Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible backdoor ,Trkwks service running on laptop


  • This topic is locked This topic is locked
18 replies to this topic

#1 niklas1981

niklas1981

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 March 2016 - 02:25 PM

I created a new topic on "am i affected"and they told me to open a new thread here .

Two days ago i installed one game from torrent file which wasn't what i expected.When i tried to install it a cmd window opened and after some commands run than it closed opening about 4-5 tabs on firefox .Of course no game was installed and i could not delete the file .I finally used revo uninstaller which hardly delete the file and the program installed .Today i opened task manager and decided to check manually the services running on my laptop by checking them on google .My conclusion is that i found two services that they should not be running but when i choose to disable them a message pop up which says "access denied" (i am logged in as an admin)

The two services running on my laptop are:

1) Stisvc

2)Trkwks

After opening thread on "am i affected" they told me to run FRST and post the log files here

So here they are:

 

Attached File  Addition.txt   32.7KB   10 downloadsAttached File  FRST.txt   75.06KB   16 downloads

 

Also some log files i have already run

Attached File  AdwCleanerS3.txt   2.02KB   6 downloadsAttached File  eset smart security 7 log.txt   68.26KB   6 downloads


Edited by niklas1981, 28 March 2016 - 02:44 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:00 PM

Posted 29 March 2016 - 07:02 AM

niklas1981:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall. If you would permit me to address you by your first name, I would prefer to do that since we will be working together.

I will be assisting you with your computer issues. All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Team member or instructor. This will delay response times somewhat, but I will endeavor to respond within 48 hours after your last post.

I will need some time to review your FRST logs and consult with a Malware Response Instructor. Once I have done that, I will post back with initial instructions.

Thank you and have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 29 March 2016 - 02:12 PM

Ok thank you my name is Nikos and i will wait for your instructions !



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:00 PM

Posted 30 March 2016 - 09:31 AM

Nikos:

Thank you for your permission to address you by your first name. It is much appreciated.

I have conferred with a Malware Removal Instructor concerning your logs. I thank you for your patience. It will take some time to completely disinfect your computer, which will have to be done in steps. So let's get started.


:step1: You have a "crack" for MS Office. The use and promotion of "cracked" software is contrary to Bleeping Computer Forum rules. Such software is usually bundled with malware, which puts your computer, and other computers, at risk. "Cracked" software applications do not get the regular security updates, so they become increasingly vulnerable to malware, due to the malware creators exploiting security vulnerabilities as they are discovered.

I will remove the "crack" software as a part of my fix.

Because it is your computer, it is your decision whether to continue with cleaning your computer, which is infected. If you don't wish to continue disinfecting your computer under those terms, then please advise me and I will have this thread closed and you can disregard the remaining instructions.


:step2: I have a question for you. In the scan logs, I noticed a policy restriction on Internet Explorer. Did you set that policy restriction? If not, then I will assume that it was created by malware and remove it, in a later post.


:step3: I want to take a look for the two services that you said were running, but that did not appear in the FRST logs. It is possible that your ESET scan eliminated those services. I could not read the ESET scan since it appeared to be in the Greek language, with which I am unfamiliar. Please confirm that the spelling of the service names is correct where they appear in the code box below. If not, please correct the spellings of one or both of the services to the correct names.

  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main text field:
:service
Stisvc
Trkwks

:process
Stisvc
Trkwks

:regfind
Stisvc
Trkwks
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

 

 

:step4: Please copy and paste the contents of the code box below into Notepad and save it as "fixlist.txt" in the same folder as FRST64.EXE is located. Both files must be in the same folder.
Next please rename your FRST64.EXE file to FRST64english.EXE so that the output willl be completely in English.
Then, please launch FRST64english.EXE and click on the "FIX" button.
A log file, called "Fixlog.txt", will be created in the same folder from which FRST64english.EXE was run. Please paste that file into your next reply.
 

 
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-03-28 00:15 - 2016-03-28 00:30 - 00000000 _____ C:\hsrv.txt
2016-03-28 00:03 - 2016-03-28 00:03 - 00000000 ____D C:\Users\Public\Thunder Network
2016-03-28 00:03 - 2016-03-28 00:03 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\HaiYuInst
2016-03-28 00:03 - 2016-03-28 00:03 - 00000000 ____D C:\ProgramData\Thunder Network
2016-03-27 16:19 - 2016-03-28 12:55 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2016-03-27 16:14 - 2016-03-27 16:14 - 00000930 _____ C:\Windows\system32\.crusader
2016-03-16 06:26 - 2016-03-16 06:26 - 00000000 ____D C:\Program Files (x86)\GUMDFD9.tmp
2016-03-15 21:13 - 2016-01-30 21:12 - 00000000 ____D C:\Windows\AutoKMS
CustomCLSID: HKU\S-1-5-21-667712713-922053234-1472939819-1001_Classes\CLSID\{94B130C8-AFD5-6CCA-D3A8-8BBB9E3D7178}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-667712713-922053234-1472939819-1001_Classes\CLSID\{A53FA8C7-AA17-B39A-A960-65FC9BAFDE96}\InprocServer32 -> no filepath
Task: {736A7AAD-4D39-4AF8-91C3-498A6F228609} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-01-30] ()
C:\Users\Nikos\AppData\Local\Temp\i4jdel0.exe
File: C:\Windows\system32\.crusader
CMD: netsh advfirewall reset

 

 

:step5: Please open Windows Explorer and navigate to the file C:\Windows\System32\.crusader. Please upload the file to VirusTotal here for analysis and report back the findings.

 


:step6: Please re-run FRST64english.EXE. Ensure that "Addition.txt" and "BCD" are checked as well, and then run another "Scan". Please paste the FRST logs into your next reply.
 

 

Wow, that was a lot of work, and we're only getting started! :) Actually, we have made a very good start in disinfecting your computer. I will need to keep asking you to do "fresh" FRST scans until I am certain that we have eradicated all of the malware.

So what I would like to obtain from you, in your next post, is the following, please:

  • The answer as to whether you set any policy restrictions on Internet Explorer?
  • A copy of the SystemLook scan, which was requested in step :step3:
  • A copy of the "fixlog.txt" file, created after step :step4: was run.
  • A copy of the VirusTotal report on the C:\Windows\System32\.crusader file.
  • New copies of the FRST scan logs run in step :step6:
  • Please let me know how your computer is running after all of the steps have been completed; and, if there are any specific problems. If so, please describe them so I can investigate further.

 

 

Good luck and have a great day. Awaiting your response.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 30 March 2016 - 10:43 AM

1) I would like to continue further with your instructions to clean my computer .

2)No i did not set any policy restriction on my internet explorer.I must notice you that i do not use internet explorer at all.I use only firefox

3)The spelling for the services running is correct ,just some capital letters are different ,so the correct is stisvc and TrkWks

I run SYSTEMLOOK and the log is in Greek :(

Attached File  SystemLook.txt   18.74KB   5 downloads

 

4)Ok i did what you suggest on step (4) and had no difficulties so the log file i got is the following

 

Attached File  Fixlog.txt   3.83KB   4 downloads

 

5)For some reason i can not locate the .crusader file in c://windows/system32

I even try to search in windows folder but i could not find it so i did not analyze it in total virus

 

6)I run again the FRST64english.EXE and the log files i got is

 

Attached File  FRST.txt   78.21KB   5 downloads and Attached File  Addition.txt   29.33KB   3 downloads

 

I did not notice any significant or important mentioning fact for my computer running .I checked the services and they are still running and disabled outlook from running at startup of the computer to avoid conflicts .

