Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

HP computer behaves suspectly


  • This topic is locked This topic is locked
16 replies to this topic

#1 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 02 September 2014 - 12:22 PM

Hello everyone.I have a computer HP running Win7 Home Premium( Service Pack 1) which behaves suspectly.When i use RogueKiller,during the pre-scan it finds and terminates some hidden processes.A different number of processes each time.Also when i use Comodo Killswitch i see some processes that are from HP from what i understand when i read their description.Some of these processes have verified publisher the Hp,but others have no publisher verified.Also Emsisoft Online Armor detect sometimes suspiciou activity from some of these sometimes.This computer was heavily infected in the past.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 03 September 2014 - 07:44 AM

As previously requested in the other topic.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 03 September 2014 - 09:14 AM

Hello nasdaq i have already ran FRST but it seems that i forgot to post the log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by MΙΧΑΛΗΣ21 (administrator) on MIXALHS on 02-09-2014 19:31:43
Running from C:\Users\MΙΧΑΛΗΣ21\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2012-05-07] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2944056 2011-08-17] (Hewlett-Packard Company)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1686439689-3133025068-3591312044-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1686439689-3133025068-3591312044-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1686439689-3133025068-3591312044-1002\...\MountPoints2: {3a1e8b9d-7a62-11e2-ab9d-9bf1f5de741e} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1686439689-3133025068-3591312044-1002\...\MountPoints2: {5293df13-9c77-11e2-b936-ceb720efa51c} - D:\Startme.exe
HKU\S-1-5-21-1686439689-3133025068-3591312044-1002\...\MountPoints2: {58fd9ae8-a8b8-11e2-8d98-e91cea611e10} - D:\Startme.exe
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL/24
SearchScopes: HKCU - {8AAB80B9-CB21-4D7C-85C6-8F20FA5EC8F1} URL = https://www.google.com/search?q={searchTerms}
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF ProfilePath: C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF Extension: HTTPS-Everywhere - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\https-everywhere@eff.org [2014-08-25]
FF Extension: FT DeepDark - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-08-24]
FF Extension: FT GraphiteGlow - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2014-04-07]
FF Extension: WOT - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-07]
FF Extension: Ghostery - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\firefox@ghostery.com.xpi [2014-07-28]
FF Extension: avast! Online Security - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\wrc@avast.com.xpi [2014-07-23]
FF Extension: Bluhell Firewall - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-04-07]
FF Extension: NoScript - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-07]
FF Extension: Adblock Plus - C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Mozilla\Firefox\Profiles\0gaf5mus.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-07]
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.1\ABService.exe [29912 2014-06-18] (AOMEI Tech Co., Ltd.)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed]
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2014\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-18] (Hewlett-Packard Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2014-08-21] (Macrovision Europe Ltd.) [File not signed]
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2014-08-21] (Macrovision Europe Ltd.) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-08-25] (SurfRight B.V.)
R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-05-23] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1330312 2013-05-20] (PDF Complete Inc)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-08-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-04-29] (AVG Technologies)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S3 cleanhlp; C:\EEKAM\Run\cleanhlp64.sys [57024 2014-01-14] (Emsisoft GmbH)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20672 2014-08-22] (Glarysoft Ltd)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-25] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
R1 OADevice; C:\windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
R1 oahlpXX; C:\windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 rrtlxo; C:\CCE\ccekrnl.dat [153408 2014-06-06] ()
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () [File not signed]
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2011-05-09] ()
S0 ssuhop; No ImagePath
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-02] (Trend Micro Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S0 vhjrap; No ImagePath
S0 wjtvys; No ImagePath
S0 zedltn; No ImagePath
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 efavdrv; \??\C:\windows\system32\drivers\efavdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 19:31 - 2014-09-02 19:32 - 00021250 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST.txt
2014-09-02 19:30 - 2014-09-02 19:31 - 00000000 ____D () C:\FRST
2014-09-02 19:30 - 2014-09-02 19:30 - 02104832 _____ (Farbar) C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST64.exe
2014-09-02 19:07 - 2014-09-02 19:07 - 00000036 _____ () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\housecall.guid.cache
