TechSpot

NvsvcStart Missing & Task Manager

By absalom
Feb 22, 2015
  1. I have the typical NvsvcStart Missing virus,and I have done 'almost' everything found on the intenet but nothing happened with the Spyhunter etc.

    Now im trying to remove it manually but I CANT FOLLoW ALL THE STEPS I read about.
    For example I CANT FIND the NvsvcStart file.... beside this.. I discovered I CANT end the process thru the Task Manager,it gives No access......

    Well.... help.......

    Windows Vista 32-bit user:oops:
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Reopened.
     
  4. absalom

    absalom TS Member Topic Starter Posts: 30

    Im back! and thanks Broni!! Here are the texts!

    *the "unknown" language is Greek

    THIS IS THE FRST file

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
    Ran by DIMITRIS (administrator) on YPOLOGISTIS on 10-03-2015 03:09:05
    Running from C:\Users\DIMITRIS\Downloads
    Loaded Profiles: DIMITRIS & UpdatusUser (Available profiles: DIMITRIS & UpdatusUser)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Ελληνικά (Ελλάδας)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
    (Microsoft Corporation) C:\Windows\ehome\ehsched.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Microsoft Corporation) C:\Windows\System32\conime.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4186112 2006-12-12] (Realtek Semiconductor)
    HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
    HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
    HKLM\...\RunOnce: [VistaSetup] => [X]
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\MountPoints2: D - D:\SETUP.EXE
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\MountPoints2: {ae310849-319e-11e4-aff7-806e6f6e6963} - D:\setup.exe
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\MountPoints2: {c9bc8e9e-9912-11db-b22c-001a4d81c564} - F:\LaunchU3.exe
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\MountPoints2: {c9bc8e9e-9912-11db-b22c-001a4d81c564} - F:\LaunchU3.exe
    HKU\S-1-5-18\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    AppInit_DLLs: 0 => 0 File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
    BootExecute: autocheck autochk * sh4native Sh4Removal
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quest.gr
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...HP=http://start.funmoods.com/?f=1&a=make&OSP=
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {0A54C6B5-CF7E-4DE3-AE22-4DE4384532A2} URL = http://www.mystartsearch.com/web/?u...04&ts=1424463278&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {2712AFFD-EC40-4303-B561-9BFBE0D0D619} URL = http://www.mystartsearch.com/web/?u...04&ts=1424463278&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?u...04&ts=1424463278&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {2712AFFD-EC40-4303-B561-9BFBE0D0D619} URL = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://startsear.ch/?aff=1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
    BHO: GrreataSaveo4U -> {18d32c9a-b516-4b21-865c-2794b12cb21e} -> C:\Program Files\GrreataSaveo4U\V6eTjsDM9sI6mZ.dll No File
    BHO: 50CoiuapaonoS -> {5964b0c7-ba54-430b-82a6-85a3d30596b0} -> C:\Program Files\50CoiuapaonoS\Y6evMq30e4YSJW.dll No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/el-gr/wlscctrl2.cab
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab
    DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
    Tcpip\..\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-18] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Extension: Adblock Plus - C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
    CHR Extension: (Google Docs) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
    CHR Extension: (Google Drive) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
    CHR Extension: (YouTube) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
    CHR Extension: (Adblock Plus) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
    CHR Extension: (Google Search) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
    CHR Extension: (Google Sheets) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
    CHR Extension: (Tab Activate) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj [2015-02-20]
    CHR Extension: (Google Wallet) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
    CHR Extension: (Gmail) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
    CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path Or update_url value