 



#6 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 31 March 2016 - 03:18 AM

I found the .crusader it was in FRST quarantine folder .I perform the scan with virus total and the results was 0/56

 

https://www.virustotal.com/en/file/9dc96f5734e59c3e043c45cc56cf92d7ef091f7f59c9489f91548ba573e783fb/analysis/1459411979/



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:00 PM

Posted 01 April 2016 - 09:22 AM

Nikos:

Thank you for your most recent posts and for the logs. Great that you found the suspect file where FRST had moved it - great detective work! :thumbup2: That is reassuring that the VirusTotal analysis came back negative, but I still have concerns about that file, as does my instructor.

Plese send me a copy of the suspicious file for analysis

1. Please go to here.
2. Where it asks for the "Link to topic where this file was requested" copy and paste in
http://www.bleepingcomputer.com/forums/t/609238/possible-backdoor-trkwks-service-running-on-laptop/#entry3969383
3. Where it says "Browse to the file you want to submit", browse to
C:\FRST\Quarantine\Windows\System32\.crusader.xbad
4. Press the Send File button.

:step1: Here is a new "fixlog.txt" file to run that will remove the Internet Explorer policy restrictions and check those two services that are of concern to you.
As before, copy the contents to Notepad and save it as "fixlist.txt" in the same folder as FRST64english.EXE and make sure to overwrite the original "fixlist.txt" file you previously ran. Launch FRST64english.exe and Click on "Fix".
 
CloseProcesses:

HKU\S-1-5-21-667712713-922053234-1472939819-1001\...\Policies\Explorer: [] 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-667712713-922053234-1472939819-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CMD: sc query stisvc
CMD: sc query TrkWks
Please copy and paste the fixlog.txt into your next reply.

It is much easier for me to work with the logs if you actually copy and paste them into your reply rather than adding them as attachments. If you would be kind enough to do that from now until we declare your computer clean, I would appreciate it very much. Thank you.

:step2: I have checked on the two services you mentioned, and if they have not been modified by malware, then they are legitimate Windows services.

Would you please explain, in as much detail as you can, why you think these two services are malware-related? You mentioned a possible conflict with Outlook. That "conflict" might have been caused by some of the malware that we have removed so far and might not be related to those two services. There are additional scans I can run to further check those services, if necessary. Please let me know.

What specific problems are you now experiencing with your computer, if any?

Thanks, Nikos. Have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#8 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 01 April 2016 - 01:12 PM

OK i sent the .crusader.xbad file for analysis you can check it
 
 
Here is the fixlog.txt .From now on i will copy paste the logs.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Nikos (2016-04-01 20:32:22) Run:2
Running from C:\Users\Nikos\Desktop
Loaded Profiles: Nikos (Available Profiles: Nikos)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

HKU\S-1-5-21-667712713-922053234-1472939819-1001\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-667712713-922053234-1472939819-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CMD: sc query stisvc
CMD: sc query TrkWks
*****************

Processes closed successfully.
HKU\S-1-5-21-667712713-922053234-1472939819-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-667712713-922053234-1472939819-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

=========  sc query stisvc =========


SERVICE_NAME: stisvc
        TYPE               : 10  WIN32_OWN_PROCESS  
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========


=========  sc query TrkWks =========


SERVICE_NAME: TrkWks
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 20:32:24 ====
 
2)The reason i started looking for malware is that in 14/02/2016 someone started sending me fishing emails and i got fooled giving my personal info .After changing all my passwords in all accounts i have made and delete my credit cards i still get those fishing emails .More specific there was attemps to buy electronics from stores but i had already changed the pass so he could not buy anything .All these emails has been fowarded in spoof@paypal.com .
I must inform you that i do not have knowledge of malware and how they work etc.
I have set the outlook to start when windows starts up .Sometimes it opens two same tabs and pops up a message that something went wrong and cannot work two same tabs together something like that.
When you said that i have a cracked ms office and you will remove it .I supposed that maybe after a restart i have a problem opening the outlook that's why i said that i will disable it from starting to avoid possible conflicts .I don't know maybe this i said was fulish but as i already told you i do not know many about malware so sorry if i confused you.
From few things i know if someones want to check for malware he can check for the services running to see if there is something suspicious.I googled everyone service and found those two that they are suspicious .
Also some notices in firefox when i want to close a tab there is an   x   icon which when i put the cursor of the mouse on it it hides on the right .I do not remember if thats the way it is .
Also last thing and i thing maybe the most important is that i downloaded a file from demonoid more specific i downloaded this : demonoid.pw/files/details/3316582/001189547962/]demonoid.pw/files/details/3316582/001189547962
when i run this file cmd opened and run some commands after that no game was installed and 3-4 tabs opened redirecting me to buy things etc .when i tried to delete the file i could not so i used the revo uninstaller which finally deleted

Edited by thcbytes, 02 April 2016 - 08:47 AM.
Inactivated link


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:00 PM

Posted 05 April 2016 - 07:06 AM

Nikos:

First of all, thank you for your patience. There was an unanticipated delay in getting back to you. I apologize for that.

Thank you for your most recent post and for sending the ".crusader" file for analysis. No information was found about this file, so it is obviously not necessary for Windows.

Please do not post links to possible malware sites. A lot of people read these Forums and could infect their computers by following such links. You will note that the Malware Response Instructor who is supervising me with your topic has deactivated that live link for the safety of our user community.

 

From few things i know if someones want to check for malware he can check for the services running to see if there is something suspicious.I googled everyone service and found those two that they are suspicious .

 
Unfortunately, "Mr. Google" is not always reliable. The information you find is only as good as the person or company who posted it, and there are many companies trying to sell you totally useless software by identifying virtually every Windows system file service, file, process, driver, etc., as a possible threat. Those companies pay a lot of money to Google to make sure that their "products" are on the first pages of a search.

I can assure you that I do not see any threats related to those two services, which are legitimate Windows services, unless they have been compromised by malware, and I have no indication, so far, that they have been so compromised. You could, if you so desire,

Phishing emails are, unfortunately, a part of life in this day and age. Receiving them, as I do myself, does not mean that your computer is compromised. You have learned, the hard way, the lesson that the most important security feature of your computer is YOU. No combination of anti-virus and anti-malware applications can protect a user from themselves, if they are going to click where they should. My own, oft-stated, motto to those I help is that: "Remember, you are always only one click away from disaster!" You need to be very careful in cyberspace and you absolutely should have continuing, and recent, full system images of your computer, stored off-line on an external disk.

Your copy of MS Office was a cracked, illegal version. You should uninstall what is left of it. There is a free program that emulates MS Office, called "Open Office", available for download here.
 
 

:step1: If you are still concerned about the two services you could upload the .dll files to VirusTotal to determine if they are infected.


1. C:\Windows\System32\wiaservc.dll
2. C:\Windows\System32\trkwks.dll



Also, I would like to check a few more files on VirusTotal for me.


3. C:\Windows\SysWOW64\xg865ij.dll
4. C:\Windows\SysWOW64\w4yzvjq.dll
5. C:\Windows\SysWOW64\qsfaqqr.dll
6. C:\Windows\SysWOW64\oro2h6n.dll
7. C:\Windows\SysWOW64\fyztp6j.dll
8. C:\Windows\SysWOW64\iz9g894.dll
9. C:\Windows\SysWOW64\iokz40o.dll
10. C:\Windows\SysWOW64\iobcfeo.dll
11. C:\Windows\SysWOW64\fyztp6j.dll
12. C:\Windows\SysWOW64\iubisam.dll


 
I have removed all of the malware that I could detect in the FRST logs. I suggest that we run a few scans to see if there is anything else that was not detected by FRST or by me.

 
 
:step2: Please run a BitDefender Online Scan

  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

 

 

:step3: Please run the Emsisoft Emergency Kit
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

 

 

:step4: I would like to your to re-run a scan with the FRST64english.exe file and ensure that the "Addition.txt" box is checked. I want to determine if there is any malware remaining on your computer. Please copy and paste both replies into your next response.

 
 
:step5: Please report if you are experiencing any specific problems with your computer? Please describe any issues in detail, so that I can investigate further.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:00 PM

Posted 08 April 2016 - 10:40 AM

Nikos:

 

Three day bump.  Do you still require assistance?