2014-09-02 19:07 - 2013-09-02 10:58 - 00175528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-09-02 19:01 - 2014-09-02 19:02 - 00000000 ____D () C:\avast!
2014-09-02 19:00 - 2014-09-02 19:01 - 00000000 ____D () C:\GMER
2014-09-02 18:59 - 2014-09-02 19:13 - 00000000 ____D () C:\Trend Micro
2014-09-02 18:22 - 2014-09-02 18:45 - 00000000 ____D () C:\F-Secure
2014-09-02 17:52 - 2014-09-02 17:52 - 00000000 ___RD () C:\Sandbox
2014-08-29 15:10 - 2014-08-29 15:10 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys
2014-08-29 14:38 - 2014-08-29 14:46 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-08-29 14:38 - 2014-08-29 14:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\OnlineArmor
2014-08-29 14:31 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-29 14:31 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-29 14:31 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-29 14:19 - 2014-09-02 17:33 - 00000504 _____ () C:\windows\setupact.log
2014-08-29 14:19 - 2014-08-29 14:56 - 00269600 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 14:19 - 2014-08-29 14:19 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 12:50 - 2014-08-28 12:50 - 00058016 _____ () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 13:17 - 2014-08-27 13:17 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\Secunia PSI
2014-08-27 13:16 - 2014-08-27 13:16 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-27 13:16 - 2014-08-27 13:16 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-27 13:02 - 2014-09-02 17:53 - 00001684 _____ () C:\windows\Sandboxie.ini
2014-08-27 13:01 - 2014-08-27 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-27 13:00 - 2014-08-27 13:00 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-25 18:38 - 2014-08-25 18:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-08-25 18:38 - 2014-08-25 18:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Ashampoo
2014-08-25 18:38 - 2014-08-25 18:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\ashampoo
2014-08-25 17:55 - 2014-08-31 20:06 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-08-25 17:55 - 2013-10-11 03:41 - 00062008 _____ () C:\windows\SysWOW64\Drivers\oahlp64.sys
2014-08-25 17:55 - 2013-10-11 03:40 - 00064720 _____ () C:\windows\SysWOW64\Drivers\OADriver.sys
2014-08-25 17:55 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\windows\SysWOW64\Drivers\OAmon.sys
2014-08-25 17:55 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\windows\system32\Drivers\OAnet.sys
2014-08-25 17:19 - 2014-08-25 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-08-25 17:18 - 2014-08-25 17:19 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-08-25 17:18 - 2014-08-25 17:18 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-08-25 17:18 - 2014-08-25 17:18 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-08-25 17:18 - 2014-08-25 17:18 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-08-25 16:59 - 2014-08-25 16:59 - 00001504 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\Mozilla Firefox.lnk
2014-08-25 16:56 - 2014-08-25 16:58 - 00000856 _____ () C:\HPCamDrv.log
2014-08-25 16:56 - 2014-08-25 16:58 - 00000171 _____ () C:\camera.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000383 ___SH () C:\Users\MΙΧΑΛΗΣ21\Desktop\Κάδος Ανακύκλωσης - Συντόμευση.lnk
2014-08-24 11:17 - 2014-08-24 11:45 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\UltraDefragPortable
2014-08-23 22:41 - 2014-08-23 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2014-08-23 22:41 - 2014-08-23 22:41 - 00000000 ____D () C:\Program Files (x86)\PDF Complete
2014-08-23 22:41 - 2013-05-20 18:18 - 00020600 _____ (PDF Complete, Inc.) C:\windows\system32\pdfc_port.dll
2014-08-23 22:11 - 2014-09-02 17:34 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-23 17:01 - 2014-08-23 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-22 14:02 - 2014-08-22 14:02 - 68628480 _____ () C:\windows\system32\config\software.gu
2014-08-22 14:02 - 2014-08-22 14:02 - 00921600 _____ () C:\windows\system32\config\default.gu
2014-08-22 14:02 - 2014-08-22 14:02 - 00028672 _____ () C:\windows\system32\config\security.gu
2014-08-22 00:03 - 2014-09-02 17:35 - 00000340 _____ () C:\windows\Tasks\GlaryInitialize 5.job
2014-08-22 00:03 - 2014-08-22 00:03 - 00020672 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys
2014-08-22 00:03 - 2014-08-22 00:03 - 00002978 _____ () C:\windows\System32\Tasks\GU5SkipUAC
2014-08-22 00:03 - 2014-08-22 00:03 - 00002642 _____ () C:\windows\System32\Tasks\GlaryInitialize 5
2014-08-22 00:03 - 2014-08-22 00:03 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-22 00:03 - 2014-08-22 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-22 00:03 - 2014-08-18 04:06 - 00118048 _____ (Glarysoft Ltd) C:\windows\system32\BootDefrag.exe
2014-08-22 00:03 - 2014-07-18 10:11 - 00017600 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\BootDefragDriver.sys
2014-08-22 00:02 - 2014-08-28 12:49 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ____D () C:\ProgramData\Intel
2014-08-21 19:24 - 2014-08-21 19:24 - 00000000 ____D () C:\Program Files\Intel
2014-08-21 19:22 - 2014-08-21 19:22 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Intel
2014-08-21 19:11 - 2014-08-21 19:11 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-08-21 18:48 - 2014-08-25 16:55 - 00004096 _____ (Hewlett-Packard Company) C:\windows\SysWOW64\sigfile.exe
