004.bpl
2014-06-17 17:07 - 2007-01-29 08:35 - 02052096 _____ (AtoBviaC Plc) C:\Windows\SysWOW64\AtoBviaC23100004.bpl
2014-06-17 17:07 - 2007-01-29 08:18 - 08790528 _____ (AtoBviaC Plc) C:\Windows\SysWOW64\AtoBviaC21100004.bpl
2014-06-17 17:07 - 2007-01-15 10:08 - 06595072 _____ () C:\Windows\SysWOW64\AtoBviaC20100004.bpl
2014-06-17 17:07 - 2006-12-12 17:35 - 00461824 _____ (AtoBviaC) C:\Windows\SysWOW64\AtoBviaC24100004.bpl
2014-06-17 17:07 - 2006-03-03 11:02 - 01680896 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vcl100.bpl
2014-06-17 17:07 - 2006-03-03 11:02 - 00843264 _____ (Borland Software Corporation) C:\Windows\SysWOW64\rtl100.bpl
2014-06-17 17:04 - 2012-12-15 18:14 - 00000000 ____D () C:\Program Files\BP Distance Tables Port to Port Pro v.2.0
2014-06-17 13:05 - 2014-06-17 13:05 - 00000000 ____D () C:\Program Files\PortToPort Network Edition
2014-06-17 12:37 - 2014-06-17 16:14 - 66370518 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\BP_Distance_Tables_Port_to_Port_Pro_v.2.0.zip
 