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1087792 2014-05-22] (Flexera Software LLC)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-19] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-19] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2014-01-13] (AVG Technologies)
    R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [32256 2005-05-10] (B.H.A Corporation) [File not signed]
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
    S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [23168 2007-08-08] (eMPIA Technology, Inc.)
    R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [38240 2009-05-14] (ESET)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
    S3 gdrv; C:\Windows\gdrv.sys [14656 2010-06-13] (Windows (R) Codename Longhorn DDK provider)
    S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [16968 2010-07-23] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-10] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [6656 2008-01-19] (Microsoft Corporation)
    S3 Mtlmnt5; C:\Windows\System32\DRIVERS\SLDRV\Mtlmnt5.sys [237616 2005-05-11] ( )
    S3 Mtlstrm; C:\Windows\System32\DRIVERS\SLDRV\Mtlstrm.sys [1464848 2005-05-11] ( )
    R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
    R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [237632 2010-08-18] (PC Tools)
    R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
    R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [656320 2010-07-16] (PC Tools)
    R0 RecAgent; C:\Windows\System32\DRIVERS\SLDRV\RecAgent.sys [14680 2005-05-11] ( )
    R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [26976 2014-05-22] (Feitian Technologies Co., Ltd.)
    S3 Slntamr; C:\Windows\System32\DRIVERS\SLDRV\slntamr.sys [698848 2005-05-11] ( )
    S3 SlNtHal; C:\Windows\System32\DRIVERS\SLDRV\Slnthal.sys [101328 2005-05-11] ( )
    S3 SlWdmSup; C:\Windows\System32\DRIVERS\SLDRV\SlWdmSup.sys [13248 2005-05-11] ( )
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-26] () [File not signed]
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25472 2009-07-15] (The OpenVPN Project)
    S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.)
    S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.)
    U5 eamon; C:\Windows\System32\Drivers\eamon.sys [114472 2009-05-14] (ESET)
    S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
    U5 epfw; C:\Windows\System32\Drivers\epfw.sys [133000 2009-05-14] (ESET)
    S3 GVCplDrv; No ImagePath
    S3 IpInIp; No ImagePath
    S3 NwlnkFlt; No ImagePath
    S3 NwlnkFwd; No ImagePath
    S1 rdkqmvvv; \??\C:\Windows\system32\drivers\rdkqmvvv.sys [X]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S0 TfFsMon; No ImagePath
    S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
    S0 TfSysMon; No ImagePath
    S1 uumradln; \??\C:\Windows\system32\drivers\uumradln.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-10 03:09 - 2015-03-10 03:11 - 00019339 _____ () C:\Users\DIMITRIS\Downloads\FRST.txt
    2015-03-10 03:07 - 2015-03-10 03:09 - 00000000 ___DC () C:\FRST
    2015-03-10 02:56 - 2015-03-10 02:57 - 01134592 _____ (Farbar) C:\Users\DIMITRIS\Downloads\FRST.exe
    2015-03-09 18:34 - 2015-03-09 18:34 - 00386616 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00143344 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmhgfs.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00107120 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vm3dmp.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00098928 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00063920 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx_svga.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00025136 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmaudio.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00014208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00011440 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmmouse.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
    2015-03-09 18:34 - 2015-03-09 18:34 - 00000000 ____D () C:\Windows\system32\SPReview
    2015-03-09 18:31 - 2015-03-09 18:31 - 03223152 _____ (VMware, Inc.) C:\Windows\system32\vm3dgl.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00219248 _____ (VMware, Inc.) C:\Windows\system32\vm3dum.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00173232 _____ (VMware, Inc.) C:\Windows\system32\vmx_fb.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00111912 _____ (ThinPrint AG) C:\Windows\system32\TPVMW32.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00079176 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUI.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00063088 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\WsmProv.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00053360 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLib.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00050800 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00034416 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLibJava.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00023904 _____ (ThinPrint AG) C:\Windows\system32\TPVMMondeu.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00016432 _____ (VMware, Inc.) C:\Windows\system32\vmx_mode.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00009576 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonjpn.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00009072 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUIjpn.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00009064 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUIdeu.dll
    2015-03-09 18:31 - 2015-03-09 18:31 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\WsmCl.dll
    2015-03-09 18:30 - 2015-03-09 18:31 - 00316736 _____ (ThinPrint AG) C:\Windows\system32\TPVMMon.dll
    2015-03-09 18:30 - 2015-03-09 18:30 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
    2015-03-09 18:30 - 2015-03-09 18:30 - 00484192 _____ (ThinPrint AG) C:\Windows\system32\TPSvc.dll
    2015-03-09 18:30 - 2015-03-09 18:30 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
    2015-03-09 18:30 - 2015-03-09 18:30 - 00144664 _____ (ThinPrint AG) C:\Windows\system32\tprdpw32.dll
    2015-03-09 18:30 - 2015-03-09 18:30 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\extmgr.dll
    2015-03-09 18:30 - 2015-03-09 18:30 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll
    2015-03-09 18:30 - 2015-03-09 18:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
    2015-03-09 18:15 - 2015-03-09 18:15 - 00000000 ____D () C:\ProgramData\Weskysoft
    2015-03-08 17:07 - 2015-03-09 21:16 - 00001155 _____ () C:\Windows\setupact.log
    2015-03-08 17:07 - 2015-03-09 20:53 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-07 18:23 - 2015-03-07 18:23 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Νέος φάκελος (3)
    2015-03-07 15:25 - 2015-03-07 15:25 - 00000104 _____ () C:\Users\DIMITRIS\Desktop\Ιnternet - Συντόμευση.lnk
    2015-03-07 14:59 - 2015-03-07 14:59 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-03-06 06:36 - 2015-03-06 06:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-03 20:47 - 2015-03-03 20:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\50515F29.sys
    2015-02-28 23:49 - 2015-02-28 23:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\59B37FEE.sys
    2015-02-28 21:27 - 2015-02-28 21:27 - 00000219 _____ () C:\Users\DIMITRIS\Desktop\Η Β ι β λ ι ο θ η κ η μ ο υ.URL
    2015-02-28 21:26 - 2015-02-28 21:26 - 00000000 _____ () C:\Users\DIMITRIS\Desktop\Νέο Παρουσίαση του Microsoft Office PowerPoint.pptx
    2015-02-23 22:04 - 2015-01-23 05:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-23 22:04 - 2015-01-23 04:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-23 04:20 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-02-23 04:20 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-23 04:20 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-23 04:19 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-02-23 04:14 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-02-23 03:59 - 2014-08-27 02:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-02-23 03:59 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-02-23 03:58 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-02-23 03:58 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-23 03:53 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-23 03:45 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2015-02-23 03:44 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-02-23 03:44 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-02-23 03:44 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-02-23 03:44 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-02-23 03:43 - 2015-01-09 02:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-23 03:40 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-02-23 03:40 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-02-23 03:40 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-02-23 03:28 - 2015-01-13 03:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-23 03:27 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
    2015-02-23 03:27 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
    2015-02-23 03:22 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-23 03:22 - 2014-12-03 04:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-23 03:22 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-23 03:10 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-23 03:09 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-02-22 20:36 - 2015-01-14 03:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-22 20:36 - 2015-01-14 03:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-22 20:36 - 2015-01-14 03:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-22 20:36 - 2015-01-14 03:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-22 20:36 - 2015-01-14 03:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-22 20:36 - 2015-01-14 03:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-22 20:36 - 2015-01-14 03:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-22 20:36 - 2015-01-14 03:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-22 20:36 - 2015-01-14 03:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-22 20:36 - 2015-01-14 03:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-22 20:36 - 2015-01-14 03:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-22 20:36 - 2015-01-14 03:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-02-22 20:36 - 2015-01-14 03:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-02-22 20:36 - 2015-01-14 03:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-02-22 20:35 - 2015-01-14 03:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-22 20:35 - 2015-01-14 03:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-22 20:35 - 2015-01-14 03:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-22 20:35 - 2015-01-14 03:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-22 20:35 - 2015-01-14 03:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-02-22 20:35 - 2015-01-14 03:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-22 20:14 - 2015-02-22 20:14 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe
    2015-02-22 20:05 - 2015-03-08 16:58 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
    2015-02-22 20:05 - 2015-02-22 20:05 - 00000869 _____ () C:\Users\DIMITRIS\Desktop\DllSuite.lnk
    2015-02-22 20:04 - 2015-02-22 20:04 - 00000000 ____D () C:\Program Files\DLLSuite
    2015-02-22 13:57 - 2015-02-22 13:59 - 128722160 _____ (Microsoft Corporation) C:\Users\DIMITRIS\Downloads\msert.exe
    2015-02-22 13:55 - 2015-02-22 13:55 - 38804664 _____ (Microsoft Corporation) C:\Users\DIMITRIS\Downloads\Windows-KB890830-V5.21.exe
    2015-02-22 04:03 - 2015-02-22 05:26 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
    2015-02-22 03:51 - 2015-02-22 03:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-YPOLOGISTIS-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
    2015-02-22 03:47 - 2015-02-22 03:47 - 00000000 ___DC () C:\RegBackup
    2015-02-22 00:31 - 2015-02-22 00:31 - 00000869 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-22 00:31 - 2015-02-22 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-22 00:31 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-22 00:31 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-22 00:30 - 2015-02-22 00:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-02-22 00:23 - 2015-03-10 00:11 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2015-02-22 00:23 - 2015-02-22 00:31 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Malwarebytes
    2015-02-22 00:22 - 2015-02-22 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-22 00:20 - 2015-02-22 00:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2015-02-22 00:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-21 22:27 - 2015-02-21 22:27 - 00000000 __SHD () C:\found.004
    2015-02-21 04:34 - 2015-02-21 04:34 - 00000000 __SHD () C:\found.003
    2015-02-21 04:29 - 2015-03-09 18:49 - 00667670 _____ () C:\spyhunter.fix
    2015-02-21 04:29 - 2010-05-13 17:34 - 00014232 _____ () C:\Windows\system32\sh4native.exe
    2015-02-21 04:05 - 2015-02-21 04:05 - 00000000 ____D () C:\ProgramData\WEBREG
    2015-02-21 04:03 - 2015-02-21 04:06 - 00000509 _____ () C:\ProgramData\hpzinstall.log
    2015-02-21 03:17 - 2015-03-05 13:22 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\spyhunter
    2015-02-21 00:31 - 2015-02-21 00:31 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_640
    2015-02-21 00:29 - 2015-02-21 04:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2015-02-21 00:29 - 2015-02-21 00:29 - 00002053 _____ () C:\Users\DIMITRIS\Desktop\SpyHunter.lnk
    2015-02-21 00:29 - 2015-02-21 00:29 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-02-21 00:28 - 2015-02-21 03:52 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
    2015-02-21 00:27 - 2015-02-21 00:27 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
    2015-02-21 00:25 - 2015-03-05 13:22 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Νέος φάκελος
    2015-02-20 22:59 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\50CoiuapaonoS
    2015-02-20 22:58 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\GrreataSaveo4U
    2015-02-20 22:56 - 2015-02-20 23:03 - 00000000 ____D () C:\Program Files\Tab Activate
    2015-02-20 22:54 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\50Cooupons
    2015-02-20 22:54 - 2015-02-20 22:54 - 00000000 ____D () C:\ProgramData\ahlnnkdkemhadhfaehjogeamchnofabl
    2015-02-20 22:38 - 2015-02-20 22:38 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\DIMITRIS\Downloads\SpyHunter-Installer.exe
    2015-02-20 22:21 - 2015-03-09 22:21 - 00001350 _____ () C:\Windows\Tasks\CQJNUU.job
    2015-02-20 22:20 - 2015-03-09 22:20 - 00001350 _____ () C:\Windows\Tasks\GBEGBQ.job
    2015-02-20 22:15 - 2015-02-20 22:15 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Opera Software
    2015-02-20 22:14 - 2015-03-08 03:11 - 00000000 ____D () C:\Program Files\Opera
    2015-02-20 22:12 - 2015-02-20 22:59 - 00000000 ____D () C:\ProgramData\11321316169410382761
    2015-02-20 22:11 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\PriCEELess
    2015-02-20 22:04 - 2015-02-20 22:06 - 16578402 _____ ( ) C:\Users\DIMITRIS\Desktop\DLLSuite_Setup.exe
    2015-02-20 17:16 - 2015-02-20 17:16 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\ParetoLogic
    2015-02-18 18:56 - 2015-03-07 15:02 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-18 18:56 - 2015-02-18 18:56 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Oracle
    2015-02-18 18:55 - 2015-03-07 14:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-02-18 18:55 - 2015-02-18 18:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-02-18 18:55 - 2015-02-18 18:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-02-18 18:55 - 2015-02-18 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-02-18 15:44 - 2015-02-18 15:44 - 00016384 _____ () C:\Windows\SPInstall.etl
    2015-02-18 13:53 - 2015-02-18 13:53 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Sun
    2015-02-18 13:42 - 2015-02-18 13:43 - 00006529 _____ () C:\Windows\system32\jupdate-1.6.0_07-b06.log
    2015-02-18 11:55 - 2015-02-18 12:09 - 00000000 ___DC () C:\MATS
    2015-02-18 08:09 - 2015-03-09 19:51 - 00017438 _____ () C:\Windows\PFRO.log
    2015-02-18 06:36 - 2015-02-18 06:36 - 00034780 _____ () C:\Users\DIMITRIS\Desktop\sfcdetails.txt
    2015-02-18 00:27 - 2015-02-18 00:27 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Local\Macromedia
    2015-02-14 02:19 - 2015-02-14 02:30 - 00000000 ___DC () C:\28eea4b49fa1d21192