2014-08-21 18:31 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-21 18:31 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-21 18:31 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-21 18:31 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-21 18:31 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-21 18:31 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-21 18:31 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-21 18:31 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-21 18:31 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-21 18:31 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-21 18:31 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-21 18:31 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-21 18:31 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-21 18:31 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-19 10:47 - 2014-08-19 10:47 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\AdTrustMedia
2014-08-19 10:45 - 2014-08-25 18:25 - 00000000 ____D () C:\Program Files\COMODO
2014-08-19 10:45 - 2014-08-19 10:45 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-08-19 10:45 - 2014-08-19 10:45 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-08-19 10:42 - 2014-08-25 18:25 - 00000000 ____D () C:\ProgramData\Comodo
2014-08-19 00:26 - 2014-08-19 00:26 - 00001024 ____H () C:\SYSTAG.BIN
2014-08-18 21:10 - 2014-08-18 21:10 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Wise Care 365
2014-08-18 20:15 - 2014-08-24 12:14 - 00000000 ____D () C:\Bitdefender
2014-08-18 18:34 - 2014-08-22 14:02 - 00028672 _____ () C:\windows\system32\config\system.gu
2014-08-18 18:33 - 2014-08-18 04:06 - 00028960 _____ (Glarysoft Ltd) C:\windows\system32\RegBootDefrag.exe
2014-08-18 15:31 - 2014-08-25 16:58 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-08-17 21:40 - 2014-08-19 12:47 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\SecurityScans
2014-08-17 21:40 - 2014-08-17 21:40 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2014-08-17 21:40 - 2014-08-17 21:40 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-08-16 17:06 - 2014-08-16 17:08 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\Glarysoft Portable
2014-08-16 17:03 - 2014-08-16 17:03 - 00000000 ____D () C:\ProgramData\LightScribe
2014-08-16 16:52 - 2014-08-16 16:52 - 00176021 _____ () C:\ProgramData\1408197101.bdinstall.bin
2014-08-16 16:52 - 2014-08-16 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-08-16 16:52 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2014-08-16 16:52 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2014-08-16 16:52 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys
2014-08-16 16:52 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2014-08-16 16:51 - 2014-08-16 16:51 - 00037590 _____ () C:\ProgramData\1408197099.bdinstall.bin
2014-08-16 16:29 - 2014-08-21 23:52 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-16 16:04 - 2014-08-16 16:08 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\LibreOfficePortable
2014-08-16 15:47 - 2014-08-16 16:33 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-08-16 15:14 - 2014-08-24 12:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\DiskDefrag
2014-08-16 15:14 - 2014-08-22 00:03 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\GlarySoft
2014-08-15 12:43 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-15 12:43 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-15 12:43 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-15 12:43 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-15 12:43 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-15 12:43 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-15 12:43 - 2014-07-09 05:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-15 12:43 - 2014-07-09 04:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-15 12:43 - 2014-07-09 04:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-15 12:43 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-15 12:43 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-15 12:43 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-15 12:43 - 2014-07-09 01:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-15 12:43 - 2014-07-09 01:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-15 12:43 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-15 12:43 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-15 12:43 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-15 12:43 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-15 12:43 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-15 12:43 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-15 12:43 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-15 12:42 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-15 12:42 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-15 12:42 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-15 12:42 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-15 12:42 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-15 12:42 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-15 12:42 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-15 12:42 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-15 12:42 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-15 12:42 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-15 12:42 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-15 12:42 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-15 12:42 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-15 12:42 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-15 12:42 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-15 