==================== One Month Modified Files and Folders =======
 
2014-07-14 11:59 - 2014-07-13 14:07 - 00000000 ____D () C:\FRST
2014-07-14 11:59 - 2013-11-18 11:51 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Dropbox
2014-07-14 11:58 - 2011-02-14 12:11 - 00607306 _____ () C:\Windows\system32\perfh008.dat
2014-07-14 11:58 - 2011-02-14 12:11 - 00111470 _____ () C:\Windows\system32\perfc008.dat
2014-07-14 11:58 - 2009-07-14 08:13 - 01490208 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-14 11:54 - 2011-09-05 14:08 - 00001198 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 05:55 - 2013-07-17 18:49 - 01423394 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 02:19 - 2014-07-14 02:18 - 29611712 _____ (Microsoft Corporation) C:\Users\EJCHRISTOULAKIS\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-14 02:19 - 2013-11-18 11:54 - 00000000 ___RD () C:\Users\EJCHRISTOULAKIS\Dropbox
2014-07-14 02:17 - 2014-07-09 06:57 - 00003394 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3696313362-1897745090-1807183069-1000
2014-07-14 02:17 - 2014-05-06 18:01 - 00003280 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3696313362-1897745090-1807183069-1000
2014-07-14 02:17 - 2014-04-09 17:56 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\DropboxMaster
2014-07-14 02:17 - 2011-09-05 14:08 - 00001194 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 02:07 - 2009-07-14 07:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 02:07 - 2009-07-14 07:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 02:00 - 2014-07-14 02:00 - 00000056 _____ () C:\Windows\setupact.log
2014-07-14 02:00 - 2014-07-14 02:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 02:00 - 2013-07-17 18:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-14 02:00 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 01:57 - 2014-07-13 14:11 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Desktop\VIRUS 12 07 14
2014-07-14 01:54 - 2014-07-14 01:53 - 00052339 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\Result.txt
2014-07-14 01:52 - 2014-07-14 01:52 - 00401920 _____ (Farbar) C:\Users\EJCHRISTOULAKIS\Downloads\MiniToolBox.exe
2014-07-13 23:48 - 2014-02-09 01:36 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\CRE
2014-07-13 20:22 - 2014-07-13 20:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-13 19:25 - 2014-07-12 17:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 19:11 - 2014-07-07 20:30 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\DAEMON Tools Lite
2014-07-13 19:10 - 2014-02-09 01:33 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\uTorrent
2014-07-13 19:06 - 2011-09-05 12:34 - 00000000 ____D () C:\Windows\Panther
2014-07-13 19:05 - 2013-12-19 10:40 - 00000000 ____D () C:\Windows\Minidump
2014-07-13 18:38 - 2013-07-18 11:36 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Skype
2014-07-13 18:30 - 2014-07-13 18:30 - 00002792 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-13 18:30 - 2014-07-13 18:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-13 14:33 - 2014-07-13 14:33 - 00048619 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\Addition.txt
2014-07-12 18:12 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\tracing
2014-07-12 17:40 - 2014-07-12 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 17:40 - 2013-11-27 11:27 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Malwarebytes
2014-07-12 17:39 - 2014-07-12 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-12 17:39 - 2013-11-27 11:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 15:00 - 2014-07-12 15:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-12 15:00 - 2014-07-12 15:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-12 15:00 - 2014-04-04 00:20 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-12 15:00 - 2013-07-17 19:51 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-12 15:00 - 2013-07-17 19:51 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-12 15:00 - 2013-07-17 19:51 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-12 15:00 - 2013-07-17 19:51 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-12 15:00 - 2013-07-17 19:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-12 15:00 - 2013-07-17 19:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-12 15:00 - 2013-07-17 19:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-12 15:00 - 2013-07-17 19:51 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-11 22:16 - 2014-07-11 22:16 - 00001761 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR816 - YIANGOS.lnk
2014-07-11 22:03 - 2014-07-11 22:03 - 00012587 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR806 - SERENDIPITY.lnk
2014-07-11 21:55 - 2014-07-11 21:55 - 00012583 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR814 - GLADIATOR.lnk
2014-07-09 07:45 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 03:25 - 2009-07-14 07:45 - 00418608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:23 - 2010-11-21 10:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:23 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 03:23 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 03:06 - 2013-08-16 10:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2013-07-17 20:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 08:04 - 2014-07-07 21:04 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-07 21:32 - 2014-07-07 20:05 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Downloads\Dutch
2014-07-07 21:29 - 2014-04-30 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Merriam-Webster Dictionary
2014-07-07 21:29 - 2014-04-30 14:14 - 00000000 ____D () C:\Program Files (x86)\Merriam-Webster 4.0
2014-07-07 21:07 - 2014-07-07 20:29 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-07 21:04 - 2014-07-07 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-07 21:04 - 2014-07-07 21:04 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-07 20:34 - 2014-07-07 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-07 20:30 - 2014-07-07 20:30 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-07 20:30 - 2014-07-07 20:30 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-07 20:02 - 2014-07-07 20:02 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Downloads\Rosetta Stone 3.4.7
2014-07-07 19:36 - 2014-07-07 19:36 - 00002649 _____ () C:\Windows\SysWOW64\qtplugin.log
2014-07-07 19:36 - 2014-07-07 19:31 - 00001409 _____ () C:\Windows\QTFont.for
2014-07-07 19:36 - 2014-07-07 19:31 - 00000000 ____D () C:\Windows\SysWOW64\QuickTime
2014-07-07 19:36 - 2014-07-07 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-07 19:36 - 2014-07-07 19:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-07 19:31 - 2014-07-07 19:31 - 00054156 ____H () C:\Windows\QTFont.qfn
2014-07-07 19:31 - 2014-07-07 19:31 - 00000000 ____D () C:\ProgramData\QuickTime
2014-07-07 19:30 - 2014-07-07 19:24 - 00002222 _____ () C:\Users\Guest\Desktop\The Rosetta Stone.lnk
2014-07-07 19:30 - 2014-07-07 19:23 - 00000000 ____D () C:\Program Files (x86)\The Rosetta Stone
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmpB9DFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp9EDFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp65EFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp5AA00.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp51CFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp3BEFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp27CFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp11FFF.FOT
2014-07-07 19:25 - 2014-07-07 19:25 - 00001409 _____ () C:\Windows\SysWOW64\tmp0CCFF.FOT
2014-07-07 17:43 - 2014-07-07 17:43 - 00012609 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR775 - ANGELIC GLORY.lnk
2014-07-07 16:26 - 2014-07-07 16:26 - 00012539 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR799 - KLIMA.lnk
2014-07-06 13:27 - 2014-03-26 01:01 - 00000000 ____D () C:\ProgramData\opencpn