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-10 03:00 - 2014-01-13 23:00 - 01691483 _____ () C:\Windows\WindowsUpdate.log
    2015-03-10 02:33 - 2014-01-12 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-10 01:51 - 2006-11-02 14:47 - 00004560 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-10 01:51 - 2006-11-02 14:47 - 00004560 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-10 01:35 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\tracing
    2015-03-09 21:16 - 2011-11-20 05:19 - 00001905 _____ () C:\Windows\diagwrn.xml
    2015-03-09 21:16 - 2011-11-20 05:19 - 00001905 _____ () C:\Windows\diagerr.xml
    2015-03-09 19:51 - 2008-10-22 23:15 - 00016384 _____ () C:\Windows\system32\Ikeext.etl
    2015-03-09 19:51 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-09 19:51 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-03-09 19:49 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-03-09 14:48 - 2007-09-12 07:13 - 00000000 ____D () C:\Users\DIMITRIS
    2015-03-09 14:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
    2015-03-09 14:48 - 2006-11-02 12:22 - 74186752 _____ () C:\Windows\system32\config\software_previous
    2015-03-09 14:48 - 2006-11-02 12:22 - 47448064 _____ () C:\Windows\system32\config\components_previous
    2015-03-09 14:48 - 2006-11-02 12:22 - 104333312 _____ () C:\Windows\system32\config\system_previous
    2015-03-09 14:48 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
    2015-03-09 14:48 - 2006-11-02 12:22 - 00065536 _____ () C:\Windows\system32\config\sam_previous
    2015-03-09 14:48 - 2006-11-02 12:22 - 00028672 _____ () C:\Windows\system32\config\security_previous
    2015-03-07 14:54 - 2014-10-16 11:37 - 00000000 ____D () C:\Program Files\Java
    2015-03-05 12:06 - 2007-03-26 18:17 - 00000000 ____D () C:\Windows\Downloaded Installations
    2015-03-05 07:36 - 2014-09-06 23:17 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\FirefoxToolbar
    2015-03-03 20:51 - 2006-11-02 12:33 - 01720600 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-03 15:16 - 2009-10-03 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-02-24 03:20 - 2011-11-20 16:52 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-24 03:17 - 2012-07-21 18:06 - 00001796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-24 03:07 - 2011-11-20 16:51 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-24 03:07 - 2010-10-04 18:16 - 02741112 _____ () C:\Windows\system32\Drivers\Cat.DB
    2015-02-23 05:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
    2015-02-23 04:48 - 2014-10-09 19:14 - 02536496 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-23 04:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\el-GR
    2015-02-23 04:10 - 2007-03-26 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-22 05:43 - 2014-10-09 19:17 - 00144560 _____ () C:\Users\DIMITRIS\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-21 07:18 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Local\cache
    2015-02-21 04:06 - 2011-06-30 13:52 - 00148540 _____ () C:\Windows\hpoins12.dat
    2015-02-21 04:05 - 2011-06-30 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-02-21 00:21 - 2014-09-05 08:34 - 00000000 ____D () C:\ProgramData\ParetoLogic
    2015-02-21 00:21 - 2014-01-12 17:41 - 00000828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-21 00:21 - 2011-07-28 03:54 - 00000967 _____ () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-02-20 22:23 - 2014-01-11 16:16 - 00000000 ____D () C:\Program Files\Google
    2015-02-20 17:19 - 2015-01-31 09:43 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-20 17:19 - 2014-02-18 15:07 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\SOFTWARE
    2015-02-20 15:52 - 2011-07-08 03:57 - 00000000 ____D () C:\Users\DIMITRIS\Documents\WEBSITE
    2015-02-20 15:51 - 2011-07-08 03:59 - 00000000 ____D () C:\Users\DIMITRIS\Documents\ΠΡΟΓΡΑΜΜΑΤΑ
    2015-02-20 01:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-02-18 06:32 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT
    2015-02-18 00:27 - 2014-01-15 02:36 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Local\Adobe
    2015-02-18 00:26 - 2014-01-12 12:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-18 00:26 - 2014-01-12 12:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-17 15:13 - 2014-01-30 13:33 - 00000680 _____ () C:\Users\DIMITRIS\AppData\Local\d3d9caps.dat
    2015-02-15 09:50 - 2011-11-20 17:41 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\xx
    2015-02-14 02:57 - 2009-03-19 22:09 - 00000000 ____D () C:\Users\DIMITRIS\Documents\Οι σαρώσεις μου
    2015-02-14 02:36 - 2006-11-02 12:23 - 00000305 _____ () C:\Windows\win.ini
    2015-02-14 01:23 - 2015-01-31 09:59 - 00000000 ____D () C:\Users\DIMITRIS\Dropbox
    2015-02-14 01:22 - 2015-01-31 09:41 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Dropbox
    2015-02-12 06:37 - 2010-12-04 05:00 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\phonostar-Player

    ==================== Files in the root of some directories =======

    2014-01-14 22:13 - 2014-01-14 22:14 - 0003701 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    2014-01-13 21:38 - 2014-01-13 22:01 - 0003747 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
    2010-07-29 19:09 - 2010-07-29 19:09 - 0002333 _____ () C:\Users\DIMITRIS\AppData\Roaming\121A.tmp
    2010-07-30 15:41 - 2010-07-30 15:41 - 0002333 _____ () C:\Users\DIMITRIS\AppData\Roaming\3D8C.tmp
    2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\DIMITRIS\AppData\Roaming\CQJNUU
    2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ
    2015-01-08 16:24 - 2015-02-20 21:32 - 0000115 _____ () C:\Users\DIMITRIS\AppData\Roaming\LogFile.txt
    2014-06-23 03:38 - 2014-06-23 03:38 - 0029544 _____ () C:\Users\DIMITRIS\AppData\Roaming\UserTile.png
    2014-01-30 13:33 - 2015-02-17 15:13 - 0000680 _____ () C:\Users\DIMITRIS\AppData\Local\d3d9caps.dat
    2011-06-01 01:01 - 2011-06-01 01:02 - 0013880 _____ () C:\ProgramData\4153593714
    2011-05-27 11:41 - 2011-06-01 12:19 - 0013896 _____ () C:\ProgramData\e53m0v5b47
    2011-06-07 02:11 - 2011-06-07 02:11 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
    2009-10-20 05:05 - 2009-10-20 05:05 - 0184336 _____ () C:\ProgramData\Fast team team.13g7vk3
    2009-08-13 21:15 - 2009-08-13 21:15 - 0217104 _____ () C:\ProgramData\Fast team team.25vmutn
    2009-09-09 21:59 - 2009-09-09 21:59 - 0000016 _____ () C:\ProgramData\Fast team team.28214
    2009-12-17 09:39 - 2009-12-17 09:39 - 0372752 _____ () C:\ProgramData\Fast team team.5g99lsa
    2009-10-27 03:00 - 2009-10-27 03:00 - 0229392 _____ () C:\ProgramData\Fast team team.818arp4
    2009-10-27 03:44 - 2009-10-27 03:44 - 0000000 _____ () C:\ProgramData\Fast team team.buqh87x
    2009-10-20 05:05 - 2009-10-20 05:05 - 0110608 _____ () C:\ProgramData\Fast team team.cjpio63
    2009-12-17 09:39 - 2009-12-17 09:39 - 0356368 _____ () C:\ProgramData\Fast team team.le9gb
    2009-08-04 03:02 - 2009-08-04 03:02 - 0360464 _____ () C:\ProgramData\Fast team team.myh67jd
    2009-10-27 03:22 - 2009-10-27 03:22 - 0094224 _____ () C:\ProgramData\Fast team team.rdal7a
    2011-11-16 08:54 - 2011-11-16 08:58 - 0000432 _____ () C:\ProgramData\FAtywhGoBOpdzD
    2015-02-21 04:03 - 2015-02-21 04:06 - 0000509 _____ () C:\ProgramData\hpzinstall.log
    2012-07-20 13:01 - 2012-07-20 13:01 - 0000051 _____ () C:\ProgramData\ltqwjpgrmggwamq
    2009-12-17 09:40 - 2009-12-17 09:40 - 0167952 _____ () C:\ProgramData\Memo Cake Bait.nreds8c
    2012-07-19 03:52 - 2012-07-19 03:54 - 4503728 ____T () C:\ProgramData\pmt_0piot.pad
    2011-11-16 08:56 - 2011-11-16 08:56 - 0000288 _____ () C:\ProgramData\~FAtywhGoBOpdzD
    2011-11-16 08:56 - 2011-11-16 08:56 - 0000216 _____ () C:\ProgramData\~FAtywhGoBOpdzDr

    Files to move or delete:
    ====================
    C:\ProgramData\pmt_0piot.pad


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-09 20:18

    ==================== End Of Log ============================
     
  5. absalom

    absalom TS Member Topic Starter Posts: 30

    Let me add some more info here. I think it has to do also with that AVG.Toolbar issue.... It remains as a Toolbar in my Mozilla.Only if I re-open the Mozilla browser it dissapears. I Restored the System,but...it appeared again,after having gone for some hours.

    Here is the Second Text,ADDITION



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-03-2015 01
    Ran by DIMITRIS at 2015-03-10 03:12:09
    Running from C:\Users\DIMITRIS\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1-Click YouTube To MP3 Converter 2.2 (HKLM\...\1-Click YouTube To MP3 Converter_is1) (Version: - )
    2DD8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - )
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    ACID Xpress 7.0 (HKLM\...\{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}) (Version: 7.0.64 - Sony)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop CS4 (HKLM\...\Adobe Photoshop CS4_is1) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    AIO_Scan (Version: 82.0.203.000 - Hewlett-Packard) Hidden
    Akamai NetSession Interface (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
    AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
    AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
    AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
    Autodesk Material Library 2011 (HKLM\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
    Autodesk Material Library 2011 Base Image library (HKLM\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
    BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    CiD Help (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\play cash gram) (Version: - )
    CiD Help (HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\play cash gram) (Version: - )
    Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
    Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DiscAPI (Studio 10) (Version: 2.10.0060 - Pinnacle Systems) Hidden
    DJ_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software (Version: 82.0.203.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software_min (Version: 82.0.203.000 - Hewlett-Packard) Hidden
    DLL Suite 2013 (HKLM\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version: - )
    Dropbox (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    F4100 (Version: 82.0.203.000 - Hewlett-Packard) Hidden
    F4100_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden
    FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
    FIFA 09 (HKLM\...\{2315B23D-3E21-4920-837D-AE6460934ECB}) (Version: 1.0.1.1 - Electronic Arts)
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (HKLM\...\KB970892_SQL9) (Version: 9.3.4053 - Microsoft Corporation)
    GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
    HP Deskjet All-In-One Software 8.0 (HKLM\...\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}) (Version: 8.0 - HP)
    HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
    HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Επωνυμία Επιχείρησης)
    Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
    Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
    LightScribe 1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
    Malwarebytes Anti-Malware έκδοση 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Portugues do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 26.0 (x86 el) (HKLM\...\Mozilla Firefox 26.0 (x86 el)) (Version: 26.0 - Mozilla)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    NVIDIA Πρόγραμμα οδήγησης γραφικών 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
    PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    phonostar-Player Version 2.01.4 (HKLM\...\phonostarRadioPlayer_is1) (Version: - )
    Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
    Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
    RAPID (Studio 10) (Version: 1.00.0004 - Pinnacle Systems) Hidden
    REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    Recover My Files (HKLM\...\Recover My Files_is1) (Version: 4.9.4.1343 - GetData Pty Ltd)
    Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    SketchUp 2014 (HKLM\...\{574C5F13-E589-493D-99A3-70B7D9E477BA}) (Version: 14.0.4900 - Trimble Navigation Limited)
    SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)
    SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
    SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
    SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    SpyHunter (HKLM\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
    Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    Ενημερώσεις NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ell) (Version: - Microsoft Corporation)
    Πίνακας Ελέγχου NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
    Σύμβουλος αναβάθμισης των Windows Vista (HKLM\...\{11350FDD-AC14-476F-AE4C-C5DF6A14844B}) (Version: 1.0.4 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)