12:42 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-15 12:42 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-15 12:42 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-15 12:42 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 12:42 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-15 12:42 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-15 12:42 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-15 12:42 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-15 12:42 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-15 12:42 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-15 12:42 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 12:42 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-15 12:42 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-15 12:42 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-15 12:42 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-15 12:42 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-15 12:42 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-15 12:42 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-15 12:42 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-15 12:42 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-15 12:42 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-15 12:42 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-15 12:42 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-15 12:42 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 12:42 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-15 12:42 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-15 12:42 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-15 12:42 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-15 12:42 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-15 12:42 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-15 12:42 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-15 12:42 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-15 12:42 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-15 12:42 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-15 12:42 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-15 12:42 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-15 12:42 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-15 12:42 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-15 12:42 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-15 12:42 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-15 12:42 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-15 12:42 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-15 12:42 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-15 12:42 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-15 12:39 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 12:39 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-15 12:39 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-15 12:39 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-13 19:52 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-13 19:52 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-13 19:52 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-13 19:52 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-13 19:52 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-13 19:52 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-13 19:52 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-13 19:52 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-09 00:40 - 2014-08-09 00:43 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\RevoUninstallerPortable
2014-08-09 00:27 - 2014-08-25 18:38 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-08-09 00:27 - 2014-08-25 18:37 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-08-09 00:27 - 2014-08-09 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-08-09 00:27 - 2009-08-24 22:13 - 00034304 _____ (mst software GmbH, Germany) C:\windows\system32\DfSdkBt.exe
2014-08-09 00:21 - 2014-08-09 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2014-08-08 23:46 - 2014-08-08 23:46 - 00002930 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\VLC.lnk
2014-08-08 23:46 - 2014-08-08 23:46 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\vlc
2014-08-08 23:44 - 2014-08-08 23:46 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\vlc-2.1.5
2014-08-08 22:57 - 2014-08-08 22:57 - 00001245 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\Notepad.lnk
2014-08-08 22:55 - 2014-08-19 00:26 - 00000082 _____ () C:\windows\SysWOW64\winsevr.dat
2014-08-08 22:54 - 2014-08-19 00:26 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-08-08 22:54 - 2014-08-19 00:26 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.1
2014-08-08 22:54 - 2014-08-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2014-08-08 22:54 - 2013-05-07 14:27 - 00151480 _____ () C:\windows\system32\ammntdrv.sys
2014-08-08 22:54 - 2013-05-07 14:27 - 00030648 _____ () C:\windows\system32\ambakdrv.sys
2014-08-08 22:54 - 2013-02-06 15:52 - 00017848 _____ () C:\windows\system32\amwrtdrv.sys
2014-08-08 22:52 - 2014-08-08 22:52 - 00000263 _____ () C:\windows\system32\TeamViewer9_Hooks.log
2014-08-06 13:33 - 2014-08-06 13:34 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\TreeSize Free
2014-08-06 13:16 - 2014-08-06 13:16 - 00000000 ____D () C:\herdProtect
2014-08-05 14:10 - 2014-09-02 19:30 - 01125227 _____ () C:\windows\WindowsUpdate.log
2014-08-05 13:41 - 2014-08-05 13:41 - 00000000 ____D () C:\Tcpview
2014-08-04 16:57 - 2014-08-05 13:24 - 00000388 _____ () C:\windows\Tasks\SlimCleaner Scan.job
