Solved NvsvcStart Missing & Task Manager

[absalom]

I DID it like you showed. I ll try again.

 

[absalom]

This is what I get.... im just draGGING THE SCRIPT ONTO the icon of ComboFix on my desktop.

ComboFix 15-03-25.01 - DIMITRIS 25/03/2015 14:11:42.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.1023.358 [GMT 2:00]
Running from: c:\users\DIMITRIS\Desktop\ComboFix.exe
Command switches used :: c:\users\DIMITRIS\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-02-25 to 2015-03-25 )))))))))))))))))))))))))))))))
.
.
2015-03-25 12:26 . 2015-03-25 12:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-25 12:26 . 2015-03-25 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-24 23:54 . 2014-09-17 09:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB2A24B6-04C4-4283-A744-E1948F64EE28}\gapaengine.dll
2015-03-24 23:42 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F58285B4-C92C-4F98-A378-9C6AC74555A0}\mpengine.dll
2015-03-24 20:26 . 2015-03-24 20:26 -------- d-----w- C:\found.006
2015-03-24 15:37 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-23 21:31 . 2015-03-23 21:31 -------- d-----w- C:\found.005
2015-03-23 07:52 . 2015-03-23 07:52 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-14 15:54 . 2015-03-23 08:15 -------- d-----w- c:\programdata\RogueKiller
2015-03-10 01:07 . 2015-03-10 01:13 -------- dc----w- C:\FRST
2015-03-09 16:34 . 2015-03-09 16:34 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys
2015-03-09 16:34 . 2015-03-09 16:34 11440 ----a-w- c:\windows\system32\drivers\vmmouse.sys
2015-03-09 16:34 . 2015-03-09 16:34 143344 ----a-w- c:\windows\system32\drivers\vmhgfs.sys
2015-03-09 16:34 . 2015-03-09 16:34 98928 ----a-w- c:\windows\system32\drivers\vmci.sys
2015-03-09 16:34 . 2015-03-09 16:34 25136 ----a-w- c:\windows\system32\drivers\vmaudio.sys
2015-03-09 16:34 . 2015-03-09 16:34 107120 ----a-w- c:\windows\system32\drivers\vm3dmp.sys
2015-03-09 16:34 . 2015-03-09 16:34 386616 ----a-w- c:\windows\system32\drivers\MegaSR.sys
2015-03-09 16:34 . 2015-03-09 16:34 6656 ----a-w- c:\windows\system32\drivers\errdev.sys
2015-03-09 16:34 . 2015-03-09 16:34 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2015-03-09 16:34 . 2015-03-09 16:34 45568 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2015-03-09 16:34 . 2015-03-09 16:34 -------- d-----w- c:\windows\system32\SPReview
2015-03-09 16:34 . 2015-03-09 16:34 386464 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll
2015-03-09 16:30 . 2015-03-09 16:30 484192 ----a-w- c:\windows\system32\TPSvc.dll
2015-03-09 16:30 . 2015-03-09 16:30 144664 ----a-w- c:\windows\system32\tprdpw32.dll
2015-03-09 16:30 . 2015-03-09 16:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2015-03-09 16:30 . 2015-03-09 16:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2015-03-09 16:30 . 2015-03-09 16:30 17408 ----a-w- c:\windows\system32\corpol.dll
2015-03-09 16:15 . 2015-03-09 16:15 -------- d-----w- c:\programdata\Weskysoft
2015-03-07 12:59 . 2015-03-07 12:59 -------- d-----w- c:\program files\Common Files\Java
2015-03-03 18:47 . 2015-03-03 18:47 114904 ----a-w- c:\windows\system32\drivers\50515F29.sys
2015-02-28 21:49 . 2015-02-28 21:49 114904 ----a-w- c:\windows\system32\drivers\59B37FEE.sys
2015-02-23 20:04 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 12:03 . 2015-02-21 22:23 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-03-17 04:15 . 2015-02-21 22:31 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 04:15 . 2015-02-21 22:31 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 04:15 . 2015-02-21 22:20 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-07 12:55 . 2015-02-18 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-03 04:50 . 2009-10-03 09:57 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-22 18:14 . 2015-02-22 18:14 215475 ----a-w- c:\windows\oem_uninst.exe
2015-02-22 03:26 . 2015-02-22 02:03 181064 ----a-w- c:\windows\PSEXESVC.EXE
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2015-02-17 22:26 . 2014-01-12 10:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 22:26 . 2014-01-12 10:13 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-15 04:13 . 2015-02-23 01:22 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-14 01:49 . 2015-02-22 18:36 367104 ----a-w- c:\windows\system32\html.iec
2015-01-14 01:42 . 2015-02-22 18:36 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-01-14 01:42 . 2015-02-22 18:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-14 01:41 . 2015-02-22 18:36 421376 ----a-w- c:\windows\system32\vbscript.dll
2015-01-14 01:41 . 2015-02-22 18:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-14 01:40 . 2015-02-22 18:36 11776 ----a-w- c:\windows\system32\mshta.exe
2015-01-14 01:40 . 2015-02-22 18:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-13 01:39 . 2015-02-23 01:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-09 00:20 . 2015-02-23 01:43 2063360 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-12 4186112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2013-01-31 2859296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 978520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-04 23:01 4489472 ----a-w- c:\users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSIDLL"=rundll32.exe msiwtl32.dll,ilveTqIxD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-12 22:26]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.pctools.com/mrc/fix_homepage/
mSearchURL = hxxp://www.Google.com/
TCP: Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
FF - ProfilePath - c:\users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-25 14:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CD6E2E5-6388-3395-55F1-28F39FA6F24A}*]
@Allowed: (Read) (RestrictedCode)
"gafmglfkpiibke"=hex:61,63,63,6c,61,63,68,6b,64,63,66,68,64,6a,65,6b,61,70,64,
6a,6d,69,63,61,66,6e,66,61,64,69,68,6b,66,6d,6a,6a,61,67,64,63,70,63,6b,67,\
.
[HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2015-03-25 14:32:45
ComboFix-quarantined-files.txt 2015-03-25 12:32
ComboFix2.txt 2015-03-24 15:36
ComboFix3.txt 2015-03-23 23:33
.
Pre-Run: 34 Κατάλογοι 121.075.671.040 διαθέσιμα byte
Post-Run: 36 Κατάλογοι 121.050.324.992 διαθέσιμα byte
.
- - End Of File - - DDEA0F4220B8BCAB50DEE06E4F10B3BE
5C616939100B85E558DA92B899A0FC36