    ==================== Restore Points =========================

    23-02-2015 03:01:31 Windows Update
    24-02-2015 03:01:10 Windows Update
    27-02-2015 22:52:27 Windows Update
    03-03-2015 21:12:08 Windows Update
    07-03-2015 17:09:38 Windows Update
    08-03-2015 17:30:56 Windows Update
    09-03-2015 15:36:03 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-02-21 00:31 - 2015-02-22 05:21 - 00000855 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0B8B7383-75CD-4720-9D89-472F943D4DE5} - System32\Tasks\{78874856-38EC-4C02-8840-3AA3ED78EEE2} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K6HH8XO\install_sbd_en[1].exe" -d C:\Users\DIMITRIS
    Task: {0E955B03-BA21-4AAD-9118-91A7F89F7CC5} - System32\Tasks\{35A6DD0B-D370-4F3E-B756-8692753C84B1} => pcalua.exe -a "C:\Program Files\phpDesigner\unins000.exe"
    Task: {1E7194C9-B6D4-49EE-BA52-D37EA52B0FFB} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {1FCFDBF9-BCBB-4A09-8944-15ACFF7E8343} - System32\Tasks\Java => C:\Program Files\Java\jre6\bin\jusched.exe
    Task: {25057D49-E4A4-45D7-B6AD-A8D41691E294} - System32\Tasks\{2D3D0F93-D188-4E2F-8B88-83943467BDFE} => Firefox.exe http://ui.skype.com/ui/0/6.22.0.107/el/abandoninstall?page=tsProgressBar
    Task: {25DF4AE0-0D01-4ECF-9B48-74A8C7CA5ABE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {280625D5-4811-4FFE-86BC-0721711D87E9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: {29650556-BC38-4BEF-A496-616FBA86F9D6} - System32\Tasks\{6785AF2F-F4CA-4FEA-AC1E-57F95208C7BA} => C:\Program Files\Skype\\Phone\Skype.exe
    Task: {2BECAE92-8DA1-41BE-9207-109D3F0A74D1} - System32\Tasks\{E3D72A18-7278-445B-AF82-5E07C08D00C1} => pcalua.exe -a "c:\program files\real\realplayer\\RealPlay.exe" -d "C:\Program Files\Mozilla Firefox" -c "C:\Users\DIMITRIS\AppData\Local\Temp\videosz-deep-oral-ladies-2-82.mpg"
    Task: {300D618F-2BB9-4E62-AA37-7161ADD27C36} - System32\Tasks\{1801F864-3962-416B-8A3D-053B021AA018} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[2].exe" -d C:\Windows\system32
    Task: {41010679-0E8C-4DA7-854B-E160249CCF42} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10] (Hewlett-Packard Co.)
    Task: {450F68C6-CAF6-4256-833C-A42A7482A336} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {52D3AC25-C68F-4B22-9EA5-6047311E0FEE} - System32\Tasks\{63C7AD5B-7669-40BB-9277-53BEC7388EAE} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWS4FID1\NOF-Essentials[1].exe" -d C:\Users\DIMITRIS\Desktop
    Task: {5307BD4F-EC33-4A72-BDBD-DFF22B7252AF} - System32\Tasks\{19E220FB-999C-4A4E-B8B0-7C9AFE2EB491} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {53F8D33B-ABD6-41FF-B8E3-CD67991402F1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: {54E1965B-851C-4FB4-A9D9-D49FF168C4F9} - System32\Tasks\{708B35DD-72EE-46AC-A360-9BA97D262F60} => pcalua.exe -a C:\PROGRA~1\SPINSO~1\GLOSSO~1\GlossoMatheia.exe -d C:\Users\DIMITRIS\Downloads -c C:\Users\DIMITRIS\Downloads\Ασκήσεις ΑΕΠΠ - Εθνικότητες Ισπανίας.psc
    Task: {57A06A2B-3142-41F4-9DB3-955440E8CFFC} - System32\Tasks\{B2C67E3D-E4A5-4C3F-87E1-BE4485F7B7A8} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D9EXU2F\NOF-Essentials[1].exe" -d C:\Users\DIMITRIS
    Task: {589662FF-B3C2-49DA-8BB6-A73431248A4D} - System32\Tasks\{88432499-D3E3-4DD9-8D64-394053ED4781} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\FIFA 09_uninst.exe" -d "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support"
    Task: {61FBCEDB-E894-404B-8288-9BE482EE6604} - System32\Tasks\Real Networks Scheduler => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    Task: {6DFB832D-BECB-40DB-A3F7-25BA881ADD38} - System32\Tasks\{2BFBB7F9-E810-4EDB-A18D-76C5FBD930B3} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM7DJPIA\download[1].exe" -d C:\Windows\system32
    Task: {6EF7945E-79A2-4918-BBF0-3449761B07C4} - System32\Tasks\CQJNUU => C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe <==== ATTENTION
    Task: {71B35727-B610-4A9C-BC5B-B4BCFAB14B73} - System32\Tasks\{3D253D9D-87B4-404B-9D27-3AA7E6C9B896} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
    Task: {72D89400-5324-479A-B398-421FBCE2DA78} - System32\Tasks\{BFA9979A-3F6A-4E55-B662-318694509CEA} => pcalua.exe -a C:\Users\DIMITRIS\Downloads\win_spy_software_8_3_crack_by_ACME.exe -d C:\Users\DIMITRIS\Downloads
    Task: {73E2A2F2-AEA4-46F5-B526-057EBB9384D2} - System32\Tasks\{D42CBAD5-095A-431B-93A0-D6D7D8B40E75} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM7DJPIA\InstallPool[3].exe" -d C:\Windows\system32
    Task: {791CE9FB-A258-434F-8711-E1A3D5C96831} - System32\Tasks\{71CC04EF-9D77-42DA-958D-4992B5B26032} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D9EXU2F\acidxpress70_enu[1].exe" -d C:\Users\DIMITRIS
    Task: {80AC2723-95EA-4ADD-B7AE-A645CAD596ED} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
    Task: {82FD057A-37B8-4D2E-A3CB-100E3978D17E} - System32\Tasks\{C2C5A4C4-0466-40D8-8A55-3F7B0C01B7C7} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[8].exe" -d C:\Windows\system32
    Task: {8F4C1F93-D407-4CFC-924B-802321B3D1C8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: {90A1174B-045B-4CFE-BB8E-7E673856A6A2} - System32\Tasks\{6442D402-4704-4B61-82AC-9CE006ED7F6D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2QI9UFT\Russian_League_08_eng[1].exe" -d C:\Users\DIMITRIS
    Task: {9309190F-6928-44A2-8161-3930B48B6897} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe
    Task: {99C6F52E-E7D9-4E68-A1A5-9817D08BAA75} - System32\Tasks\{0283EBCB-A8E9-44C2-A9CD-B7630831E256} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\Profes.sayt.za.7_chasov.2010\Paket\Expansions\joomla &amp; Danwer\DENWER_3.0\Denwer3_Base_2008-01-13_a2.2.4_p5.2.4_m5.0.45_pma2.6.1.exe" -d "C:\Users\DIMITRIS\Desktop\Profes.sayt.za.7_chasov.2010\Paket\Expansions\joomla &amp; Danwer\DENWER_3.0"
    Task: {A1065142-D339-4463-AAE3-B442052305EE} - System32\Tasks\{87A39743-58BA-43C6-82FF-DE0EAAD41E77} => pcalua.exe -a C:\Users\DIMITRIS\Downloads\PoolSharksInstaller.exe -d C:\Windows\system32
    Task: {A8F36AC8-5062-4B7A-A33E-EF4364070E8D} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {AB642975-7363-4B11-993A-B64F34966F2B} - System32\Tasks\{50C1F4D8-A8FD-4560-B64C-BC995389E020} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\EADM\eadm-installer.exe" -d "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\EADM"
    Task: {B1DD67FE-E564-4065-ADDC-579ACAEEE406} - System32\Tasks\{69F6188A-614E-4C87-B799-C54B3FCEF72A} => pcalua.exe -a C:\Users\DIMITRIS\Desktop\Fifa.00.FO.Max.Payne\Fifa.00.FO.Max.Payne\KUR.EXE -d C:\Users\DIMITRIS\Desktop\Fifa.00.FO.Max.Payne\Fifa.00.FO.Max.Payne
    Task: {B7BBA1C2-AB70-4B4F-916A-3A070A70424B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {B985DF40-BEB3-489E-A8C1-E99D21D0B42B} - System32\Tasks\{CD7F8248-4F69-4057-B789-FA65A3D5EFE5} => pcalua.exe -a C:\Windows\system32\QuickTime.cpl
    Task: {C117D1EC-DD26-4ED6-9DB9-DE1CF04D5ABC} - System32\Tasks\{E04A8E6C-DBA2-45F6-BDE7-C732D3E32D2D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSIXJ3XF\MP10Setup[1].exe" -d C:\Windows\system32
    Task: {C4408D8A-EED0-4C78-BCBA-9E948D5F0BC4} - System32\Tasks\{2AA1F964-B391-4D33-86E2-FCA69F7AB8C5} => pcalua.exe -a "D:\Support\FIFA 08_uninst.exe" -d D:\Support
    Task: {C70FAC1C-9566-41EC-801B-96163BB59190} - System32\Tasks\{9E3488DB-27ED-4D6C-BED9-DA03457D27E4} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\PoolStars-0.49.533b[3].exe" -d C:\Windows\system32
    Task: {CC9920F7-75DA-4FBF-86F3-8AC67CC6CA4C} - System32\Tasks\{26CFDCAB-2177-4AD9-A7A1-4DA727B967AA} => Firefox.exe http://ui.skype.com/ui/0/6.22.0.107/el/abandoninstall?page=tsProgressBar
    Task: {D05325F5-4A61-4763-9781-3EE8764E69BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: {D114702D-DFD6-4EDD-A48A-834C2CC4F781} - System32\Tasks\{765D0C1F-A816-4B41-9D0D-400110674A0D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z7MWE56\InstallPool[6].exe" -d C:\Windows\system32
    Task: {D76EC604-F038-4F46-A49B-5787DC900F11} - System32\Tasks\Opera scheduled Autoupdate 1424463335 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
    Task: {D7D2F0AB-E41B-4ADF-BB7F-51307CBAAE12} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: {D9105E7A-8A00-4475-B49D-3C3737C81121} - System32\Tasks\GBEGBQ => C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe <==== ATTENTION
    Task: {E15E8E01-F438-44B3-B786-AB0C47409013} - System32\Tasks\{C208D0B2-3436-4300-B551-38E06B32B2BB} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[4].exe" -d C:\Windows\system32
    Task: {E1E46532-6DED-4A39-8367-7DA4003F9835} - System32\Tasks\{040B2AE7-1BD5-4711-B723-92DDC9C00643} => pcalua.exe -a "C:\Program Files\EA SPORTS\FIFA 06 Demo\EAUninstall.exe"
    Task: {E28DF6B5-7CDB-4BE5-9450-9FD8C0212774} - System32\Tasks\{B42D819C-539A-4833-9CAF-924F7EED74F6} => Firefox.exe http://ui.skype.com/ui/0/5.8.0.158/el/go/help.faq.installer?LastError=1618
    Task: {E516394F-86E8-4EA6-9AC4-87785942812A} - System32\Tasks\{341B4881-EAD5-4FDE-A0E1-99B320F1E1C4} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\FIFA 09_uninst.exe" -d "C:\Users\DIMITRIS\Desktop\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support"
    Task: {E523E7EC-C995-46F5-82BE-70EE03F004E6} - System32\Tasks\{AADD312E-1829-405D-B3DC-B115D3D8DE7B} => pcalua.exe -a D:\Run.exe -d D:\
    Task: {E5AC0C8E-90C9-411F-85EC-05138BAE4373} - System32\Tasks\Vista Task Low => c:\Program Files\RealArcade\RealArcade.exe
    Task: {E7E335E9-0757-43E3-A40E-58BEEF23C92A} - System32\Tasks\{30800A88-7219-42D7-82C7-F74E35F76DCA} => pcalua.exe -a C:\PROGRA~1\PROGES~1\PROGEC~1\UNWISE.EXE -c "C:\PROGRA~1\PROGES~1\PROGEC~1\install.log"
    Task: {E92CC64D-50EE-4CE3-A427-6457F75F209E} - System32\Tasks\{37518E1C-7463-4B18-8D25-78E174B4D33C} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM8LWUPF\InstallPool[3].exe" -d C:\Windows\system32
    Task: {E9CC0597-E431-4AD5-A4EA-F47729DD399E} - System32\Tasks\{0BA59934-72DD-41D7-93FF-EC84A6D93574} => pcalua.exe -a C:\Windows\IsUn0408.exe -d C:\Windows -c -f"C:\Program Files\EA SPORTS\FIFA 2000\uninst.log"
    Task: {EC288708-0985-4E11-9A28-2058A6F219F6} - System32\Tasks\{D3395A30-5EA2-4EEE-A60A-10D53E8FBFE6} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe" -c /M{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF} /Z"UNINSTALL"
    Task: {F93D1355-371E-4B56-BFEA-4356664BC957} - System32\Tasks\{E1C8F1F6-4E8A-4814-BBD5-46E7D2E06700} => pcalua.exe -a C:\Users\DIMITRIS\Desktop\rzr-fa10\Setup.exe -d C:\Users\DIMITRIS\Desktop\rzr-fa10
    Task: {FA1682C6-1859-4B22-B828-248D3199CEEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-18] (Adobe Systems Incorporated)
    Task: {FA309EBC-7CE7-4D6D-B3AA-3675143F9229} - System32\Tasks\{A285CDA4-4C4D-41FA-B039-923368F0E864} => pcalua.exe -a C:\Windows\iun3404.exe -c C:\Program Files\Fifa 2000
    Task: {FA57AD51-4CAE-4608-B2A1-CCD837E2BD36} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - DIMITRIS => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
    Task: {FA84D65B-64F0-45F2-AE30-CD66600B84E6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe
    Task: {FC26C03E-B848-4B03-B35B-A41044FD1A3F} - System32\Tasks\{F47EBF87-663C-4E62-8243-24679E46A372} => pcalua.exe -a C:\Windows\unvise32qt.exe -d C:\Windows -c C:\Windows\system32\QUICKT~1\UNINST~1.LOG