 

If you have not replied by the 10th, then this thread will be closed by a Moderator, per Forum policy.

 

Thank you, and have a great weekend.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 08 April 2016 - 03:14 PM

I understand that life sometimes does not give us apportunity for some free time and it is ok by me.
For the files you said to analyze on total virus
Noone was found on the folders you specified except
C:\Windows\System32\wiaservc.dll   and
C:\Windows\SysWOW64\fyztp6j.dll
These two files analyzis was clean (0/56)
all the rest files i could not find them on the folders you said.

2) The procedure for the scan is not as you specified ,it's some different.and i could not export the scan log .I had one green message that "i am good to go, no viruses found on my computer"
 

3)the scan log is the above:

 

Emsisoft Emergency Kit - Version 11.0
Last update: 8/4/2016 10:59:37 μμ
User account: Nikos-PC\Nikos

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    8/4/2016 11:00:11 μμ
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    73850
Found    2

Scan end:    8/4/2016 11:07:15 μμ
Scan time:    0:07:04

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     Setting.DisableRegistryTools (A)

Quarantined    1
 

 

4) The log files from frst is :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Nikos (administrator) on NIKOS-PC (08-04-2016 23:08:47)
Running from C:\Users\Nikos\Desktop
Loaded Profiles: Nikos (Available Profiles: Nikos)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Αγγλικά (Ηνωμένων Πολιτειών)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Nikos\Desktop\FRST64english.EXE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => AcSignIcon.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-03-28]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.177.210.211 192.168.1.1
Tcpip\..\Interfaces\{1CB6F33C-CC98-4C10-842F-58638F3A95ED}: [NameServer] 204.69.234.1,204.74.101.1,192.168.1.1
Tcpip\..\Interfaces\{1CB6F33C-CC98-4C10-842F-58638F3A95ED}: [DhcpNameServer] 194.177.210.211 192.168.1.1
Tcpip\..\Interfaces\{31C693F0-B943-49B0-9071-DCC90CCD9648}: [DhcpNameServer] 194.177.210.211 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-667712713-922053234-1472939819-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-10-28] (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\zk4lqf66.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: www.google.gr
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U303DF&PC=U303&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-05] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\zk4lqf66.default\searchplugins\bing-.xml [2016-01-25]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\zk4lqf66.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-04-07]
FF Extension: Bitdefender QuickScan - C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\zk4lqf66.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-04-08]
FF Extension: Adblock Plus - C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\zk4lqf66.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2016-03-03] [not signed]
FF HKU\S-1-5-21-667712713-922053234-1472939819-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager extension - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2016-02-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R4 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 KHCAP; C:\Windows\System32\drivers\KHCAP.sys [39304 2016-01-23] (BlackSquare Software) [File not signed]
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [64160 2009-07-13] (O2Micro )
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1547920 2012-09-05] (Realtek Semiconductor Corporation                           )
R3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 23:08 - 2016-04-08 23:09 - 00012341 _____ C:\Users\Nikos\Desktop\FRST.txt
2016-04-08 23:08 - 2016-04-08 23:08 - 00001808 _____ C:\Users\Nikos\Desktop\scan_160408-230011.txt
2016-04-08 22:44 - 2016-04-08 23:08 - 00000000 ____D C:\EEK
2016-04-08 22:38 - 2016-04-08 22:43 - 226211024 _____ C:\Users\Nikos\Desktop\EmsisoftEmergencyKit.exe
2016-04-06 13:14 - 2016-04-06 13:14 - 00000000 ____D C:\Users\Nikos\AppData\Local\GWX
2016-03-30 17:59 - 2016-03-30 17:59 - 00165376 _____ C:\Users\Nikos\Desktop\SystemLook_x64.exe
2016-03-28 22:10 - 2016-04-08 23:08 - 00000000 ____D C:\FRST
2016-03-28 22:05 - 2016-03-28 22:06 - 02374144 _____ (Farbar) C:\Users\Nikos\Desktop\FRST64english.EXE.exe
2016-03-28 13:29 - 2016-03-28 13:30 - 00000000 ____D C:\Users\Nikos\Documents\Autocad Maps and projects
2016-03-28 12:48 - 2016-03-28 12:52 - 00510952 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-28 02:23 - 2016-04-08 22:39 - 00000595 _____ C:\Users\Nikos\Desktop\post.txt
2016-03-28 02:10 - 2016-03-28 02:10 - 00007605 _____ C:\Users\Nikos\AppData\Local\Resmon.ResmonCfg
2016-03-28 01:45 - 2016-03-28 01:45 - 00000000 ____D C:\Users\Nikos\AppData\Local\BlueStacks
2016-03-28 01:13 - 2016-03-28 01:26 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-03-28 00:37 - 2016-03-28 00:43 - 275113152 _____ (BlueStack Systems Inc.) C:\Users\Nikos\Downloads\BlueStacks2_native.exe
2016-03-28 00:22 - 2016-03-28 00:22 - 00000000 ____D C:\Users\Nikos\.android
2016-03-28 00:16 - 2016-03-28 01:05 - 00000000 ____D C:\Program Files\Oracle
2016-03-28 00:16 - 2016-03-28 00:41 - 00000000 ____D C:\Users\Nikos\.VirtualBox
2016-03-28 00:16 - 2016-03-28 00:16 - 00000000 ____D C:\Program Files\Droid4Xext
2016-03-28 00:16 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-03-27 20:36 - 2016-03-28 12:50 - 00001209 _____ C:\Users\Nikos\Desktop\MinecraftSP - Συντόμευση.lnk
2016-03-27 16:37 - 2016-03-27 16:37 - 00143552 _____ C:\Users\Nikos\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-27 10:07 - 2016-03-27 10:07 - 00000000 ____D C:\ProgramData\FLEXnet
2016-03-27 09:42 - 2016-03-27 09:42 - 00000000 ____D C:\Users\Nikos\Documents\Autodesk Application Manager
2016-03-27 09:36 - 2016-03-28 12:50 - 00002003 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2016-03-27 09:34 - 2016-03-28 12:50 - 00002039 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2016-03-27 09:28 - 2016-03-28 12:50 - 00002152 _____ C:\Users\Public\Desktop\IM Data Editor 2015.lnk
2016-03-27 09:28 - 2016-03-28 12:50 - 00002094 _____ C:\Users\Public\Desktop\AutoCAD Map 3D 2015 - English.lnk
2016-03-27 09:26 - 2016-03-28 13:18 - 00000000 ____D C:\Users\Nikos\AppData\Local\Autodesk
2016-03-27 09:23 - 2016-03-27 09:23 - 00000153 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-03-27 09:23 - 2016-03-27 09:23 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2016-03-27 09:13 - 2016-03-28 01:09 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2016-03-27 09:12 - 2016-03-28 12:58 - 00000000 ____D C:\Program Files\Autodesk
2016-03-27 09:12 - 2016-03-27 09:40 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-03-27 09:04 - 2016-03-27 09:04 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-03-27 09:04 - 2016-03-27 09:04 - 00000000 ____D C:\Windows\system32\1033
2016-03-27 09:04 - 2016-03-27 09:04 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-03-27 09:03 - 2016-03-27 09:03 - 00000000 ____D C:\Program Files (x86)\Autodesk
2016-03-27 09:01 - 2016-03-27 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-03-27 08:23 - 2016-04-07 19:59 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\.minecraft
2016-03-27 00:32 - 2016-03-27 00:34 - 00000000 ____D C:\Users\Nikos\AppData\Local\Computers and Structures
2016-03-27 00:29 - 2016-03-27 00:29 - 00001024 _____ C:\Windows\SysWOW64\iubisam.tgz
2016-03-26 14:46 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-03-26 14:46 - 2010-06-02 05:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-03-26 14:46 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-03-26 14:46 - 2010-06-02 05:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-03-26 14:46 - 2010-06-02 05:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-03-26 14:46 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-03-26 14:45 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-03-26 14:45 - 2006-03-31 13:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-03-26 14:45 - 2006-03-31 13:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-03-26 14:45 - 2006-03-31 13:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-03-26 14:45 - 2006-03-31 13:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-03-26 14:45 - 2006-03-31 13:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-03-26 14:45 - 2006-03-31 13:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-03-26 14:45 - 2006-02-03 09:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-03-26 14:45 - 2006-02-03 09:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-03-26 14:25 - 2016-03-28 13:21 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Autodesk