2014-07-06 11:05 - 2014-07-06 11:05 - 00012657 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR802 - SAPPORO PRINCESS.lnk
2014-07-06 11:04 - 2014-07-06 11:04 - 00013309 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR800 - LENA RIVER.lnk
2014-07-06 11:04 - 2014-07-06 11:04 - 00012626 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR796 - ALPINE TRADER.lnk
2014-07-06 11:03 - 2014-07-06 11:03 - 00013321 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR803 - ARMADA ULYSSES.lnk
2014-07-06 11:01 - 2014-07-06 11:01 - 00012658 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR790 - PONTONOSTOS.lnk
2014-07-06 11:01 - 2014-07-06 11:01 - 00012639 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR794 - UNITED EMBLEM.lnk
2014-07-06 11:00 - 2014-07-06 11:00 - 00001774 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR784 - SHANGHAI.lnk
2014-07-06 11:00 - 2014-07-06 11:00 - 00001761 _____ () C:\Users\EJCHRISTOULAKIS\Desktop\PR801 - BEIJING.lnk
2014-07-02 09:19 - 2014-05-04 23:55 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc
2014-06-30 23:42 - 2013-07-18 11:39 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Roaming\vlc
2014-06-26 21:20 - 2011-09-05 14:08 - 00004194 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-26 21:20 - 2011-09-05 14:08 - 00003942 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-26 17:40 - 2013-07-22 08:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-24 12:16 - 2014-04-30 21:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 20:41 - 2014-06-22 20:41 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\{7F394EA6-0C98-4866-BC8A-A9D12C09E389}
2014-06-22 18:17 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-22 17:41 - 2014-06-22 17:39 - 00000000 ____D () C:\Users\EJCHRISTOULAKIS\Downloads\Parenting Isn't For Cowards
2014-06-22 17:38 - 2014-06-22 17:38 - 00035815 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]parenting.isn.t.for.cowards.dobson.torrent
2014-06-22 17:37 - 2014-06-22 17:37 - 03272299 ____R () C:\Users\EJCHRISTOULAKIS\Documents\Simplicity Parenting_ Using the Extraord - Kim John (m.ed) Payne.epub
2014-06-22 17:36 - 2014-06-22 17:36 - 00004987 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]simplicity.parenting.using.the.extraordinary.power.of.less.to.raise.calmer.happier.and.more.secure.kids.epub.gooner.torrent
2014-06-22 17:36 - 2014-06-22 17:36 - 00001231 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]parenting.a.child.with.asperger.syndrome.200.tips.and.strategies.pdf.torrent
2014-06-22 17:35 - 2014-06-22 17:35 - 00002641 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\[kickass.to]the.big.book.of.parenting.solutions.101.answers.to.your.everyday.challenges.and.wildest.worries.pdf.gooner.torrent
2014-06-22 11:56 - 2014-06-22 11:51 - 01530857 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\Marine Transportation Management.zip
2014-06-22 09:35 - 2014-06-22 09:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 23:14 - 2014-07-09 00:29 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 22:39 - 2014-07-09 00:29 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 04:39 - 2014-07-09 00:29 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 04:06 - 2014-07-09 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 04:06 - 2014-07-09 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 03:48 - 2014-07-09 00:29 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 03:42 - 2014-07-09 00:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 03:42 - 2014-07-09 00:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 03:41 - 2014-07-09 00:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 03:41 - 2014-07-09 00:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 03:32 - 2014-07-09 00:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 03:31 - 2014-07-09 00:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 03:26 - 2014-07-09 00:29 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 03:24 - 2014-07-09 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 03:24 - 2014-07-09 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 03:23 - 2014-07-09 00:29 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 03:16 - 2014-07-09 00:29 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 03:14 - 2014-07-09 00:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 03:09 - 2014-07-09 00:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 02:59 - 2014-07-09 00:29 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 02:56 - 2014-07-09 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 02:53 - 2014-07-09 00:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 02:51 - 2014-07-09 00:29 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 02:50 - 2014-07-09 00:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 02:48 - 2014-07-09 00:29 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 02:39 - 2014-07-09 00:29 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 02:38 - 2014-07-09 00:29 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 02:37 - 2014-07-09 00:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 02:36 - 2014-07-09 00:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 02:35 - 2014-07-09 00:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 02:33 - 2014-07-09 00:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 02:32 - 2014-07-09 00:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 02:28 - 2014-07-09 00:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 02:28 - 2014-07-09 00:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 02:27 - 2014-07-09 00:29 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 02:27 - 2014-07-09 00:29 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 02:25 - 2014-07-09 00:29 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 02:23 - 2014-07-09 00:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 02:22 - 2014-07-09 00:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 02:12 - 2014-07-09 00:29 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 02:06 - 2014-07-09 00:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 02:01 - 2014-07-09 00:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 01:59 - 2014-07-09 00:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 01:58 - 2014-07-09 00:29 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 01:58 - 2014-07-09 00:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 01:52 - 2014-07-09 00:29 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 01:51 - 2014-07-09 00:29 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 01:49 - 2014-07-09 00:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 01:46 - 2014-07-09 00:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 01:45 - 2014-07-09 00:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 01:35 - 2014-07-09 00:29 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 01:34 - 2014-07-09 00:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 01:15 - 2014-07-09 00:29 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 01:13 - 2014-07-09 00:29 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 01:09 - 2014-07-09 00:29 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 01:07 - 2014-07-09 00:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 05:18 - 2014-07-09 00:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 04:51 - 2014-07-09 00:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 04:10 - 2014-07-09 00:30 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 17:07 - 2014-06-17 17:07 - 00000000 ____D () C:\Program Files (x86)\AtoBviaC
2014-06-17 17:07 - 2011-09-05 13:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-17 16:14 - 2014-06-17 12:37 - 66370518 _____ () C:\Users\EJCHRISTOULAKIS\Downloads\BP_Distance_Tables_Port_to_Port_Pro_v.2.0.zip
2014-06-17 13:06 - 2013-07-17 19:38 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-06-17 13:05 - 2014-06-17 13:05 - 00000000 ____D () C:\Program Files\PortToPort Network Edition
 