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\CQJNUU.job => C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GBEGBQ.job => C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2012-04-02 07:16 - 2008-09-09 10:01 - 00283680 _____ () C:\Windows\System32\prntjpg.dll
    2009-09-21 17:13 - 2009-08-03 11:18 - 00061440 _____ () C:\Windows\system32\wintab32.dll
    2007-01-02 20:38 - 2007-01-02 20:38 - 00065536 _____ () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
    2007-01-02 20:38 - 2007-01-02 20:38 - 00077824 _____ () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
    2015-02-18 00:25 - 2015-02-18 00:25 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:63238B95
    AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO - Guitarra Flamenca paso a paso Vol 3.mpg:TOC.WMV
    AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol1.mpg:TOC.WMV
    AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol2.mpg:TOC.WMV

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img7.jpg
    HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: Facebook Update => "C:\Users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: MSIDLL => rundll32.exe msiuic32.dll,jlGtpiWuy
    MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    MSCONFIG\startupreg: TorrentEasy => "C:\Program Files\TorrentEasy\TorrentEasy.exe -autorun"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-4062343756-1977868193-1024004534-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-4062343756-1977868193-1024004534-1003 - Limited - Enabled)
    DIMITRIS (S-1-5-21-4062343756-1977868193-1024004534-1001 - Administrator - Enabled) => C:\Users\DIMITRIS
    Guest (S-1-5-21-4062343756-1977868193-1024004534-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-4062343756-1977868193-1024004534-1008 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    Name: (MOBILE ASSIST)Realtek RTL8139/810x Family Fast Ethernet NIC
    Description: (MOBILE ASSIST)Realtek RTL8139/810x Family Fast Ethernet NIC
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek Semiconductor Corp.
    Service: RTL8023xp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/09/2015 07:52:13 PM) (Source: SQLBrowser) (EventID: 11) (User: )
    Description: The SQLBrowser service encountered a critical failure.

    Error: (03/09/2015 07:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
    αναγνωριστικό διεργασίας 0xa44, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

    Error: (03/09/2015 07:32:59 PM) (Source: SQLBrowser) (EventID: 11) (User: )
    Description: The SQLBrowser service encountered a critical failure.

    Error: (03/09/2015 07:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
    αναγνωριστικό διεργασίας 0xa00, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

    Error: (03/09/2015 07:28:21 PM) (Source: SQLBrowser) (EventID: 11) (User: )
    Description: The SQLBrowser service encountered a critical failure.

    Error: (03/09/2015 07:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
    αναγνωριστικό διεργασίας 0xa38, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

    Error: (03/09/2015 06:50:43 PM) (Source: SQLBrowser) (EventID: 11) (User: )
    Description: The SQLBrowser service encountered a critical failure.

    Error: (03/09/2015 06:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
    αναγνωριστικό διεργασίας 0xa18, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

    Error: (03/09/2015 02:50:20 PM) (Source: SQLBrowser) (EventID: 11) (User: )
    Description: The SQLBrowser service encountered a critical failure.