2014-08-04 16:57 - 2014-08-04 16:59 - 00003124 _____ () C:\windows\System32\Tasks\SlimCleaner Scan
2014-08-04 13:50 - 2014-09-02 18:21 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Desktop\Usefull Items
2014-08-04 13:49 - 2014-08-04 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-08-04 13:49 - 2014-08-04 13:50 - 00000000 ____D () C:\Program Files (x86)\ERUNT
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 19:32 - 2014-09-02 19:31 - 00021250 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST.txt
2014-09-02 19:31 - 2014-09-02 19:30 - 00000000 ____D () C:\FRST
2014-09-02 19:30 - 2014-09-02 19:30 - 02104832 _____ (Farbar) C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST64.exe
2014-09-02 19:30 - 2014-08-05 14:10 - 01125227 _____ () C:\windows\WindowsUpdate.log
2014-09-02 19:13 - 2014-09-02 18:59 - 00000000 ____D () C:\Trend Micro
2014-09-02 19:13 - 2012-04-20 20:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 19:07 - 2014-09-02 19:07 - 00000036 _____ () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\housecall.guid.cache
2014-09-02 19:02 - 2014-09-02 19:01 - 00000000 ____D () C:\avast!
2014-09-02 19:01 - 2014-09-02 19:00 - 00000000 ____D () C:\GMER
2014-09-02 18:45 - 2014-09-02 18:22 - 00000000 ____D () C:\F-Secure
2014-09-02 18:24 - 2014-07-15 19:49 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\CrashDumps
2014-09-02 18:21 - 2014-08-04 13:50 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Desktop\Usefull Items
2014-09-02 17:53 - 2014-08-27 13:02 - 00001684 _____ () C:\windows\Sandboxie.ini
2014-09-02 17:52 - 2014-09-02 17:52 - 00000000 ___RD () C:\Sandbox
2014-09-02 17:41 - 2009-07-14 07:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 17:41 - 2009-07-14 07:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 17:35 - 2014-08-22 00:03 - 00000340 _____ () C:\windows\Tasks\GlaryInitialize 5.job
2014-09-02 17:34 - 2014-08-23 22:11 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-02 17:34 - 2010-09-03 17:56 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-09-02 17:33 - 2014-08-29 14:19 - 00000504 _____ () C:\windows\setupact.log
2014-09-02 17:33 - 2009-07-14 08:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-01 22:27 - 2014-05-17 13:20 - 00000000 ____D () C:\windows\CryptoGuard
2014-09-01 13:12 - 2009-07-14 08:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-31 20:06 - 2014-08-25 17:55 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-08-29 15:10 - 2014-08-29 15:10 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys
2014-08-29 15:05 - 2014-07-16 19:45 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-08-29 14:56 - 2014-08-29 14:19 - 00269600 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 14:46 - 2014-08-29 14:38 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-08-29 14:38 - 2014-08-29 14:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\OnlineArmor
2014-08-29 14:19 - 2014-08-29 14:19 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 12:50 - 2014-08-28 12:50 - 00058016 _____ () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-28 12:49 - 2014-08-22 00:02 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-27 21:43 - 2014-06-06 20:40 - 00000000 ____D () C:\CCE
2014-08-27 13:17 - 2014-08-27 13:17 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\Secunia PSI
2014-08-27 13:16 - 2014-08-27 13:16 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-27 13:16 - 2014-08-27 13:16 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-27 13:13 - 2014-04-20 15:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-27 13:01 - 2014-08-27 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-27 13:00 - 2014-08-27 13:00 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-25 20:25 - 2014-06-09 17:49 - 00000000 ____D () C:\EEKAM
2014-08-25 20:24 - 2014-07-17 16:41 - 00000000 ____D () C:\AdwCleaner
2014-08-25 20:00 - 2014-06-09 18:15 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 18:48 - 2011-10-01 19:40 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\ArcSoft
2014-08-25 18:38 - 2014-08-25 18:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-08-25 18:38 - 2014-08-25 18:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Ashampoo
2014-08-25 18:38 - 2014-08-25 18:38 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\ashampoo
2014-08-25 18:38 - 2014-08-09 00:27 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-08-25 18:37 - 2014-08-09 00:27 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-08-25 18:25 - 2014-08-19 10:45 - 00000000 ____D () C:\Program Files\COMODO
2014-08-25 18:25 - 2014-08-19 10:42 - 00000000 ____D () C:\ProgramData\Comodo
2014-08-25 18:21 - 2014-06-20 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-08-25 17:19 - 2014-08-25 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-08-25 17:19 - 2014-08-25 17:18 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-08-25 17:18 - 2014-08-25 17:18 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-08-25 17:18 - 2014-08-25 17:18 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-08-25 17:18 - 2014-08-25 17:18 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-08-25 16:59 - 2014-08-25 16:59 - 00001504 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\Mozilla Firefox.lnk
2014-08-25 16:58 - 2014-08-25 16:56 - 00000856 _____ () C:\HPCamDrv.log
2014-08-25 16:58 - 2014-08-25 16:56 - 00000171 _____ () C:\camera.log
2014-08-25 16:58 - 2014-08-18 15:31 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-08-25 16:55 - 2014-08-21 18:48 - 00004096 _____ (Hewlett-Packard Company) C:\windows\SysWOW64\sigfile.exe