Some content of TEMP:
====================
C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxatdua.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-08 00:28
 
==================== End Of Log ============================
 
 
 
ALSO THE ADDITION.TXT file from Farbar Recovery
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014
Ran by EJCHRISTOULAKIS at 2014-07-13 14:48:08
Running from C:\Users\EJCHRISTOULAKIS\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro - English, Franηais, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Franηais, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
BLM-Shipping 2.0 (HKLM-x32\...\BLM-Shipping) (Version: 2.0 - BoLooMo International Group Limited)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Επωνυμία Επιχείρησης) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FiddlerCap (HKCU\...\FiddlerCap) (Version:  - )
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
goober Messenger (HKLM-x32\...\goober Messenger) (Version: 3.0.0.9 - Goober Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Greek Shipping Publications - 2014 (HKLM-x32\...\{13773758-560C-4576-9B63-8DF50D91D2E8}) (Version: 1.0.0 - Greek Shipping Publications)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Merriam-Webster Dictionary (HKLM-x32\...\Merriam Webster) (Version: 4.0 - Fogware Inc.)
Merriam-Webster's Platform (x32 Version: 4.7.0 - Fogware Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Greek) 2007 (Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Greek) 2007 (x32 Version: 12.0.4818.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
Netpas Distance (HKLM-x32\...\{52AB710E-EA2C-4B31-9039-2D6882243381}_is1) (Version: 3.2 - Seafuture, Inc.)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 266.84 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 266.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 266.96 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 266.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.96 - NVIDIA Corporation)
NVIDIA Control Panel 266.96 (Version: 266.96 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.96 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6696 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenCPN 3.2.0 (HKLM-x32\...\OpenCPN 3.2.0) (Version: 3.2.0 - opencpn.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Port to Port Version 2.0 (HKLM-x32\...\{3ABE45F2-81FC-4249-98A2-0948FDED06DD}) (Version: 2.0.0.0 - AtoBviaC)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
The Merriam-Webster Dictionary and Thesaurus (x32 Version: 4.0.0 - Fogware Inc.) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.24.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.07.02.00 - )
TOSHIBA Hardware Setup (Version: 4.07.02.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.0.12 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.07.02.00 - )
TOSHIBA Supervisor Password (Version: 4.07.02.00 - TOSHIBA) Hidden
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.13 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.13 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Ενημερωμένη έκδοση Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0408-0000-0000000FF1CE}_ENTERPRISE_{08A4BDB3-7A63-4F59-B9FA-EE80ADE88DC2}) (Version:  - Microsoft)
Ενημερωμένη έκδοση Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0408-0000-0000000FF1CE}_ENTERPRISE_{C52A655D-F8AE-485D-908D-62CEC754B6A4}) (Version:  - Microsoft)
Ενημερωμένη έκδοση Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0408-0000-0000000FF1CE}_ENTERPRISE_{054186C0-F351-472E-84E8-D5E16FA08241}) (Version:  - Microsoft)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
08-07-2014 21:28:26 Windows Update
09-07-2014 00:00:28 Windows Update
12-07-2014 11:58:21 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0EC46676-4EF6-45B6-8586-59C3AB21C54E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3696313362-1897745090-1807183069-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {250C87C1-A8AC-41B1-BF35-EE42A6980FCE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {67536A4F-70EE-48EE-A861-73DC5AF7B0F8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {99E18E08-E840-482A-BF1C-33F5E61FFB84} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-12] (AVAST Software)
Task: {BDD04369-12A8-4C86-BE71-E78E02BD1EC2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3696313362-1897745090-1807183069-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {D03D1EA6-5797-45C0-954A-002B644E54E6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3696313362-1897745090-1807183069-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {D132D831-4493-4BA2-ACA9-2802CE091C3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-19 01:36 - 2012-03-09 15:34 - 00022528 _____ () C:\Windows\System32\xrhk2alm.dll
2013-12-16 16:46 - 2012-11-14 12:10 - 15057920 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\xrhk2aRC.DLL
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-12-08 16:55 - 2010-12-08 16:55 - 00592312 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\EJCHRISTOULAKIS\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\EJCHRISTOULAKIS\Desktop\!GUARDCON.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\EJCHRISTOULAKIS\Desktop\descriptors.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\EJCHRISTOULAKIS\Desktop\n106MALTA.doc:com.dropbox.attributes
AlternateDataStreams: C:\Users\EJCHRISTOULAKIS\Desktop\PR695-TEMPLATE.xlsb:com.dropbox.attributes
AlternateDataStreams: C:\Users\EJCHRISTOULAKIS\Documents\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk => C:\Windows\pss\Toshiba Places Icon Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^EJCHRISTOULAKIS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk => C:\Windows\pss\TRDCReminder.lnk.Startup
MSCONFIG\startupfolder: C:^Users^EJCHRISTOULAKIS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk => C:\Windows\pss\Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: goober => C:\Program Files (x86)\goober Messenger\goober.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NBAgent => "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\EJCHRISTOULAKIS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2014 10:51:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/12/2014 06:14:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/12/2014 03:05:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/09/2014 03:25:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2014 08:57:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 08:41:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 07:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2014 08:13:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2014 00:41:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2014 00:18:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/13/2014 10:56:36 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Η υπηρεσία Windows Update έκλεισε απροειδοποίητα κατά την εκκίνηση.
 
Error: (07/12/2014 06:19:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Η υπηρεσία Windows Update έκλεισε απροειδοποίητα κατά την εκκίνηση.
 
Error: (07/08/2014 09:03:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Η υπηρεσία Windows Update έκλεισε απροειδοποίητα κατά την εκκίνηση.
 
Error: (07/07/2014 07:48:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Η υπηρεσία Windows Update έκλεισε απροειδοποίητα κατά την εκκίνηση.
 
Error: (07/07/2014 07:40:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας Κεντρικός υπολογιστής συσκευής Τοποθέτησης και Άμεσης Λειτουργίας γενικής χρήσης εξαιτίας του ακόλουθου σφάλματος: 
%%1069
 
Error: (07/07/2014 07:40:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Δεν ήταν δυνατή η σύνδεση της υπηρεσίας upnphost ως NT AUTHORITY\LocalService με την τρέχουσα ρύθμιση κωδικού πρόσβασης λόγω του ακόλουθου σφάλματος: 
%%50
 
Για να βεβαιωθείτε ότι οι παράμετροι της υπηρεσίας είναι σωστά ρυθμισμένες, χρησιμοποιήστε το συμπληρωματικό πρόγραμμα υπηρεσιών της κονσόλας διαχείρισης της Microsoft (MMC).
 
Error: (07/07/2014 07:40:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (07/03/2014 08:16:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Η υπηρεσία Windows Update έκλεισε απροειδοποίητα κατά την εκκίνηση.
 
Error: (06/29/2014 00:47:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Η υπηρεσία Windows Update έκλεισε απροειδοποίητα κατά την εκκίνηση.
 
Error: (06/29/2014 00:40:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Ο προηγούμενος τερματισμός λειτουργίας του συστήματος σε11:10:49 πμ σε ‎29/‎6/‎2014 ήταν μη αναμενόμενος.
 