    Error: (03/09/2015 02:50:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
    αναγνωριστικό διεργασίας 0xa14, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.


    System errors:
    =============
    Error: (03/09/2015 08:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Πρόγραμμα Εγκατάστασης λειτουργικών μονάδων των Windows%%1053

    Error: (03/09/2015 08:02:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Πρόγραμμα Εγκατάστασης λειτουργικών μονάδων των Windows

    Error: (03/09/2015 08:02:04 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

    Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: SQL Server VSS Writer1

    Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: TfFsMon
    TfSysMon

    Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: SQL Server (SQLEXPRESS)%%1053

    Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000SQL Server (SQLEXPRESS)

    Error: (03/09/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: TfFsMon
    TfSysMon

    Error: (03/09/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: SQL Server VSS Writer1

    Error: (03/09/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: SQL Server (SQLEXPRESS)%%1053


    Microsoft Office Sessions:
    =========================
    Error: (11/29/2010 04:03:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1818 seconds with 360 seconds of active time. This session ended with a crash.

    Error: (10/29/2010 05:15:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3341 seconds with 1380 seconds of active time. This session ended with a crash.

    Error: (10/28/2010 07:43:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 924 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (10/27/2010 07:33:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1104 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (10/27/2010 07:05:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5901 seconds with 3720 seconds of active time. This session ended with a crash.

    Error: (11/10/2009 08:59:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 229 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (09/14/2009 06:18:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3703 seconds with 2580 seconds of active time. This session ended with a crash.

    Error: (08/27/2009 02:45:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (08/25/2009 03:22:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 10680 seconds with 6720 seconds of active time. This session ended with a crash.

    Error: (07/14/2009 11:38:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-10 03:11:48.598
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:11:48.379
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:11:48.151
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:11:47.939
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:11:47.520
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:11:47.303
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:11:47.074
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:11:46.853
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:10:51.509
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-03-10 03:10:51.287
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
    Percentage of memory in use: 93%
    Total physical RAM: 1022.83 MB
    Available physical RAM: 70.32 MB
    Total Pagefile: 2562.82 MB
    Available Pagefile: 739.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1913.93 MB

    ==================== Drives ================================

    Drive c: (OS_Install) (Fixed) (Total:232.88 GB) (Free:109.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (LRMCFRE_EL_DVD) (CDROM) (Total:2.42 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 41112F68)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  6. absalom

    absalom TS Member Topic Starter Posts: 30

    Excuse me but I couldnt figured out if the characters are over 50,000.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  8. absalom

    absalom TS Member Topic Starter Posts: 30

    The ROGUE KILLER.report

    RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : DIMITRIS [Administrator]
    Started from : C:\Users\DIMITRIS\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 03/14/2015 18:12:16

    ¤¤¤ Processes : 1 ¤¤¤
    [Proc.Svchost] svchost.exe(1028) -- [x] -> Killed [TermThr]

    ¤¤¤ Registry : 26 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786} -> Deleted
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Replaced ()
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Replaced (1)
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Replaced (1)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
    [PUM.WallPaper] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop | WallPaper : C:\Windows\Web\Wallpaper\img7.jpg -> Replaced (C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows Photo Gallery\Ταπετσαρία της Συλλογής φωτογραφιών των Windows.jpg)

    ¤¤¤ Tasks : 4 ¤¤¤
    [Suspicious.Path] CQJNUU.job -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> Deleted
    [Suspicious.Path] GBEGBQ.job -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> Deleted
    [Suspicious.Path] \\CQJNUU -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> Deleted
    [Suspicious.Path] \\GBEGBQ -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> ERROR [0]

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x891511e8

    ¤¤¤ Web browsers : 1 ¤¤¤
    [FIREFX:Addon] na8najap.default : McAfee Security Scan Plus [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500AAKX-00ERMA0 ATA Device +++++
    --- User ---
    [MBR] 8858a9278792b5eabb678ce717f16aac
    [BSP] db5394e192465c077b12bca589f200a3 : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_03142015_180842.log
     
  9. absalom

    absalom TS Member Topic Starter Posts: 30

    BRONI ! a problem OCCURED...........

    I had my Network Driver missing and lost the connection to the internet...... here is the procedure of what happened........

    @ After having the RogueKiller used and deleted the items that showed up,
    I strarted the Malwarebytes scan
    ... after a while,(and when I had already deleted some quarantine items in the Malwarebytes) I REALIZED that the connection with the internet was starting to get lost. I CHECKED ,and it was my ETHERNET REALTEK NIC programme missing. I WAS ABOUT TO communicate with you,in here,from my sisters laptop,but,I DID a System Restore and the connection came back. I DONT know IF IT WILL last though,if I turn the pc off again after hours maybe.

    So,I must tell here that WHEN I started the Malwarebytes scan- as Im reffering in the beggining - I remember some EHTERNET files... that might have been deleted. I had them printed-screened. Im trying to guess the reason for having my connection lost.
     
  10. absalom

    absalom TS Member Topic Starter Posts: 30

    mba 1.JPG

    these
    are the Malwarebytes logs,in print-screen.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Can you post MBAM log?

    • open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
     
  12. absalom

    absalom TS Member Topic Starter Posts: 30

    Ill do it. But these logs Im showing you,were in Quarantine.
    what date of Scanned logs you want???? this is of the 16th today.

    But.... tell me,should I UPDATE the Realtek Ethernet? would this cause any effect?
     

    Attached Files:

  13. absalom

    absalom TS Member Topic Starter Posts: 30

    THIS IS THE ADWCLEANER REPORT


    # AdwCleaner v4.112 - Logfile created 16/03/2015 at 13:49:27
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Local]
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
    # Username : DIMITRIS - YPOLOGISTIS
    # Running from : C:\Users\DIMITRIS\Desktop\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\Program Files\50CoiuapaonoS
    Folder Deleted : C:\Program Files\50Cooupons
    Folder Deleted : C:\Program Files\GrreataSaveo4U
    Folder Deleted : C:\Program Files\PriCEELess
    Folder Deleted : C:\Users\DIMITRIS\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\DIMITRIS\AppData\Roaming\FirefoxToolbar
    Folder Deleted : C:\Users\DIMITRIS\AppData\Roaming\ParetoLogic
    Folder Deleted : C:\ProgramData\ahlnnkdkemhadhfaehjogeamchnofabl
    File Deleted : C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\invalidprefs.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
    Key Deleted : HKCU\Software\Mozilla\Extends
    Key Deleted : HKLM\SOFTWARE\Classes\P18d32c9a_b516_4b21_865c_2794b12cb21e_.P18d32c9a_b516_4b21_865c_2794b12cb21e_
    Key Deleted : HKLM\SOFTWARE\Classes\P18d32c9a_b516_4b21_865c_2794b12cb21e_.P18d32c9a_b516_4b21_865c_2794b12cb21e_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P5964b0c7_ba54_430b_82a6_85a3d30596b0_.P5964b0c7_ba54_430b_82a6_85a3d30596b0_
    Key Deleted : HKLM\SOFTWARE\Classes\P5964b0c7_ba54_430b_82a6_85a3d30596b0_.P5964b0c7_ba54_430b_82a6_85a3d30596b0_.9
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18d32c9a-b516-4b21-865c-2794b12cb21e}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5964b0c7-ba54-430b-82a6-85a3d30596b0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18d32c9a-b516-4b21-865c-2794b12cb21e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5964b0c7-ba54-430b-82a6-85a3d30596b0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18d32c9a-b516-4b21-865c-2794b12cb21e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{18d32c9a-b516-4b21-865c-2794b12cb21e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5964b0c7-ba54-430b-82a6-85a3d30596b0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A54C6B5-CF7E-4DE3-AE22-4DE4384532A2}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2712AFFD-EC40-4303-B561-9BFBE0D0D619}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF549236-6258-4AC6-A043-5B5B89C6EB61}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Settings Manager
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AF549236-6258-4AC6-A043-5B5B89C6EB61}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Protector
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16609


    -\\ Mozilla Firefox v26.0 (el)


    -\\ Google Chrome v


    -\\ Opera v28.0.1750.40


    *************************

    AdwCleaner[R0].txt - [12394 bytes] - [15/01/2014 02:31:25]
    AdwCleaner[R1].txt - [965 bytes] - [15/01/2014 03:05:01]
    AdwCleaner[R2].txt - [4655 bytes] - [16/03/2015 13:44:26]
    AdwCleaner[S0].txt - [12655 bytes] - [15/01/2014 02:33:38]
    AdwCleaner[S1].txt - [1027 bytes] - [15/01/2014 03:06:41]
    AdwCleaner[S2].txt - [4439 bytes] - [16/03/2015 13:49:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4498 bytes] ##########
     
  14. absalom

    absalom TS Member Topic Starter Posts: 30

    this IS THE JUNKWARE REPORT.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.3 (03.01.2015:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by DIMITRIS on ƒœ¬ 16/03/2015 at 14:34:33.95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



    ~~~ FireFox

    Emptied folder: C:\Users\DIMITRIS\AppData\Roaming\mozilla\firefox\profiles\na8najap.default\minidumps [7 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ƒœ¬ 16/03/2015 at 14:39:23.04
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Create new restore point and re-run RogueKiller.
    Create new restore point and re-run MBAM.
    Post both logs.
     