2014-08-25 16:55 - 2009-07-27 19:14 - 00000000 ____D () C:\swsetup
2014-08-25 16:50 - 2013-02-18 14:24 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-25 16:42 - 2014-08-25 16:42 - 00000383 ___SH () C:\Users\MΙΧΑΛΗΣ21\Desktop\Κάδος Ανακύκλωσης - Συντόμευση.lnk
2014-08-24 12:38 - 2014-08-16 15:14 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\DiskDefrag
2014-08-24 12:14 - 2014-08-18 20:15 - 00000000 ____D () C:\Bitdefender
2014-08-24 11:45 - 2014-08-24 11:17 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\UltraDefragPortable
2014-08-24 11:37 - 2014-07-11 14:30 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-08-23 22:41 - 2014-08-23 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2014-08-23 22:41 - 2014-08-23 22:41 - 00000000 ____D () C:\Program Files (x86)\PDF Complete
2014-08-23 18:53 - 2011-10-02 01:04 - 00000000 ____D () C:\windows\rescache
2014-08-23 17:25 - 2013-07-13 19:14 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-23 17:25 - 2012-08-08 18:30 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\Google
2014-08-23 17:01 - 2014-08-23 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 16:38 - 2014-07-15 19:01 - 00000000 ____D () C:\Junkware Removal Tool
2014-08-23 16:27 - 2014-05-23 20:14 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-23 16:25 - 2012-03-12 12:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-23 05:07 - 2014-08-29 14:31 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 04:45 - 2014-08-29 14:31 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 03:59 - 2014-08-29 14:31 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 14:02 - 2014-08-22 14:02 - 68628480 _____ () C:\windows\system32\config\software.gu
2014-08-22 14:02 - 2014-08-22 14:02 - 00921600 _____ () C:\windows\system32\config\default.gu
2014-08-22 14:02 - 2014-08-22 14:02 - 00028672 _____ () C:\windows\system32\config\security.gu
2014-08-22 14:02 - 2014-08-18 18:34 - 00028672 _____ () C:\windows\system32\config\system.gu
2014-08-22 14:02 - 2011-10-01 18:15 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21
2014-08-22 14:02 - 2009-07-14 05:34 - 18087936 _____ () C:\windows\system32\config\system.gu.bak
2014-08-22 14:01 - 2009-07-14 05:34 - 00262144 _____ () C:\windows\system32\config\sam.gu.bak
2014-08-22 00:03 - 2014-08-22 00:03 - 00020672 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys
2014-08-22 00:03 - 2014-08-22 00:03 - 00002978 _____ () C:\windows\System32\Tasks\GU5SkipUAC
2014-08-22 00:03 - 2014-08-22 00:03 - 00002642 _____ () C:\windows\System32\Tasks\GlaryInitialize 5
2014-08-22 00:03 - 2014-08-22 00:03 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-22 00:03 - 2014-08-22 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-22 00:03 - 2014-08-16 15:14 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\GlarySoft
2014-08-21 23:52 - 2014-08-16 16:29 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-21 19:47 - 2010-09-03 17:49 - 00608376 _____ () C:\windows\system32\perfh008.dat
2014-08-21 19:47 - 2010-09-03 17:49 - 00112038 _____ () C:\windows\system32\perfc008.dat
2014-08-21 19:47 - 2009-07-14 08:13 - 01493774 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-21 19:27 - 2010-09-03 17:33 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-08-21 19:26 - 2012-03-02 21:28 - 01516994 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-08-21 19:25 - 2014-08-21 19:25 - 00000000 ____D () C:\ProgramData\Intel
2014-08-21 19:24 - 2014-08-21 19:24 - 00000000 ____D () C:\Program Files\Intel
2014-08-21 19:22 - 2014-08-21 19:22 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Intel
2014-08-21 19:15 - 2009-07-14 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-21 19:11 - 2014-08-21 19:11 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-08-21 16:49 - 2014-07-11 14:31 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\SlimWare Utilities Inc
2014-08-21 16:47 - 2014-07-11 14:29 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-19 12:47 - 2014-08-17 21:40 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\SecurityScans
2014-08-19 11:19 - 2014-05-21 16:58 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\CCleaner registry restore points
2014-08-19 10:47 - 2014-08-19 10:47 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\AdTrustMedia
2014-08-19 10:45 - 2014-08-19 10:45 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-08-19 10:45 - 2014-08-19 10:45 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-08-19 00:26 - 2014-08-19 00:26 - 00001024 ____H () C:\SYSTAG.BIN
2014-08-19 00:26 - 2014-08-08 22:55 - 00000082 _____ () C:\windows\SysWOW64\winsevr.dat
2014-08-19 00:26 - 2014-08-08 22:54 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-08-19 00:26 - 2014-08-08 22:54 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.1
2014-08-19 00:07 - 2011-10-01 18:23 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\VirtualStore
2014-08-18 21:10 - 2014-08-18 21:10 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Wise Care 365
2014-08-18 18:34 - 2009-07-14 05:34 - 69206016 _____ () C:\windows\system32\config\software.gu.bak
2014-08-18 18:34 - 2009-07-14 05:34 - 00262144 _____ () C:\windows\system32\config\security.gu.bak
2014-08-18 18:33 - 2009-07-14 05:34 - 01048576 _____ () C:\windows\system32\config\default.gu.bak
2014-08-18 17:58 - 2014-07-31 11:58 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\Process Explorer
2014-08-18 16:54 - 2009-07-14 06:20 - 00000000 ____D () C:\windows\registration