 
Microsoft Office Sessions:
=========================
Error: (06/10/2014 08:03:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 158841 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error: (05/27/2014 04:08:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12573 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error: (05/26/2014 10:57:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 195169 seconds with 2340 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2014 09:49:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 45758 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error: (05/14/2014 01:06:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9336 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error: (05/12/2014 11:11:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 39029 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error: (05/07/2014 04:48:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 23229 seconds with 3480 seconds of active time.  This session ended with a crash.
 
Error: (04/30/2014 11:21:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 46673 seconds with 4260 seconds of active time.  This session ended with a crash.
 
Error: (04/30/2014 10:23:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 86217 seconds with 4380 seconds of active time.  This session ended with a crash.
 
Error: (04/24/2014 06:56:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 633 seconds with 240 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 61%
Total physical RAM: 3957.86 MB
Available physical RAM: 1512.07 MB
Total Pagefile: 7913.9 MB
Available Pagefile: 5140.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:232.54 GB) (Free:89.96 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.83 GB) (Free:212.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DD1BC99F)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 16 July 2014 - 09:34 AM

Hi there,

please do the following:


Please download this attached Attached File  fixlist.txt   301bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Edited by aharonov, 16 July 2014 - 09:36 AM.


#4 cchris75

cchris75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 16 July 2014 - 10:47 PM

Dear Aharonov, as requested. Many thanks for your assistance

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014
Ran by EJCHRISTOULAKIS at 2014-07-17 06:45:00 Run:1
Running from C:\Users\EJCHRISTOULAKIS\Desktop\VIRUS 12 07 14\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CMD: bitsadmin /list /verbose
REG: reg query "HKCR\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" /s
REG: reg query "HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /s
REG: reg query "HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}" /s
Folder: C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp
*****************
 
 
=========  bitsadmin /list /verbose =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
GUID: {D69CE4C6-D04F-40D5-8641-F9C09E2A9DFD} DISPLAY: '1154059142-3213084172'
TYPE: DOWNLOAD STATE: TRANSIENT_ERROR OWNER: TOSHIBA-LAPTOP\EJCHRISTOULAKIS
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 12-Jul-14 12:39:10 PM MODIFICATION TIME: 17-Jul-14 6:41:59 AM
COMPLETION TIME: UNKNOWN ACL FLAGS: 
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 234
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR CODE:    0x80072f78 - ⩫ ⚡ 婠 桨
 
ERROR CONTEXT: 0x00000005 - ᢣ ᩫ ⤦ 妬.
 
DESCRIPTION: C:\Users\EJCHRI~1\AppData\Local\Temp\02e8693a\temp
JOB FILES: 
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true
 
Peercaching flags
Enable download from peers      :false
Enable serving to peers         :false
 
CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue
 
 
GUID: {DED8E4F2-9E4B-4464-AC4E-EFBF163BC78D} DISPLAY: '1154059142-3072993120'
TYPE: DOWNLOAD STATE: TRANSIENT_ERROR OWNER: TOSHIBA-LAPTOP\EJCHRISTOULAKIS
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 12-Jul-14 12:36:08 PM MODIFICATION TIME: 17-Jul-14 6:41:59 AM
COMPLETION TIME: UNKNOWN ACL FLAGS: 
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 234
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR CODE:    0x80072f78 - ⩫ ⚡ 婠 桨
 
ERROR CONTEXT: 0x00000005 - ᢣ ᩫ ⤦ 妬.
 
DESCRIPTION: C:\Users\EJCHRI~1\AppData\Local\Temp\02e8693a\temp
JOB FILES: 
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true
 
Peercaching flags
Enable download from peers      :false
Enable serving to peers         :false
 
CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue
 
 
Listed 2 job(s).
 
========= End of CMD: =========
 
 
========= reg query "HKCR\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" /s =========
 
‘”€‹€: ƒ¤ 㫤 ›¬¤«γ 稩 «¦¬ ΅¦¨ ©£β¤¦¬ ΅Ά › ¦η £«¨ι¦¬ γ « £γ §ζ «¦ ©η©«£.
 
 
========= End of Reg: =========
 
 
========= reg query "HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /s =========
 
 
HKEY_CLASSES_ROOT\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (¨¦§ Ά¦γ)    REG_SZ    ITinyJSObject
 
HKEY_CLASSES_ROOT\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (¨¦§ Ά¦γ)    REG_SZ    {00020424-0000-0000-C000-000000000046}
 
HKEY_CLASSES_ROOT\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    (¨¦§ Ά¦γ)    REG_SZ    {157B1AA6-3E5C-404A-9118-C1D91F537040}
    Version    REG_SZ    1.0
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}" /s =========
 
 
HKEY_CLASSES_ROOT\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (¨¦§ Ά¦γ)    REG_SZ    JSIELib
 
HKEY_CLASSES_ROOT\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0
 
HKEY_CLASSES_ROOT\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (¨¦§ Ά¦γ)    REG_SZ    C:\Users\EJCHRI~1\AppData\Local\Temp\1f132414\setup.exe
 
HKEY_CLASSES_ROOT\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (¨¦§ Ά¦γ)    REG_SZ    0
 
HKEY_CLASSES_ROOT\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (¨¦§ Ά¦γ)    REG_SZ    C:\Users\EJCHRI~1\AppData\Local\Temp\02e8693a
 
 
 
========= End of Reg: =========
 
 
========================= Folder: C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp ========================
 