  16. absalom

    absalom TS Member Topic Starter Posts: 30

    Ok......
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    ..and?
     
  18. absalom

    absalom TS Member Topic Starter Posts: 30

    ROGUE KILLER LOGS

    RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : DIMITRIS [Administrator]
    Started from : C:\Users\DIMITRIS\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 03/23/2015 10:14:00

    ¤¤¤ Processes : 1 ¤¤¤
    [Proc.Svchost] svchost.exe(3384) -- [x] -> Killed [TermThr]

    ¤¤¤ Registry : 25 ¤¤¤
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
    [PUM.WallPaper] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop | WallPaper : C:\Windows\Web\Wallpaper\img7.jpg -> Not selected

    ¤¤¤ Tasks : 4 ¤¤¤
    [Suspicious.Path] CQJNUU.job -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> ERROR [0]
    [Suspicious.Path] GBEGBQ.job -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> ERROR [0]
    [Suspicious.Path] \\CQJNUU -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> ERROR [0]
    [Suspicious.Path] \\GBEGBQ -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> ERROR [0]

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x891511e8
    [IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x891511e8

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500AAKX-00ERMA0 ATA Device +++++
    --- User ---
    [MBR] 8858a9278792b5eabb678ce717f16aac
    [BSP] db5394e192465c077b12bca589f200a3 : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_03142015_181210.log - RKreport_SCN_03142015_180842.log - RKreport_SCN_03232015_101204.log - RKreport_DEL_03232015_101316.log
    RKreport_DEL_03232015_101348.log
     
  19. absalom

    absalom TS Member Topic Starter Posts: 30

    MALWAREBYTES LOGS


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23/3/2015
    Scan Time: 10:19:27 πμ
    Logfile: DEYTERO MALWAREBYTES.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.03.23.02
    Rootkit Database: v2015.02.25.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: DIMITRIS

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 384285
    Time Elapsed: 34 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Deep Rootkit Scan: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  21. absalom

    absalom TS Member Topic Starter Posts: 30

    COMBOFIX Log Report
    ComboFix 15-03-23.01 - DIMITRIS 24/03/2015 1:07.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.1023.271 [GMT 2:00]
    Running from: c:\users\DIMITRIS\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\11321316169410382761
    c:\programdata\11321316169410382761\14e3ff1a5b63b70fbb5f4b1522b589f9.ini
    c:\programdata\11321316169410382761\33c7d52988179474bb5f4b1522b589f9.ini
    c:\programdata\11321316169410382761\48b3953b525f68d7bb5f4b1522b589f9.ini
    c:\programdata\11321316169410382761\cd5b15e575e1c3d0bb5f4b1522b589f9.ini
    c:\programdata\11321316169410382761\e62923f612d821d1bb5f4b1522b589f9.ini
    c:\programdata\11321316169410382761\f58fc3a7beebbd86bb5f4b1522b589f9.ini
    c:\programdata\11321316169410382761\f70fcb9ed91b0ab1bb5f4b1522b589f9.ini
    c:\programdata\4153593714
    c:\programdata\pmt_0piot.pad
    c:\users\DIMITRIS\AppData\Roaming\121A.tmp
    c:\users\DIMITRIS\AppData\Roaming\3D8C.tmp
    c:\windows\msdownld.tmp
    c:\windows\system32\install
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-23 to 2015-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-23 23:25 . 2015-03-23 23:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2015-03-23 21:31 . 2015-03-23 21:31 -------- d-----w- C:\found.005
    2015-03-23 07:53 . 2015-03-23 07:53 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5205CB4-23C0-40B9-B789-F7607E8F5149}\MpKsl2f76a42c.sys
    2015-03-23 07:52 . 2015-03-23 07:52 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-18 14:53 . 2014-09-17 09:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0712A70C-5901-4F10-9A6B-0715B77CD3D0}\gapaengine.dll
    2015-03-18 14:33 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5205CB4-23C0-40B9-B789-F7607E8F5149}\mpengine.dll
    2015-03-14 18:47 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-03-14 15:54 . 2015-03-23 08:15 -------- d-----w- c:\programdata\RogueKiller
    2015-03-13 20:19 . 2015-03-13 20:19 -------- d-----w- c:\program files\McAfee Security Scan
    2015-03-13 19:16 . 2015-03-13 20:19 -------- d-----w- c:\programdata\McAfee Security Scan
    2015-03-13 19:15 . 2015-03-13 19:15 -------- d-----w- c:\programdata\McAfee
    2015-03-10 01:07 . 2015-03-10 01:13 -------- dc----w- C:\FRST
    2015-03-09 16:34 . 2015-03-09 16:34 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys
    2015-03-09 16:34 . 2015-03-09 16:34 11440 ----a-w- c:\windows\system32\drivers\vmmouse.sys
    2015-03-09 16:34 . 2015-03-09 16:34 143344 ----a-w- c:\windows\system32\drivers\vmhgfs.sys
    2015-03-09 16:34 . 2015-03-09 16:34 98928 ----a-w- c:\windows\system32\drivers\vmci.sys
    2015-03-09 16:34 . 2015-03-09 16:34 25136 ----a-w- c:\windows\system32\drivers\vmaudio.sys
    2015-03-09 16:34 . 2015-03-09 16:34 107120 ----a-w- c:\windows\system32\drivers\vm3dmp.sys
    2015-03-09 16:34 . 2015-03-09 16:34 386616 ----a-w- c:\windows\system32\drivers\MegaSR.sys
    2015-03-09 16:34 . 2015-03-09 16:34 6656 ----a-w- c:\windows\system32\drivers\errdev.sys
    2015-03-09 16:34 . 2015-03-09 16:34 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
    2015-03-09 16:34 . 2015-03-09 16:34 45568 ----a-w- c:\windows\system32\drivers\blbdrive.sys
    2015-03-09 16:34 . 2015-03-09 16:34 -------- d-----w- c:\windows\system32\SPReview
    2015-03-09 16:34 . 2015-03-09 16:34 386464 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll
    2015-03-09 16:30 . 2015-03-09 16:30 484192 ----a-w- c:\windows\system32\TPSvc.dll
    2015-03-09 16:30 . 2015-03-09 16:30 144664 ----a-w- c:\windows\system32\tprdpw32.dll
    2015-03-09 16:30 . 2015-03-09 16:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2015-03-09 16:30 . 2015-03-09 16:30 78336 ----a-w- c:\windows\system32\ieencode.dll
    2015-03-09 16:30 . 2015-03-09 16:30 17408 ----a-w- c:\windows\system32\corpol.dll
    2015-03-09 16:15 . 2015-03-09 16:15 -------- d-----w- c:\programdata\Weskysoft
    2015-03-07 12:59 . 2015-03-07 12:59 -------- d-----w- c:\program files\Common Files\Java
    2015-03-03 18:47 . 2015-03-03 18:47 114904 ----a-w- c:\windows\system32\drivers\50515F29.sys
    2015-02-28 21:49 . 2015-02-28 21:49 114904 ----a-w- c:\windows\system32\drivers\59B37FEE.sys
    2015-02-23 20:04 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-23 02:20 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-02-23 02:20 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
    2015-02-23 02:20 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
    2015-02-23 02:19 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2015-02-23 02:14 . 2014-11-04 00:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2015-02-23 01:59 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-02-23 01:59 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
    2015-02-23 01:58 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
    2015-02-23 01:58 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
    2015-02-23 01:53 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-23 01:45 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
    2015-02-23 01:44 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
    2015-02-23 01:44 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
    2015-02-23 01:44 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2015-02-23 01:44 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
    2015-02-23 01:43 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
    2015-02-23 01:40 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
    2015-02-23 01:40 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
    2015-02-23 01:40 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
    2015-02-23 01:28 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-23 01:27 . 2015-02-23 01:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2015-02-23 01:22 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-02-23 01:22 . 2014-12-03 02:06 278528 ----a-w- c:\windows\system32\schannel.dll
    2015-02-23 01:22 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2015-02-23 01:10 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
    2015-02-23 01:09 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
    2015-02-22 18:35 . 2015-01-14 01:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2015-02-22 18:35 . 2015-01-14 01:41 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2015-02-22 18:35 . 2015-01-14 01:41 195072 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2015-02-22 18:35 . 2015-01-14 01:41 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
    2015-02-22 18:35 . 2015-01-14 01:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2015-02-22 18:14 . 2015-02-22 18:14 215475 ----a-w- c:\windows\oem_uninst.exe
    2015-02-22 18:04 . 2015-02-22 18:04 -------- d-----w- c:\program files\DLLSuite
    2015-02-22 03:23 . 2015-03-22 06:20 -------- d-----w- c:\windows\system32\catroot2
    2015-02-22 02:51 . 2015-03-23 22:10 -------- d-----w- c:\windows\system32\wbem\repository
    2015-02-22 02:03 . 2015-02-22 03:26 181064 ----a-w- c:\windows\PSEXESVC.EXE
    2015-02-22 01:47 . 2015-02-22 01:47 -------- dc----w- C:\RegBackup
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-23 22:50 . 2015-02-21 22:23 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2015-03-17 04:15 . 2015-02-21 22:31 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-03-17 04:15 . 2015-02-21 22:31 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-03-17 04:15 . 2015-02-21 22:20 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-03-07 12:55 . 2015-02-18 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-03-03 04:50 . 2009-10-03 09:57 246920 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
    2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
    2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
    2015-02-17 22:26 . 2014-01-12 10:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-02-17 22:26 . 2014-01-12 10:13 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-12 4186112]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2013-01-31 2859296]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 978520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
    2013-06-04 23:01 4489472 ----a-w- c:\users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 15:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSIDLL"=rundll32.exe msiwtl32.dll,ilveTqIxD
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-12 22:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.Google.com/
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.pctools.com/mrc/fix_homepage/
    mSearchURL = hxxp://www.Google.com/
    TCP: Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
    DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
    FF - ProfilePath - c:\users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\
    .
    .
    ------- File Associations -------
    .
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-Facebook Update - c:\users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe
    MSConfigStartUp-MSIDLL - msiuic32.dll
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    MSConfigStartUp-TorrentEasy - c:\program files\TorrentEasy\TorrentEasy.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-03-24 01:26
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CD6E2E5-6388-3395-55F1-28F39FA6F24A}*]
    @Allowed: (Read) (RestrictedCode)
    "gafmglfkpiibke"=hex:61,63,63,6c,61,63,68,6b,64,63,66,68,64,6a,65,6b,61,70,64,
    6a,6d,69,63,61,66,6e,66,61,64,69,68,6b,66,6d,6a,6a,61,67,64,63,70,63,6b,67,\
    .
    [HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2015-03-24 01:33:27
    ComboFix-quarantined-files.txt 2015-03-23 23:33
    .
    Pre-Run: 31 Κατάλογοι 109.692.678.144 διαθέσιμα byte
    Post-Run: 35 Κατάλογοι 116.102.332.416 διαθέσιμα byte
    .
    - - End Of File - - D0D826AB578B027A85B423EA9D8D330C
    5C616939100B85E558DA92B899A0FC36
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Uninstall McAfee Security Scan, typical foistware.