2014-08-18 04:06 - 2014-08-22 00:03 - 00118048 _____ (Glarysoft Ltd) C:\windows\system32\BootDefrag.exe
2014-08-18 04:06 - 2014-08-18 18:33 - 00028960 _____ (Glarysoft Ltd) C:\windows\system32\RegBootDefrag.exe
2014-08-17 21:40 - 2014-08-17 21:40 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2014-08-17 21:40 - 2014-08-17 21:40 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-08-17 00:40 - 2014-07-15 19:01 - 00000000 ____D () C:\Adlice Software
2014-08-16 17:28 - 2012-08-08 18:34 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\Opera
2014-08-16 17:27 - 2014-02-17 17:41 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Opera Software
2014-08-16 17:27 - 2014-02-17 17:41 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Local\Opera Software
2014-08-16 17:08 - 2014-08-16 17:06 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\Glarysoft Portable
2014-08-16 17:03 - 2014-08-16 17:03 - 00000000 ____D () C:\ProgramData\LightScribe
2014-08-16 16:52 - 2014-08-16 16:52 - 00176021 _____ () C:\ProgramData\1408197101.bdinstall.bin
2014-08-16 16:52 - 2014-08-16 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-08-16 16:51 - 2014-08-16 16:51 - 00037590 _____ () C:\ProgramData\1408197099.bdinstall.bin
2014-08-16 16:33 - 2014-08-16 15:47 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-08-16 16:19 - 2014-06-20 17:10 - 00000000 ____D () C:\SurfRight
2014-08-16 16:08 - 2014-08-16 16:04 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\LibreOfficePortable
2014-08-16 15:53 - 2014-02-24 21:06 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Hewlett-Packard Company
2014-08-16 15:53 - 2010-09-03 18:09 - 00000188 _____ () C:\windows\system32\HPWA.ini
2014-08-16 15:53 - 2010-09-03 18:09 - 00000187 _____ () C:\windows\SysWOW64\HPWA.ini
2014-08-16 15:53 - 2010-09-03 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-16 15:53 - 2010-09-03 17:33 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-08-16 15:51 - 2012-04-20 20:23 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-16 15:51 - 2012-04-20 20:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-16 15:51 - 2012-04-20 20:23 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-16 14:02 - 2009-07-14 06:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-15 22:28 - 2014-04-30 20:45 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 13:27 - 2009-07-14 06:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-08-15 13:27 - 2009-07-14 06:20 - 00000000 ____D () C:\windows\system32\MUI
2014-08-15 13:27 - 2009-07-14 06:20 - 00000000 ____D () C:\windows\servicing
2014-08-15 13:27 - 2009-07-14 06:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 20:43 - 2011-10-01 18:31 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Skype
2014-08-14 20:34 - 2014-04-30 19:15 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 20:29 - 2014-04-30 19:15 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-13 19:42 - 2014-05-23 20:14 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-09 00:43 - 2014-08-09 00:40 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\RevoUninstallerPortable
2014-08-09 00:27 - 2014-08-09 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-08-09 00:21 - 2014-08-09 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2014-08-09 00:21 - 2014-05-23 20:14 - 00000000 ____D () C:\ProgramData\IObit
2014-08-08 23:46 - 2014-08-08 23:46 - 00002930 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\VLC.lnk
2014-08-08 23:46 - 2014-08-08 23:46 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\vlc
2014-08-08 23:46 - 2014-08-08 23:44 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\vlc-2.1.5
2014-08-08 22:57 - 2014-08-08 22:57 - 00001245 _____ () C:\Users\MΙΧΑΛΗΣ21\Desktop\Notepad.lnk
2014-08-08 22:54 - 2014-08-08 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2014-08-08 22:52 - 2014-08-08 22:52 - 00000263 _____ () C:\windows\system32\TeamViewer9_Hooks.log
2014-08-08 22:52 - 2014-07-26 17:01 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-07 05:06 - 2014-08-15 12:39 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 05:01 - 2014-08-15 12:39 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-06 17:09 - 2010-09-24 04:37 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 13:34 - 2014-08-06 13:33 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\Documents\TreeSize Free
2014-08-06 13:16 - 2014-08-06 13:16 - 00000000 ____D () C:\herdProtect
2014-08-05 13:41 - 2014-08-05 13:41 - 00000000 ____D () C:\Tcpview
2014-08-05 13:41 - 2006-07-28 09:32 - 00007005 _____ () C:\Eula.txt
2014-08-05 13:24 - 2014-08-04 16:57 - 00000388 _____ () C:\windows\Tasks\SlimCleaner Scan.job
2014-08-04 16:59 - 2014-08-04 16:57 - 00003124 _____ () C:\windows\System32\Tasks\SlimCleaner Scan
2014-08-04 13:50 - 2014-08-04 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-08-04 13:50 - 2014-08-04 13:49 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-08-03 13:58 - 2014-07-15 18:59 - 00000000 ____D () C:\Users\MΙΧΑΛΗΣ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-03 13:58 - 2014-07-15 18:59 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-01 17:51
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 03 September 2014 - 09:37 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S0 ssuhop; No ImagePath
S0 vhjrap; No ImagePath
S0 wjtvys; No ImagePath
S0 zedltn; No ImagePath
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 efavdrv; \??\C:\windows\system32\drivers\efavdrv.sys [X]
AlternateDataStreams: C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\MΙΧΑΛΗΣ21\Downloads\Auslogics BrowserCare.exe.exe:BDU