2014-07-13 10:51 - 2014-07-13 10:51 - 0000134 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\142475.od
2014-07-14 07:58 - 2014-07-14 07:58 - 0000134 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\21522147.od
2014-07-17 06:42 - 2014-07-17 06:42 - 0000134 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\232069926.od
2014-07-15 12:50 - 2014-07-15 12:50 - 0000134 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\81348016.od
2014-07-15 14:16 - 2014-07-15 14:16 - 0000134 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\86538200.od
2014-04-26 12:59 - 2014-04-26 12:59 - 0019583 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\AdwCleaner.jpg
2014-07-13 10:58 - 2014-07-13 11:00 - 0002014 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\alm.log
2014-07-13 10:58 - 2014-07-13 11:00 - 0002987 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\amt.log
2014-04-26 13:04 - 2014-04-26 13:04 - 0004286 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Cleaning.ico
2014-07-17 06:42 - 2014-07-17 06:42 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\CVR1B26.tmp.cvr
2014-07-13 10:51 - 2014-07-13 10:51 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\CVR2C8B.tmp.cvr
2014-07-15 12:50 - 2014-07-15 12:50 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\CVR45B0.tmp.cvr
2014-07-14 07:58 - 2014-07-14 07:58 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\CVR66E3.tmp.cvr
2014-07-15 14:16 - 2014-07-15 14:16 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\CVR77D8.tmp.cvr
2014-07-13 18:27 - 2014-07-13 18:27 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\DMIED72.tmp
2014-03-02 23:38 - 2014-03-02 23:38 - 0004286 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Donate.ico
2014-07-14 14:16 - 2014-07-14 14:16 - 0043008 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpainihi.dll
2014-07-14 14:16 - 2014-07-14 14:16 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpainihi.lck
2014-07-16 09:13 - 2014-07-16 09:13 - 0002052 ___HT () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\etilqs_H9KkIAt29mTXwgU
2014-07-16 09:20 - 2014-07-16 09:20 - 0008200 ___HT () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\etilqs_sAxI93HfgxYIaEi
2014-03-10 17:06 - 2014-04-19 00:37 - 0007350 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\EULA.txt
2013-07-17 18:51 - 2013-07-17 18:51 - 0000000 ____N () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\FXSAPIDebugLogFile.txt
2014-07-16 09:10 - 2014-07-16 09:10 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\geColladaModelCacheLock
2014-07-16 09:10 - 2014-07-16 09:10 - 0000000 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\geIconCacheLock
2014-07-13 10:50 - 2014-07-17 06:42 - 0020951 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\IpAdrSet.log
2014-07-13 10:58 - 2014-07-13 10:58 - 0000061 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\libFNP_events.log
2014-03-02 23:39 - 2014-07-09 01:38 - 0384143 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Quarantine.exe
2014-03-02 23:39 - 2014-04-28 13:07 - 0004286 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Report.ico
2014-04-26 13:03 - 2014-04-26 13:03 - 0004286 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Scan.ico
2014-07-13 13:46 - 2014-07-13 18:54 - 0001624 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\StructuredQuery.log
2014-07-13 10:58 - 2014-07-13 10:58 - 0000606 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\swtag.log
2014-03-02 23:39 - 2014-04-28 13:05 - 0004286 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Uninstall.ico
2014-07-14 11:57 - 2014-07-14 11:57 - 0001562 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\wmplog00.sqm
2014-07-14 17:48 - 2014-07-14 17:48 - 0001386 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\wmplog01.sqm
2014-07-14 17:55 - 2014-07-14 17:55 - 0001386 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\wmplog02.sqm
2014-07-14 17:55 - 2014-07-14 17:55 - 0001386 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\wmplog03.sqm
2014-07-14 17:56 - 2014-07-14 17:56 - 0001386 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\wmplog04.sqm
2014-07-14 11:57 - 2014-07-14 11:57 - 0000412 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\wmsetup.log
2014-07-03 22:01 - 2014-07-16 09:12 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_
2014-07-13 15:50 - 2014-07-13 15:50 - 0627221 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp185318935.tmp
2014-07-13 13:33 - 2014-07-13 13:33 - 0631784 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp238489157.tmp
2014-07-13 18:59 - 2014-07-13 18:59 - 0627221 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp244438326.tmp
2014-07-13 13:37 - 2014-07-13 13:37 - 0639944 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp248752708.tmp
2014-07-13 18:58 - 2014-07-13 18:58 - 0627221 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp248799033.tmp
2014-07-13 15:50 - 2014-07-13 15:50 - 0631784 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp248925080.tmp
2014-07-13 18:59 - 2014-07-13 18:59 - 0631784 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp248948756.tmp
2014-07-13 18:56 - 2014-07-13 18:56 - 0631784 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp248990850.tmp
2014-07-13 13:44 - 2014-07-13 13:44 - 0631784 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp249392727.tmp
2014-07-16 09:12 - 2014-07-16 09:12 - 0639220 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp266325871.tmp
2014-07-16 09:12 - 2014-07-16 09:12 - 0635818 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp3994269.tmp
2014-07-13 18:58 - 2014-07-13 18:58 - 0631784 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp47347609.tmp
2014-07-13 18:56 - 2014-07-13 18:56 - 0627221 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp49681481.tmp
2014-07-13 13:44 - 2014-07-13 13:44 - 0627221 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp77946346.tmp
2014-07-13 13:37 - 2014-07-13 13:37 - 0639944 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp9007913.tmp
2014-07-13 13:33 - 2014-07-13 13:33 - 0627221 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\_avast_\unp951543.tmp
2014-07-16 09:12 - 2014-07-16 09:13 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\acro_rd_dir
2014-07-14 02:17 - 2014-07-14 14:16 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Acrobat Distiller 9
2014-04-04 00:53 - 2014-07-14 03:18 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP
2014-04-04 00:53 - 2014-04-04 00:53 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\chrome
2014-04-04 00:53 - 2014-07-17 06:39 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\chrome\Default
2014-04-04 00:53 - 2014-07-16 09:13 - 0129024 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\chrome\Default\Web Data
2014-07-14 03:18 - 2014-07-14 03:18 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\firefox
2014-07-14 03:18 - 2014-07-14 03:18 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\firefox\smartwebprinting@hp.com
2014-07-14 03:18 - 2014-07-14 03:18 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\firefox\smartwebprinting@hp.com\ar.jar.unp
2014-07-14 03:18 - 2014-07-14 03:18 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\firefox\smartwebprinting@hp.com\classic.jar.unp
2014-07-14 03:18 - 2014-07-14 03:18 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\firefox\smartwebprinting@hp.com\classic.jar.unp\skin
2014-07-14 03:18 - 2014-07-14 03:18 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\firefox\smartwebprinting@hp.com\classic.jar.unp\skin\smartwebprinting
2009-05-19 21:05 - 2009-05-19 21:05 - 0001076 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\avastBCLTMP\firefox\smartwebprinting@hp.com\classic.jar.unp\skin\smartwebprinting\toolbar-icon-normal-24.png
2014-07-14 02:17 - 2014-07-14 02:17 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\comtypes_cache
2014-07-14 02:17 - 2014-07-14 02:17 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\comtypes_cache\Dropbox-27
2014-07-13 13:00 - 2014-07-13 19:23 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Low
2014-07-13 19:23 - 2014-07-13 19:23 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Low\_avast_
2014-07-14 02:17 - 2014-07-14 02:17 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir2056_4222
2014-07-14 02:17 - 2014-07-14 02:17 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir2056_4222\AppCache
2014-07-14 02:17 - 2014-07-14 02:17 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir2056_4222\Local Storage
2014-07-14 12:28 - 2014-07-14 12:28 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir3664_25729
2014-07-14 12:28 - 2014-07-14 12:28 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir3664_25729\AppCache
2014-07-14 12:28 - 2014-07-14 12:28 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir3664_25729\Local Storage
2014-07-14 14:16 - 2014-07-14 14:16 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir4676_14105
2014-07-14 14:16 - 2014-07-14 14:16 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir4676_14105\AppCache
2014-07-14 14:16 - 2014-07-14 14:16 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\scoped_dir4676_14105\Local Storage
2014-07-15 12:47 - 2014-07-15 12:47 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Skype
2014-07-15 12:47 - 2014-07-15 16:24 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\Skype\DbTemp
2014-07-14 14:02 - 2014-07-14 14:02 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\TeamViewer
2014-07-14 14:02 - 2014-07-14 14:02 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\TeamViewer\Version9
2014-07-02 14:32 - 2014-07-02 14:32 - 7302552 _____ (TeamViewer) C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_.exe
2014-07-14 14:02 - 2014-07-14 14:02 - 0029111 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\TeamViewer\Version9\TV9Install.log
2014-07-14 14:02 - 2014-07-14 14:02 - 0000046 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\TeamViewer\Version9\tvinfo.ini
2014-07-13 11:01 - 2014-07-13 11:01 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\VBE
2014-07-13 11:01 - 2014-07-13 11:01 - 0147284 _____ () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\VBE\MSForms.exd
2014-07-14 14:16 - 2014-07-14 14:16 - 0000000 ____D () C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\WPDNSE
 