2016-03-26 14:25 - 2016-03-28 01:09 - 00000000 ____D C:\ProgramData\Autodesk
2016-03-26 14:10 - 2016-03-26 14:10 - 00000000 ____D C:\Autodesk
2016-03-26 13:49 - 2016-03-26 13:49 - 00000000 ____D C:\Users\Nikos\Documents\QuickProject 2016-03-26 124906
2016-03-26 13:45 - 2016-03-26 13:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-03-26 03:36 - 2016-03-26 03:36 - 00000000 ____D C:\MATLAB
2016-03-24 14:43 - 2016-03-24 14:42 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-03-21 17:07 - 2016-03-21 17:13 - 00000000 ____D C:\Users\Nikos\Downloads\Data
2016-03-21 17:07 - 2016-03-21 17:10 - 00000000 ____D C:\Users\Nikos\Downloads\Help
2016-03-21 17:07 - 2016-03-21 17:09 - 00000000 ____D C:\Users\Nikos\Downloads\Install
2016-03-21 17:07 - 2016-03-21 17:07 - 00000000 ____D C:\Users\Nikos\Downloads\Setup
2016-03-21 17:07 - 2016-03-21 17:07 - 00000000 ____D C:\ProgramData\Navigator
2016-03-21 17:06 - 2016-03-21 17:06 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Navigator
2016-03-21 16:13 - 2016-03-21 16:19 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\iMapBuilder_HTML5
2016-03-21 16:01 - 2016-03-21 16:01 - 01177383 _____ C:\Users\Nikos\Downloads\gmapmaker.zip
2016-03-21 15:01 - 2016-03-21 15:01 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\GRASS7
2016-03-19 16:16 - 2016-03-21 15:03 - 00000000 ____D C:\Users\Nikos\.matplotlib
2016-03-19 16:15 - 2016-03-21 15:02 - 00000000 ____D C:\Users\Nikos\.qgis2
2016-03-19 15:51 - 2016-03-21 01:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 15:39 - 2016-03-19 15:39 - 00000000 ____D C:\Users\Nikos\Documents\GIS DataBase
2016-03-18 12:44 - 2016-03-18 12:49 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\SmartDraw
2016-03-18 12:44 - 2016-03-18 12:44 - 00000000 ____D C:\Users\Nikos\AppData\System
2016-03-18 12:44 - 2016-03-18 12:44 - 00000000 ____D C:\Users\Nikos\AppData\Local\SmartDraw
2016-03-18 12:14 - 2016-03-18 12:14 - 00000000 ____D C:\Users\Nikos\AppData\Local\Cadcorp SIS
2016-03-18 12:09 - 2016-03-18 12:09 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-03-18 02:26 - 2016-03-27 16:44 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Blurity
2016-03-18 02:15 - 2012-09-30 20:41 - 00000000 ____D C:\Users\Nikos\Desktop\SmartDeblur-1.27-win
2016-03-17 03:37 - 2016-03-24 14:42 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-17 03:35 - 2016-03-24 14:43 - 00000000 ____D C:\Program Files\Java
2016-03-17 02:48 - 2016-03-17 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-17 02:19 - 2016-03-17 02:19 - 00000000 ____D C:\SecurityCheck
2016-03-17 01:46 - 2016-03-28 22:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 01:45 - 2016-03-28 12:50 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-17 01:45 - 2016-03-26 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-17 01:45 - 2016-03-26 13:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-17 01:45 - 2016-03-10 15:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-17 01:45 - 2016-03-10 15:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-17 01:45 - 2016-03-10 15:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-17 01:07 - 2016-03-17 01:07 - 00559063 _____ () C:\Users\Nikos\Downloads\Everything-1.3.4.686.x64-Setup.exe
2016-03-16 10:45 - 2016-03-16 10:45 - 00000000 ____D C:\ProgramData\Reprise
2016-03-16 10:37 - 2016-03-16 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vertus Fluid Mask 3
2016-03-16 10:34 - 2016-03-16 10:34 - 00000000 ____D C:\ProgramData\VertusTech
2016-03-16 10:27 - 2016-03-16 10:27 - 00000000 ____D C:\Users\Nikos\AppData\Local\Topaz Labs
2016-03-16 10:08 - 2016-03-16 10:11 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2016-03-16 10:08 - 2016-03-16 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2016-03-16 10:08 - 2016-03-16 10:08 - 00000000 ____D C:\Program Files\Topaz Labs
2016-03-16 10:07 - 2016-03-16 10:11 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2016-03-16 10:07 - 2016-03-16 10:11 - 00000000 ____D C:\Program Files (x86)\Topaz Labs
2016-03-16 09:47 - 2016-03-16 09:57 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Light Developer
2016-03-16 09:47 - 2016-03-16 09:47 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Stepok Softwares
2016-03-16 09:46 - 2016-03-16 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recomposit pro
2016-03-16 08:30 - 2016-03-16 08:30 - 00000000 ____D C:\Users\Nikos\AppData\Local\Thinstall
2016-03-16 07:44 - 2008-01-30 19:36 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe
2016-03-16 07:25 - 2016-03-16 07:25 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\PictoColor
2016-03-16 06:35 - 2016-03-19 00:38 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Google
2016-03-16 06:26 - 2016-03-16 06:29 - 00000000 ____D C:\ProgramData\Google
2016-03-16 06:26 - 2016-03-16 06:26 - 00000000 ____D C:\Program Files\Google
2016-03-16 06:15 - 2016-03-16 06:15 - 00000000 ____D C:\Users\Nikos\Documents\Neat Image for Photoshop
2016-03-16 06:15 - 2016-03-16 06:15 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\NeatImage PS 64
2016-03-16 06:14 - 2016-03-16 06:15 - 00000000 ____D C:\Program Files\Neat Image for Photoshop
2016-03-16 06:14 - 2016-03-16 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat Image for Photoshop
2016-03-16 06:07 - 2016-03-16 06:07 - 00000000 ____D C:\Users\Nikos\Documents\Neat Image Standalone
2016-03-16 06:07 - 2016-03-16 06:07 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\NeatImage SL 64
2016-03-16 04:36 - 2016-03-16 04:36 - 00000000 ____D C:\Users\Nikos\Documents\DxO OpticsPro 10 logs
2016-03-16 04:35 - 2009-09-04 18:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-03-16 04:34 - 2016-03-16 04:50 - 00000000 ____D C:\ProgramData\DxO Labs
2016-03-16 03:54 - 2016-03-16 04:21 - 00000000 ____D C:\Program Files\PhotoZoom Pro 6
2016-03-16 03:54 - 2016-03-16 03:54 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 6
2016-03-16 03:39 - 2016-03-16 03:39 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfectly Clear Plugin LR v2
2016-03-16 03:38 - 2016-03-16 03:38 - 00000000 ____D C:\ProgramData\Athentech
2016-03-16 03:31 - 2016-03-16 03:31 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfectly Clear Plugin v2
2016-03-16 03:31 - 2016-03-16 03:31 - 00000000 ____D C:\Program Files (x86)\Athentech
2016-03-16 03:03 - 2016-03-16 07:01 - 00000000 ____D C:\Users\Nikos\AppData\Local\ArcSoft
2016-03-16 02:24 - 2016-03-16 02:24 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Alien Skin
2016-03-16 02:24 - 2016-03-16 02:24 - 00000000 ____D C:\Users\Nikos\.AS
2016-03-16 01:58 - 2016-03-16 02:24 - 00000000 ____D C:\Users\Nikos\AppData\Local\Alien Skin
2016-03-16 01:53 - 2016-03-16 02:24 - 00000000 ____D C:\ProgramData\Alien Skin
2016-03-16 01:53 - 2016-03-16 02:21 - 00000000 ____D C:\Program Files\Alien Skin
2016-03-16 01:53 - 2016-03-16 02:21 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2016-03-16 01:36 - 2016-03-16 01:36 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\SMIPhotoshopPlugIn
2016-03-16 01:05 - 2016-03-28 12:50 - 00001121 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-03-16 01:05 - 2016-03-16 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-03-16 01:05 - 2016-03-16 01:05 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-16 01:05 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-03-15 22:19 - 2016-03-16 03:40 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Athentech
2016-03-15 22:16 - 2016-03-16 03:38 - 00000000 ____D C:\Program Files\Athentech
2016-03-15 22:16 - 2016-03-16 03:34 - 00000000 ____D C:\ProgramData\Nalpeiron
2016-03-15 21:57 - 2016-04-02 20:37 - 00000166 _____ C:\Users\Nikos\AppData\Roaming\PLGComp.ini
2016-03-15 21:57 - 2016-03-15 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Magic
2016-03-15 21:57 - 2016-03-15 21:57 - 00000000 ____D C:\Program Files (x86)\Focus Magic
2016-03-15 21:57 - 2013-04-27 18:09 - 03600896 _____ (Acclaim Software Ltd) C:\Windows\system32\FocusMag64.dll
2016-03-15 21:57 - 2013-04-19 13:32 - 08880128 _____ (Acclaim Software Ltd) C:\Windows\SysWOW64\FocusMag.dll