    [​IMG]
    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RegNull;;
    [HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CD6E2E5-6388-3395-55F1-28F39FA6F24A}*]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  23. absalom

    absalom TS Member Topic Starter Posts: 30

    ComboFix 15-03-23.01 - DIMITRIS 24/03/2015 17:14:35.2.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.1023.391 [GMT 2:00]
    Running from: c:\users\DIMITRIS\Desktop\ComboFix.exe
    Command switches used :: c:\users\DIMITRIS\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-24 to 2015-03-24 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-24 15:29 . 2015-03-24 15:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2015-03-24 15:29 . 2015-03-24 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-23 23:35 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0078CF38-F0F3-4164-B8A3-8D8F95C41EAF}\mpengine.dll
    2015-03-23 21:31 . 2015-03-23 21:31 -------- d-----w- C:\found.005
    2015-03-23 07:52 . 2015-03-23 07:52 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-18 14:53 . 2014-09-17 09:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0712A70C-5901-4F10-9A6B-0715B77CD3D0}\gapaengine.dll
    2015-03-14 18:47 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-03-14 15:54 . 2015-03-23 08:15 -------- d-----w- c:\programdata\RogueKiller
    2015-03-10 01:07 . 2015-03-10 01:13 -------- dc----w- C:\FRST
    2015-03-09 16:34 . 2015-03-09 16:34 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys
    2015-03-09 16:34 . 2015-03-09 16:34 11440 ----a-w- c:\windows\system32\drivers\vmmouse.sys
    2015-03-09 16:34 . 2015-03-09 16:34 143344 ----a-w- c:\windows\system32\drivers\vmhgfs.sys
    2015-03-09 16:34 . 2015-03-09 16:34 98928 ----a-w- c:\windows\system32\drivers\vmci.sys
    2015-03-09 16:34 . 2015-03-09 16:34 25136 ----a-w- c:\windows\system32\drivers\vmaudio.sys
    2015-03-09 16:34 . 2015-03-09 16:34 107120 ----a-w- c:\windows\system32\drivers\vm3dmp.sys
    2015-03-09 16:34 . 2015-03-09 16:34 386616 ----a-w- c:\windows\system32\drivers\MegaSR.sys
    2015-03-09 16:34 . 2015-03-09 16:34 6656 ----a-w- c:\windows\system32\drivers\errdev.sys
    2015-03-09 16:34 . 2015-03-09 16:34 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
    2015-03-09 16:34 . 2015-03-09 16:34 45568 ----a-w- c:\windows\system32\drivers\blbdrive.sys
    2015-03-09 16:34 . 2015-03-09 16:34 -------- d-----w- c:\windows\system32\SPReview
    2015-03-09 16:34 . 2015-03-09 16:34 386464 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll
    2015-03-09 16:30 . 2015-03-09 16:30 484192 ----a-w- c:\windows\system32\TPSvc.dll
    2015-03-09 16:30 . 2015-03-09 16:30 144664 ----a-w- c:\windows\system32\tprdpw32.dll
    2015-03-09 16:30 . 2015-03-09 16:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2015-03-09 16:30 . 2015-03-09 16:30 78336 ----a-w- c:\windows\system32\ieencode.dll
    2015-03-09 16:30 . 2015-03-09 16:30 17408 ----a-w- c:\windows\system32\corpol.dll
    2015-03-09 16:15 . 2015-03-09 16:15 -------- d-----w- c:\programdata\Weskysoft
    2015-03-07 12:59 . 2015-03-07 12:59 -------- d-----w- c:\program files\Common Files\Java
    2015-03-03 18:47 . 2015-03-03 18:47 114904 ----a-w- c:\windows\system32\drivers\50515F29.sys
    2015-02-28 21:49 . 2015-02-28 21:49 114904 ----a-w- c:\windows\system32\drivers\59B37FEE.sys
    2015-02-23 20:04 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-23 02:20 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-02-23 02:20 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
    2015-02-23 02:20 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
    2015-02-23 02:19 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2015-02-23 02:14 . 2014-11-04 00:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2015-02-23 01:59 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-02-23 01:59 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
    2015-02-23 01:58 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
    2015-02-23 01:58 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
    2015-02-23 01:53 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-23 01:45 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
    2015-02-23 01:44 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
    2015-02-23 01:44 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
    2015-02-23 01:44 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2015-02-23 01:44 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
    2015-02-23 01:43 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
    2015-02-23 01:40 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
    2015-02-23 01:40 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
    2015-02-23 01:40 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
    2015-02-23 01:28 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-23 01:27 . 2015-02-23 01:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2015-02-23 01:22 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-02-23 01:22 . 2014-12-03 02:06 278528 ----a-w- c:\windows\system32\schannel.dll
    2015-02-23 01:22 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2015-02-23 01:10 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
    2015-02-23 01:09 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
    2015-02-22 18:35 . 2015-01-14 01:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2015-02-22 18:35 . 2015-01-14 01:41 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2015-02-22 18:35 . 2015-01-14 01:41 195072 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2015-02-22 18:35 . 2015-01-14 01:41 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
    2015-02-22 18:35 . 2015-01-14 01:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2015-02-22 18:14 . 2015-02-22 18:14 215475 ----a-w- c:\windows\oem_uninst.exe
    2015-02-22 18:04 . 2015-02-22 18:04 -------- d-----w- c:\program files\DLLSuite
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-24 14:07 . 2015-02-21 22:23 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2015-03-17 04:15 . 2015-02-21 22:31 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-03-17 04:15 . 2015-02-21 22:31 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-03-17 04:15 . 2015-02-21 22:20 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-03-07 12:55 . 2015-02-18 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-03-03 04:50 . 2009-10-03 09:57 246920 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-22 03:26 . 2015-02-22 02:03 181064 ----a-w- c:\windows\PSEXESVC.EXE
    2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
    2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
    2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
    2015-02-17 22:26 . 2014-01-12 10:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-02-17 22:26 . 2014-01-12 10:13 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-12 4186112]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2013-01-31 2859296]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 978520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
    2013-06-04 23:01 4489472 ----a-w- c:\users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 15:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSIDLL"=rundll32.exe msiwtl32.dll,ilveTqIxD
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-12 22:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.Google.com/
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.pctools.com/mrc/fix_homepage/
    mSearchURL = hxxp://www.Google.com/
    TCP: Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
    DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
    FF - ProfilePath - c:\users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-03-24 17:30
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CD6E2E5-6388-3395-55F1-28F39FA6F24A}*]
    @Allowed: (Read) (RestrictedCode)
    "gafmglfkpiibke"=hex:61,63,63,6c,61,63,68,6b,64,63,66,68,64,6a,65,6b,61,70,64,
    6a,6d,69,63,61,66,6e,66,61,64,69,68,6b,66,6d,6a,6a,61,67,64,63,70,63,6b,67,\
    .
    [HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2015-03-24 17:36:03
    ComboFix-quarantined-files.txt 2015-03-24 15:35
    ComboFix2.txt 2015-03-23 23:33
    .
    Pre-Run: 34 Κατάλογοι 112.792.514.560 διαθέσιμα byte
    Post-Run: 35 Κατάλογοι 120.983.138.304 διαθέσιμα byte
    .
    - - End Of File - - C7A0F0BB59C8E220E006E0ECE47D95C5
    5C616939100B85E558DA92B899A0FC36
     
  24. absalom

    absalom TS Member Topic Starter Posts: 30

    Update * Im confronting problems with the connection Internet.
    I lost signal and returns,time by time.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It doesn't look like you ran Combofix fix.
    Please re-read my previous reply and redo.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...