====== End of Folder: ======
 
 
==== End of Fixlog ====


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 17 July 2014 - 02:04 AM

Hi,

do these URL-Mal popups by avast stop appearing after the following fix?
How is your computer running in general? Are there still strange symptoms or problems?


Please download this attached Attached File  fixlist.txt   536bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#6 cchris75

cchris75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 17 July 2014 - 07:19 AM

Dear Aharanov,

 

Thank you for taking the time. To answer your question, after your second fixlist from what I see, I am not getting the pop up. I never had issues with performance (maybe sluggish on the browsers) but the main issue was the URL pop ups from Avast.

 

Please find below Fixlog and do me a favor let us not close this yet until I confirm I am no longer getting the pop up messages from Avast.

THANK YOU VRY MUCH- CHRIS

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014
Ran by EJCHRISTOULAKIS at 2014-07-17 15:06:05 Run:2
Running from C:\Users\EJCHRISTOULAKIS\Desktop\VIRUS 12 07 14\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CMD: bitsadmin /reset
CMD: bitsadmin /reset /allusers
CMD: bitsadmin /list /verbose
C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\02e8693a
C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\1f132414
REG: reg delete "HKU\S-1-5-21-3696313362-1897745090-1807183069-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" /f
REG: reg delete "HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /f
REG: reg delete "HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}" /f
CMD: type "C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt"
*****************
 
 
=========  bitsadmin /reset =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{D69CE4C6-D04F-40D5-8641-F9C09E2A9DFD} canceled.
{DED8E4F2-9E4B-4464-AC4E-EFBF163BC78D} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  bitsadmin /list /verbose =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Listed 0 job(s).
 