2016-03-15 21:57 - 2012-10-28 06:05 - 02790912 _____ (FreeImage) C:\Windows\SysWOW64\FreeImage.dll
2016-03-15 21:22 - 2009-06-18 22:42 - 00040832 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\Drivers\TosBtCi.dll
2016-03-15 21:21 - 2016-03-15 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2016-03-15 15:10 - 2016-03-15 21:13 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\DenoiseMyImageGPU20
2016-03-15 14:07 - 2016-03-15 14:12 - 00000000 ____D C:\ProgramData\Redfield
2016-03-15 14:01 - 2016-03-15 14:01 - 00000000 ____D C:\Users\Nikos\Documents\Zaxwerks
2016-03-15 14:01 - 2016-03-15 14:01 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Zaxwerks
2016-03-15 14:01 - 2016-03-15 14:01 - 00000000 ____D C:\ProgramData\Zaxwerks
2016-03-15 00:29 - 2016-03-15 00:29 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Toshiba
2016-03-15 00:27 - 2016-03-15 00:29 - 00000000 ____D C:\Users\Nikos\Documents\Bluetooth
2016-03-15 00:26 - 2016-03-15 00:26 - 00000000 ____D C:\Users\Nikos\AppData\Local\Toshiba
2016-03-15 00:26 - 2016-03-15 00:26 - 00000000 ____D C:\ProgramData\TOSHIBA
2016-03-15 00:14 - 2016-03-15 00:14 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-03-14 23:48 - 2016-03-14 23:48 - 00000000 ____D C:\Windows\SysWOW64\SDA
2016-03-14 23:48 - 2016-03-14 23:48 - 00000000 ____D C:\Program Files (x86)\O2Micro Flash Memory Card Driver
2016-03-13 22:54 - 2016-03-13 22:54 - 01527296 _____ C:\Users\Nikos\Downloads\adwcleaner_5.102.exe
2016-03-13 13:33 - 2016-03-28 12:50 - 00001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2016-03-13 13:33 - 2016-03-28 12:50 - 00001016 _____ C:\Users\Nikos\Desktop\Adobe Lightroom.lnk
2016-03-12 12:54 - 2016-03-26 04:33 - 00000000 ____D C:\Users\Nikos\Documents\MATLAB
2016-03-12 12:54 - 2016-03-12 12:54 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Subversion
2016-03-12 12:54 - 2016-03-12 12:54 - 00000000 ____D C:\Users\Nikos\AppData\Local\MathWorks
2016-03-12 12:48 - 2016-03-28 12:50 - 00001578 _____ C:\Users\Nikos\Desktop\matlab - Shortcut.lnk
2016-03-12 12:46 - 2016-03-12 12:46 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\MathWorks
2016-03-12 01:33 - 2016-03-12 01:33 - 00000000 ____D C:\Program Files\MATLAB
2016-03-11 10:31 - 2016-02-19 22:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-11 10:31 - 2016-02-19 21:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-11 10:31 - 2016-02-19 17:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-11 10:31 - 2016-02-11 17:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-11 10:31 - 2016-02-05 17:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-11 10:31 - 2016-02-05 17:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-11 10:31 - 2016-02-05 17:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 15:52 - 2016-02-03 21:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 15:51 - 2016-02-11 21:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 15:51 - 2016-02-11 21:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 15:51 - 2016-02-11 21:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 15:51 - 2016-02-11 21:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 15:51 - 2016-02-11 21:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 15:51 - 2016-02-11 21:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 15:51 - 2016-02-11 21:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 15:51 - 2016-02-11 21:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 15:51 - 2016-02-11 21:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 15:51 - 2016-02-11 21:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 15:51 - 2016-02-11 21:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 15:51 - 2016-02-09 09:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 15:51 - 2016-02-09 09:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 15:51 - 2016-02-09 00:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 15:51 - 2016-02-08 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 15:51 - 2016-02-08 23:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 15:51 - 2016-02-08 23:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 15:51 - 2016-02-08 23:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 15:51 - 2016-02-08 23:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 15:51 - 2016-02-08 23:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 15:51 - 2016-02-08 23:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 15:51 - 2016-02-08 23:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 15:51 - 2016-02-08 23:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 15:51 - 2016-02-08 23:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 15:51 - 2016-02-08 23:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 15:51 - 2016-02-08 23:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 15:51 - 2016-02-08 23:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 15:51 - 2016-02-08 23:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 15:51 - 2016-02-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 15:51 - 2016-02-08 23:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 15:51 - 2016-02-08 23:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 15:51 - 2016-02-08 23:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 15:51 - 2016-02-08 23:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 15:51 - 2016-02-08 23:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 15:51 - 2016-02-08 23:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 15:51 - 2016-02-08 23:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 15:51 - 2016-02-08 23:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 15:51 - 2016-02-08 23:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 15:51 - 2016-02-08 23:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 15:51 - 2016-02-08 23:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 15:51 - 2016-02-08 23:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 15:51 - 2016-02-08 22:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 15:51 - 2016-02-08 22:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 15:51 - 2016-02-08 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 15:51 - 2016-02-08 21:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 15:51 - 2016-02-08 21:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 15:51 - 2016-02-08 21:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 15:51 - 2016-02-08 21:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 15:51 - 2016-02-08 21:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 15:51 - 2016-02-08 21:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 15:51 - 2016-02-08 21:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 15:51 - 2016-02-08 21:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 15:51 - 2016-02-08 21:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 15:51 - 2016-02-08 21:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 15:51 - 2016-02-08 21:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 15:51 - 2016-02-08 21:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 15:51 - 2016-02-08 21:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 15:51 - 2016-02-08 21:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 15:51 - 2016-02-08 21:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 15:51 - 2016-02-08 21:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 15:51 - 2016-02-08 21:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 15:51 - 2016-02-08 21:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 15:51 - 2016-02-08 20:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 15:51 - 2016-02-08 20:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 15:51 - 2016-02-08 20:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 15:51 - 2016-02-08 20:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 15:51 - 2016-02-08 20:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 15:51 - 2016-02-08 20:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 15:51 - 2016-02-08 20:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 15:51 - 2016-02-08 20:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 15:51 - 2016-02-08 20:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 15:51 - 2016-02-08 20:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 15:51 - 2016-02-08 20:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 15:51 - 2016-02-08 20:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 