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now.

#5 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 03 September 2014 - 09:59 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by MΙΧΑΛΗΣ21 at 2014-09-03 17:48:50 Run:1
Running from C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S0 ssuhop; No ImagePath
S0 vhjrap; No ImagePath
S0 wjtvys; No ImagePath
S0 zedltn; No ImagePath
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 efavdrv; \??\C:\windows\system32\drivers\efavdrv.sys [X]
AlternateDataStreams: C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\MΙΧΑΛΗΣ21\Downloads\Auslogics BrowserCare.exe.exe:BDU
 
End
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
"HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
ssuhop => Service deleted successfully.
vhjrap => Service deleted successfully.
wjtvys => Service deleted successfully.
zedltn => Service deleted successfully.
btmaudio => Service deleted successfully.
BTMCOM => Service deleted successfully.
efavdrv => Service deleted successfully.
"C:\Users\MΙΧΑΛΗΣ21\Desktop\FRST64.exe" => ":BDU" ADS not found.
C:\Users\MΙΧΑΛΗΣ21\Downloads\Auslogics BrowserCare.exe.exe => ":BDU" ADS removed successfully.
 
==== End of Fixlog ====


#6 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 03 September 2014 - 10:02 AM

the computer??

It is running the same as it was.Maybe a little better i think.

Soon i will post the checkup.txt



#7 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 03 September 2014 - 10:22 AM

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 SlimCleaner     
 Panda Cloud Cleaner   
 Adobe Flash Player 14.0.0.179  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 Tall Emu Online Armor OAcat.exe 
 Tall Emu Online Armor oasrv.exe 
 Tall Emu Online Armor oaui.exe 
 Tall Emu Online Armor OAhlp.exe 
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 03 September 2014 - 12:23 PM

Is the computer still slow or better?

#9 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 03 September 2014 - 03:18 PM

The same.It is not slow,but it doesn't look right.....



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 04 September 2014 - 08:27 AM

Then what is wrong with it?

Also run this scan.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#11 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 04 September 2014 - 01:18 PM

I am doing it now.



#12 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 05 September 2014 - 10:51 AM

2 THREATS FOUND WITH ESET.

 

 

 

C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 06 September 2014 - 07:18 AM

The toolbar is not required. You can delete it.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 Guest_ArisMFighter_*

Guest_ArisMFighter_*

  • Guests
  • OFFLINE
  •  

Posted 06 September 2014 - 06:37 PM

Thank you.With ESET Online Scanner i got rid of these unwanted toolbars.Also thanks for the security tips.But i forgot to tell you that in startup,when i boot my computer i get a black screen for some seconds since i updated some drivers.Can we do something for this??

Thanks.


Edited by ArisMFighter, 06 September 2014 - 06:55 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 07 September 2014 - 08:08 AM

when i boot my computer i get a black screen for some seconds since i updated some drivers.Can we do something for this??


When did you update the drivers.
What this happening when we started to clean the computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users