========= End of CMD: =========
 
"C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\02e8693a" => File/Directory not found.
"C:\Users\EJCHRISTOULAKIS\AppData\Local\Temp\1f132414" => File/Directory not found.
 
========= reg delete "HKU\S-1-5-21-3696313362-1897745090-1807183069-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" /f =========
 
‘”€‹€: ƒ¤ 㫤 ›¬¤«γ 稩 «¦¬ ΅¦¨ ©£β¤¦¬ ΅Ά › ¦η £«¨ι¦¬ γ « £γ §ζ «¦ ©η©«£.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /f =========
 
† Ά «¦¬¨ε ¦Ά¦΅Ά¨ι΅ £ § «¬®ε.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}" /f =========
 
† Ά «¦¬¨ε ¦Ά¦΅Ά¨ι΅ £ § «¬®ε.
 
 
 
========= End of Reg: =========
 
 
=========  type "C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt" =========
 
穫 夘 ⩞ 婜 ⤞ 婡.
 
========= End of CMD: =========
 
 
==== End of Fixlog ====


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 17 July 2014 - 08:09 AM

Hi Chris,

of course I'll leave this topic open until you are confident that everything is ok.

I can tell you that I'm pretty sure that I know what caused the alerts from avast. In the first fix we've read out some data and they have fully confirmed my suspicion. So in the second fix we went ahead and successfully repaired the stuff that wasn't right. I would be quite surprised if the avast alerts showed up again.. :)
But keep monitoring your computer for a while and report back afterwards.
(I can also tell you that the things I've seen are not related to really bad malware but to adware.)

I see in your logs that you've already run Malwarebytes and ESET. Did those two scanners find something substantial?

#8 cchris75

cchris75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 18 July 2014 - 02:54 AM

Dear Aharanov,

 

Apologies for the late response. Thank you for being thorough and explaining the process. It seems that the popups stopped. 

 

In regards to the other 2 scans, I am gladly posting them here (as attachments) and I would love to tell you if I saw anything suspicious but I probably wouldnt even know what I am looking at. I had noticed that my windows live stuff for some reason are in Polish Language, and I have also seen under Chrome, some really weird extensions. 

Since I fully understand that with each case you deal with, with the input you get and working the problem you guys get better and better in resolving those types of issues, so the least I can do is to contribute in the learning process (please note those scans were run prior to your fixes so I do not know if any of that stuff is still there. Also, do I leave all these tools(FRST, ESET) on the laptop or remove em/save em for a rainny day

 

Do you have any personnal suggestions for both Free Anti Virus and Malware/Adware??? I had AVG for years and switched a few years ago to Avast. Never had any major issues. And I oocassionaly ran the malwarebytes (a few years back I used to run Adaware but). Any suggestions??

 

Thank you again dear friend for your assistance.

 

Chris

Attached Files



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 18 July 2014 - 03:52 AM

Hi Chris,

both the MBAM and the ESET log look very good. Nothing to worry about.
 

I had noticed that my windows live stuff for some reason are in Polish Language

I don't know why it is set up like this but it shouldn't be a big deal to change it back to your preferred language: http://www.thewindowsclub.com/how-to-change-windows-live-language-settings
 

I have also seen under Chrome, some really weird extensions.

You can remove them in Chrome settings. Or it might also be a good idea to reset the browser from time to time to flush all this stuff that has aggregated over time. This removes third party extensions and the like (also stuff you've installed intentionally) but leaves the personal data like bookmarks untouched: https://support.google.com/chrome/answer/3296214?hl=en
 

Also, do I leave all these tools(FRST, ESET) on the laptop or remove em/save em for a rainny day

I'll provide clean up steps below.
 

Do you have any personnal suggestions for both Free Anti Virus and Malware/Adware??? I had AVG for years and switched a few years ago to Avast. Never had any major issues. And I oocassionaly ran the malwarebytes (a few years back I used to run Adaware but). Any suggestions??

With the combination of Avast and Malwarebytes you're perfectly fine. They not only protect against real malware but recently have also adopted an aggressive strategy against adware and PUPs (potentially unwanted programs).
But this security software is only the second line of defense anyway. Even more important is to omit 'risky' behaviour (e.g. to open/execute files from dubious sources) and to keep the installed software up-to-date (to avoid exploitation of it, see below under "Closing security holes").




That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.



Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 12 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 12.1.1.151
Java 6 Update 20




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Edited by aharonov, 18 July 2014 - 03:53 AM.


#10 cchris75

cchris75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 19 July 2014 - 06:12 AM

Dear Aharanov,

 

Many thanks yet again for your detailed info and the steps I need to follow (I havent as of yet but I am going to). As far as the Adware I see no further popups from Avast so I think you got it!!!. I am going to follow up with you in a private message about that beer that I ll gladly buy you.

 

Thank you for both educating me on the subject a bit but also for the timely and effective advice. I hope all of us not so computer savy folks utilizing your advice and that of your peers, in order to get our computers back to healthy, should be buying all of you many many rounds and I trully hope that is the case.

 

All the best

 

Chris



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 21 July 2014 - 08:24 AM

Hi Chris,

you're very welcome.
I'll keep this topic open until you confirm that all steps are through and that everything is alright from your part. :)

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 03 September 2014 - 06:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users