15:51 - 2016-02-08 20:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 15:51 - 2016-02-08 20:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 15:51 - 2016-02-08 19:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 15:51 - 2016-02-05 21:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 15:51 - 2016-02-05 21:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 15:51 - 2016-02-05 21:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 15:51 - 2016-02-05 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 15:51 - 2016-02-05 21:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 15:51 - 2016-02-05 21:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 15:51 - 2016-02-05 21:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 15:51 - 2016-02-05 20:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 15:51 - 2016-02-05 20:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 15:51 - 2016-02-05 20:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 15:51 - 2016-02-05 04:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 15:51 - 2016-02-04 21:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 15:51 - 2016-02-03 21:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 15:51 - 2016-02-03 21:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 15:51 - 2016-02-03 21:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 15:51 - 2016-02-03 21:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 15:50 - 2016-03-27 00:33 - 00000218 _____ C:\Windows\SysWOW64\fyztp6j.tgz
2016-03-09 15:50 - 2016-03-27 00:33 - 00000204 _____ C:\Windows\SysWOW64\fyztp6j.dll
2016-03-09 15:50 - 2016-03-27 00:33 - 00000114 _____ C:\Windows\SysWOW64\prsgrc.tgz
2016-03-09 15:50 - 2016-03-27 00:33 - 00000100 _____ C:\Windows\SysWOW64\prsgrc.dll
2016-03-09 15:50 - 2016-03-27 00:33 - 00000086 _____ C:\Windows\SysWOW64\ssprs.tgz
2016-03-09 15:50 - 2016-03-27 00:29 - 00001024 _____ C:\Windows\SysWOW64\iubisam.dll
2016-03-09 15:50 - 2016-03-27 00:29 - 00001024 _____ C:\Windows\SysWOW64\grcauth2.dll
2016-03-09 15:50 - 2016-03-27 00:29 - 00001024 _____ C:\Windows\SysWOW64\grcauth1.dll
2016-03-09 15:50 - 2016-03-27 00:29 - 00001024 _____ C:\Windows\SysWOW64\clauth2.dll
2016-03-09 15:50 - 2016-03-27 00:29 - 00001024 _____ C:\Windows\SysWOW64\clauth1.dll
2016-03-09 15:50 - 2016-03-27 00:29 - 00000072 _____ C:\Windows\SysWOW64\ssprs.dll
2016-03-09 15:50 - 2016-02-11 21:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 15:50 - 2016-02-11 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 15:50 - 2016-02-11 21:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 15:50 - 2016-02-11 21:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 15:50 - 2016-02-11 21:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 15:50 - 2016-02-11 21:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 15:50 - 2016-02-11 21:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 15:50 - 2016-02-11 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 15:50 - 2016-02-11 21:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 15:50 - 2016-02-11 21:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 15:50 - 2016-02-11 21:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 15:50 - 2016-02-11 21:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 15:50 - 2016-02-11 21:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 15:50 - 2016-02-11 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 15:50 - 2016-02-11 21:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 15:50 - 2016-02-11 21:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 15:50 - 2016-02-11 21:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 15:50 - 2016-02-11 21:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 15:50 - 2016-02-11 21:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 15:50 - 2016-02-11 21:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 15:50 - 2016-02-11 21:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 15:50 - 2016-02-11 21:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 15:50 - 2016-02-11 21:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 15:50 - 2016-02-11 21:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\xg865ij.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\w4yzvjq.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\qsfaqqr.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\oro2h6n.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\kg7i665.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\je1pkjv.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\iz9g894.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\iz8rxkx.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\iokz40o.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\iobcfeo.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\hnmobfd.dll
2016-03-09 15:50 - 2016-02-11 21:38 - 00000016 ____H C:\Windows\SysWOW64\g0efyts.dll
2016-03-09 15:50 - 2016-02-11 21:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 15:50 - 2016-02-11 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 15:50 - 2016-02-11 21:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 15:50 - 2016-02-11 21:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 15:50 - 2016-02-11 21:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 15:50 - 2016-02-11 21:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 15:50 - 2016-02-11 21:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 15:50 - 2016-02-11 21:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 20:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 15:50 - 2016-02-11 20:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 15:50 - 2016-02-11 20:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 15:50 - 2016-02-11 20:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 15:50 - 2016-02-11 20:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 15:50 - 2016-02-11 20:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 15:50 - 2016-02-11 20:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 15:50 - 2016-02-11 20:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 15:50 - 2016-02-11 20:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 15:50 - 2016-02-11 20:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 15:50 - 2016-02-11 20:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 15:50 - 2016-02-11 20:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 15:50 - 2016-02-11 20:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 15:50 - 2016-02-11 20:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 15:50 - 2016-02-11 20:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 20:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 20:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 15:50 - 2016-02-11 20:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 15:50 - 2016-02-09 12:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 15:50 - 2016-02-04 20:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 15:44 - 2016-02-12 21:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 15:44 - 2016-02-12 21:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 15:44 - 2016-02-12 21:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 15:44 - 2016-02-12 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 15:44 - 2016-02-12 21:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 15:44 - 2016-02-12 21:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 15:44 - 2016-02-12 21:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 15:44 - 2016-02-12 21:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 15:44 - 2016-02-12 21:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 15:44 - 2016-02-12 21:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 15:44 - 2016-02-12 21:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 15:44 - 2016-02-12 21:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 15:44 - 2016-02-12 21:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 15:44 - 2016-02-12 21:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 15:44 - 2016-02-12 21:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 15:44 - 2016-02-12 21:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 15:44 - 2016-02-09 12:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 15:44 - 2016-02-09 12:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 15:44 - 2016-02-09 12:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 15:44 - 2016-02-09 12:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 15:44 - 2016-02-09 12:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 15:44 - 2016-02-09 12:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 15:44 - 2016-02-09 12:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 15:44 - 2016-02-09 12:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 15:44 - 2016-02-09 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 15:44 - 2016-02-09 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 23:08 - 2016-02-07 16:41 - 00000000 ____D C:\Users\Nikos\Documents\Outlook Files
2016-04-08 22:48 - 2016-01-25 11:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-08 22:42 - 2016-02-29 21:30 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\QuickScan
2016-04-08 22:26 - 2016-01-14 01:12 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Kodi
2016-04-08 22:20 - 2016-01-05 11:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-08 21:57 - 2016-01-25 11:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-08 21:51 - 2016-01-04 22:03 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-04-08 21:51 - 2009-07-14 07:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-08 21:51 - 2009-07-14 07:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-07 13:58 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-05 07:20 - 2016-01-05 11:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-05 06:22 - 2016-01-05 11:57 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-05 06:22 - 2016-01-05 11:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-02 20:38 - 2016-02-06 20:37 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\vlc
2016-04-02 20:17 - 2016-01-04 23:44 - 00606962 _____ C:\Windows\system32\perfh008.dat
2016-04-02 20:17 - 2016-01-04 23:44 - 00111130 _____ C:\Windows\system32\perfc008.dat
2016-04-02 20:17 - 2009-07-14 08:13 - 01488880 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-02 20:17 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-03-28 12:50 - 2016-02-28 12:37 - 00000840 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-03-28 12:50 - 2016-02-28 02:49 - 00000868 _____ C:\Users\Nikos\Desktop\DiskFresh.lnk
2016-03-28 12:50 - 2016-02-25 12:49 - 00001768 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-03-28 12:50 - 2016-02-25 09:05 - 00001626 _____ C:\Users\Nikos\Desktop\WinPatrolEx - Shortcut.lnk
2016-03-28 12:50 - 2016-02-23 14:08 - 00001067 _____ C:\Users\Nikos\Desktop\Free Download Manager.lnk
2016-03-28 12:50 - 2016-02-15 15:25 - 00002489 _____ C:\Users\Public\Desktop\inSSIDer Home.lnk
2016-03-28 12:50 - 2016-02-14 16:41 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-28 12:50 - 2016-02-14 16:41 - 00001031 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-28 12:50 - 2016-02-14 05:24 - 00000974 _____ C:\Users\Nikos\Desktop\IrfanView 64.lnk
2016-03-28 12:50 - 2016-02-06 20:37 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-28 12:50 - 2016-02-06 19:26 - 00001672 _____ C:\Users\Nikos\Desktop\Photoshop - Shortcut.lnk
2016-03-28 12:50 - 2016-02-06 19:07 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-03-28 12:50 - 2016-02-03 01:17 - 00001913 _____ C:\Users\Nikos\Desktop\XML Notepad 2007.lnk
2016-03-28 12:50 - 2016-01-25 11:21 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-03-28 12:50 - 2016-01-23 00:20 - 00001400 _____ C:\Users\Nikos\Desktop\Auslogics Duplicate File Finder.lnk
2016-03-28 12:50 - 2016-01-05 00:27 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-28 12:50 - 2016-01-04 23:52 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-28 12:50 - 2016-01-04 15:43 - 00000913 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-03-28 12:50 - 2016-01-04 01:08 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-03-28 12:50 - 2016-01-04 01:08 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-03-28 12:50 - 2016-01-03 15:24 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-28 12:50 - 2016-01-03 15:13 - 00001413 _____ C:\Users\Nikos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-28 12:50 - 2009-07-14 08:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-28 12:50 - 2009-07-14 07:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-28 12:50 - 2009-07-14 07:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-03-28 12:50 - 2009-07-14 07:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-03-28 12:50 - 2009-07-14 07:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-28 12:50 - 2009-07-14 07:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-28 12:48 - 2011-04-12 11:28 - 00000000 ____D C:\Windows\ShellNew
2016-03-28 11:00 - 2016-01-05 12:00 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\uTorrent
2016-03-28 01:45 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-28 00:22 - 2016-01-03 15:12 - 00000000 ____D C:\Users\Nikos
2016-03-27 16:17 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Branding
2016-03-27 09:41 - 2016-01-14 01:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-27 09:26 - 2009-07-14 08:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-26 12:29 - 2016-02-12 23:11 - 00000000 ____D C:\AdwCleaner
2016-03-25 04:00 - 2016-01-04 11:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-25 04:00 - 2016-01-04 11:38 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-24 14:44 - 2016-01-21 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-24 14:44 - 2016-01-21 11:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-24 14:42 - 2016-01-21 11:54 - 00000000 ____D C:\Users\Nikos\.oracle_jre_usage
2016-03-24 14:40 - 2016-01-21 11:54 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-21 16:06 - 2016-01-03 15:13 - 00000000 ____D C:\Users\Nikos\AppData\Local\VirtualStore
2016-03-21 01:31 - 2016-01-03 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 12:10 - 2016-02-28 12:23 - 00000000 ____D C:\Users\Nikos\AppData\Local\Downloaded Installations
2016-03-18 12:09 - 2016-01-30 20:49 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-18 12:09 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-17 02:49 - 2016-01-03 15:18 - 00000000 ____D C:\Program Files\7-Zip
2016-03-17 02:49 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2016-03-16 08:27 - 2016-02-06 18:54 - 00000000 ____D C:\Program Files\Adobe
2016-03-16 08:02 - 2016-02-06 19:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-16 06:29 - 2016-01-25 11:19 - 00000000 ____D C:\Users\Nikos\AppData\Local\Google
2016-03-16 03:14 - 2016-02-15 14:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-16 02:24 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Resources
2016-03-15 21:13 - 2016-01-30 20:51 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-03-14 04:41 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-03-13 22:54 - 2016-03-06 22:15 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-13 13:54 - 2016-02-06 19:08 - 00000000 ____D C:\Users\Nikos\Documents\Adobe
2016-03-13 13:54 - 2016-01-04 11:55 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Adobe
2016-03-13 13:52 - 2016-02-06 18:48 - 00000000 ____D C:\ProgramData\Adobe
2016-03-13 13:52 - 2016-01-05 11:52 - 00000000 ____D C:\Users\Nikos\AppData\Local\Adobe
2016-03-13 13:33 - 2016-02-06 19:08 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-03-11 18:09 - 2016-02-23 14:08 - 00000000 ____D C:\Users\Nikos\AppData\Roaming\Free Download Manager
2016-03-11 14:27 - 2016-01-04 11:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-09 21:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-03-09 16:20 - 2016-01-30 21:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-09 16:14 - 2009-07-14 05:34 - 00000478 _____ C:\Windows\win.ini
2016-03-09 16:01 - 2016-01-03 23:18 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 15:53 - 2016-01-03 23:18 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2016-03-28 00:03 - 2016-03-28 00:16 - 0002613 _____ () C:\Users\Nikos\AppData\Roaming\droid4xinstaller.log
2016-03-15 21:57 - 2016-04-02 20:37 - 0000166 _____ () C:\Users\Nikos\AppData\Roaming\PLGComp.ini
2016-03-28 02:10 - 2016-03-28 02:10 - 0007605 _____ () C:\Users\Nikos\AppData\Local\Resmon.ResmonCfg
2016-03-27 09:23 - 2016-03-27 09:23 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\Nikos\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Nikos\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Nikos\AppData\Local\Temp\HitmanPro.exe
C:\Users\Nikos\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nikos\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-08 21:51

==================== End of FRST.txt ============================

 

and

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Nikos (2016-04-08 23:09:50)
Running from C:\Users\Nikos\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-01-03 12:12:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-667712713-922053234-1472939819-500 - Administrator - Disabled)
Guest (S-1-5-21-667712713-922053234-1472939819-501 - Limited - Disabled)
Nikos (S-1-5-21-667712713-922053234-1472939819-1001 - Administrator - Enabled) => C:\Users\Nikos

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Προσωπικό firewall της ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Alien Skin Bokeh 2 (HKLM\...\Alien Skin Bokeh 2) (Version:  - Alien Skin)
Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version:  - Alien Skin)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 5.2.0.0 - Auslogics Labs Pty Ltd)
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.27.1100 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD Map 3D 2015 (Version: 18.0.030.11 - Autodesk) Hidden
Autodesk AutoCAD Map 3D 2015 Language Pack (Version: 18.0.030.11 - Autodesk) Hidden
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk Autodesk AutoCAD Map 3D 2015 (HKLM\...\Autodesk AutoCAD Map 3D 2015) (Version: 18.0.030.11 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
BenVista PhotoZoom Pro 6.0.4 (HKU\S-1-5-21-667712713-922053234-1472939819-1001\...\PhotoZoom Pro 6) (Version: 6.0.4 - BenVista Ltd.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
DiskFresh 1.1 (HKLM\...\DiskFresh_is1) (Version:  - Puran Software)
ESET Smart Security (HKLM\...\{F56A1B3F-214F-4F29-B3AC-E07A2C2E940E}) (Version: 7.0.302.29 - ESET, spol s r. o.)
Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version:  - )
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kodi (HKU\S-1-5-21-667712713-922053234-1472939819-1001\...\Kodi) (Version:  - XBMC-Foundation)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware έκδοση 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - Greek/Ελληνικά (HKLM-x32\...\Office15.OMUI.el-gr) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Neat Image v7.6.0 Pro plug-in for Photoshop (64-bit) (HKLM\...\Neat Image plug-in for Photoshop_is1) (Version:  - Neat Image team, ABSoft)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
O2Micro Flash Memory Card Reader Driver (HKLM\...\{729F014A-9E91-49A6-B5F2-E8AA941452AE}) (Version: 3.31.03.A - O2Micro)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Perfectly Clear LightroomPlugin v2 2.0.2 (HKLM-x32\...\Perfectly Clear LightroomPlugin v2) (Version: 2.0.2 - Athentech)
Perfectly Clear Plugin v2 2.0.2 (HKLM-x32\...\Perfectly Clear Plugin v2) (Version: 2.0.2 - Athentech)
photoFXlab (HKLM-x32\...\photoFXlab) (Version: 1.2.9 - Topaz Labs)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Recomposit pro v5.4, build 18880 (HKLM\...\Recomposit pro_is1) (Version:  - Stepok Image Lab.)
Redfield Plugins (HKLM-x32\...\Redfield Plugins) (Version:  - )
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0408-0000-0000000FF1CE}_Office15.OMUI.el-gr_{4BFA9DD3-F090-430E-A37D-52FE52C8AC80}) (Version:  - Microsoft)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0408-0000-0000000FF1CE}_Office15.OMUI.el-gr_{DB6EE1D9-05A9-4259-A06E-3A7FB85E3E50}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7B0DFC04-44CB-436D-9366-01D93383940D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7B0DFC04-44CB-436D-9366-01D93383940D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0408-0000-0000000FF1CE}_Office15.OMUI.el-gr_{7B0DFC04-44CB-436D-9366-01D93383940D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7B0DFC04-44CB-436D-9366-01D93383940D}) (Version:  - Microsoft)
Vertus Fluid Mask 3 3.3.14 (HKLM-x32\...\vertusFluidMask3) (Version: 3.3.14 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-667712713-922053234-1472939819-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-667712713-922053234-1472939819-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-667712713-922053234-1472939819-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-667712713-922053234-1472939819-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {34420893-23D1-4972-97DD-6D5506F939B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {363E7113-67E5-40C3-BB58-F81F4F27593A} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Smart Security 7.0\upgrade.exe [2016-01-04] (ESET)
Task: {43F7E97E-2FCE-4252-892E-7B17562ADC48} - System32\Tasks\{4CE417BC-D138-4FDB-BC8F-557488709463} => W:\downloads\game emulator for kodi\Nintedo n64\emulator\099\1964.exe
Task: {4D3B40F9-2376-4F37-9034-12CE267ED3E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5F8ED069-C452-4D47-9AD6-4EBE754D33B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)
Task: {6DC87735-D85D-460D-916E-04709B47E234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-05] (Adobe Systems Incorporated)
Task: {8C1D7C29-40E5-4E92-BDAC-8340A63EDA0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B105ABC1-BCEF-4255-B3D0-18A7FDC8060F} - System32\Tasks\Start Outlook at logon => C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE [2016-02-09] (Microsoft Corporation)
Task: {C30E8440-0DE9-4CDD-813F-0758126112A6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {C70C0C13-A695-456F-8C7E-7EA9D35EB7F2} - \AutoKMS -> No File <==== ATTENTION
Task: {F24575CA-5936-4C34-A242-BC6AAD653867} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2016-03-07 01:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-667712713-922053234-1472939819-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nikos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 204.69.234.1 - 204.74.101.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-03-2016 14:48:07 Windows Update
01-04-2016 20:21:51 Windows Update
03-04-2016 19:00:43 Windows Backup
06-04-2016 00:52:51 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Προσαρμογέας διοχέτευσης Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2016 10:47:57 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/07/2016 09:06:40 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/07/2016 07:51:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/07/2016 02:44:09 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/07/2016 02:00:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2016 10:45:49 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/06/2016 09:45:48 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/06/2016 08:45:54 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/06/2016 07:45:48 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005

Error: (04/06/2016 06:45:48 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Το Χρονοδιάγραμμα ενεργοποίησης αδειών χρήσης (sppuinotify.dll) απέτυχε με τον ακόλουθο κωδικό σφάλματος:
0x80070005


System errors:
=============
Error: (04/08/2016 10:47:57 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (04/08/2016 09:50:47 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (04/07/2016 08:07:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.

Error: (04/07/2016 08:07:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.

Error: (04/07/2016 08:07:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.

Error: (04/07/2016 08:07:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.

Error: (04/07/2016 08:07:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.

Error: (04/07/2016 08:07:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.

Error: (04/07/2016 08:07:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.

Error: (04/07/2016 08:07:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Δημιουργήθηκε η παρακάτω ειδοποίηση για ανεπανόρθωτο σφάλμα: 43. Η κατάσταση εσωτερικού σφάλματος είναι 252.


==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-70
Percentage of memory in use: 44%
Total physical RAM: 4094.36 MB
Available physical RAM: 2276.34 MB
Total Virtual: 8186.93 MB
Available Virtual: 6127.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:381.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive w: (B/up) (Fixed) (Total:232.88 GB) (Free:63.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FAC6EE11)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3F4D773A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

5) No specific problems noticed with my computer



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:00 PM

Posted 10 April 2016 - 05:49 AM

Nikos:

Thank you for your logs and the additional information you have provided. The files that I specified are on your computer. They show again in your newest FRST log. I suspect that your computer is set to the default setting to hide hidden folders and protected operating system files.


:step1: Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the "View" Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files (recommended)" option.
Click "Yes" to confirm.

Then please check these files on VirusTotal for me.

1. C:\Windows\SysWOW64\xg865ij.dll
2. C:\Windows\SysWOW64\w4yzvjq.dll
3. C:\Windows\SysWOW64\qsfaqqr.dll
4. C:\Windows\SysWOW64\oro2h6n.dll
5. C:\Windows\SysWOW64\iz9g894.dll
6. C:\Windows\SysWOW64\iokz40o.dll
7. C:\Windows\SysWOW64\iobcfeo.dll
8. C:\Windows\SysWOW64\iubisam.dll
9. C:\Windows\System32\trkwks.dll
 

 

:step2: You did not run the FRST64english.exe, but rather the FRST64.exe file, so I am not able to make out too much of the system and application errors showing up in the "Addition.txt" file, as the explanations are in Greek. I did however find a few more minor issues.

Please copy and paste the text in the code box below to Notepad and save it as fixlist.txt file on your Desktop.

NOTE. It's important that both files, FRST/FRST64/FRST64english and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste it into your reply.

CloseProcesses:

ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => AcSignIcon.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Nikos\AppData\Local\Temp\i4jdel0.exe
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]

That is great news that you are not experiencing any issues with your computer. I am not seeing any indication of serious infections in your FRST logs.

Thank you for your continued cooperation. I think that we might getting close to being able to conclude this matter. Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 11 April 2016 - 05:36 AM

1) Ok i scan all files and are not efected .They show all 0/56

 

I do not have the FRST.EXE and FRST64.EXE is there a link to download?

 

The log file from the previous post is with FRST64ENGLISH but maybe because i did not have the other files did not show it in english..i do not know



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,855 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:00 PM

Posted 12 April 2016 - 05:23 AM

Nikos:

 

Thank you for your post.  Did you run the last FRST fixlist.txt that I requested that you run in my previous post?  I do not see the "fixlist.log" file in your most recent reply.

 

If you haven't run that FRST fixlist.txt file yet, would you please do so, and then copy and paste the "fixlog.txt file into your next reply?

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 niklas1981

niklas1981
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 14 April 2016 - 01:43 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Nikos (2016-04-14 21:38:43) Run:3
Running from C:\Users\Nikos\Desktop
Loaded Profiles: Nikos (Available Profiles: Nikos)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => AcSignIcon.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Nikos\AppData\Local\Temp\i4jdel0.exe
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AutoCAD Digital Signatures Icon Overlay Handler" => key removed successfully
"HKCR\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Nikos\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\ProgramData\TEMP => ":B755D674" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 21:38:44 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users