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST) you ran at the very beginning of this topic.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[absalom]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by DIMITRIS (administrator) on YPOLOGISTIS on 25-03-2015 20:54:57
Running from C:\Users\DIMITRIS\Downloads
Loaded Profiles: DIMITRIS & UpdatusUser (Available profiles: DIMITRIS & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}\setup.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4186112 2006-12-12] (Realtek Semiconductor)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\MountPoints2: {c9bc8e9e-9912-11db-b22c-001a4d81c564} - F:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
ShortcutTarget: setup.lnk -> C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}\setup.exe ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quest.gr
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...HP=http://start.funmoods.com/?f=1&a=make&OSP=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {2712AFFD-EC40-4303-B561-9BFBE0D0D619} URL = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/el-gr/wlscctrl2.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\..\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-18] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Zoom It - C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\Extensions\{392499a4-ec30-c6e4-0ef2-ceb40d74b8b6} [2015-03-25]
FF Extension: Adblock Plus - C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Google Docs) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (YouTube) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (Adblock Plus) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (Google Search) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Sheets) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Tab Activate) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj [2015-02-20]
CHR Extension: (Google Wallet) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Gmail) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.omniboxes.com/?type=sc&t...d=WDCXWD2500AAKX-00ERMA0_WD-WCC2EYD0520405204

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1087792 2014-05-22] (Flexera Software LLC)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-19] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2014-01-13] (AVG Technologies)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [32256 2005-05-10] (B.H.A Corporation) [File not signed]
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [23168 2007-08-08] (eMPIA Technology, Inc.)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [38240 2009-05-14] (ESET)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
S3 gdrv; C:\Windows\gdrv.sys [14656 2010-06-13] (Windows (R) Codename Longhorn DDK provider)
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [16968 2010-07-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl8569dafe; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0AECE39-17D5-4524-A2DB-002733F60623}\MpKsl8569dafe.sys [39464 2015-03-25] (Microsoft Corporation)
S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [6656 2008-01-19] (Microsoft Corporation)
S3 Mtlmnt5; C:\Windows\System32\DRIVERS\SLDRV\Mtlmnt5.sys [237616 2005-05-11] ( )
S3 Mtlstrm; C:\Windows\System32\DRIVERS\SLDRV\Mtlstrm.sys [1464848 2005-05-11] ( )
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [237632 2010-08-18] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [656320 2010-07-16] (PC Tools)
R0 RecAgent; C:\Windows\System32\DRIVERS\SLDRV\RecAgent.sys [14680 2005-05-11] ( )
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [26976 2014-05-22] (Feitian Technologies Co., Ltd.)
S3 Slntamr; C:\Windows\System32\DRIVERS\SLDRV\slntamr.sys [698848 2005-05-11] ( )
S3 SlNtHal; C:\Windows\System32\DRIVERS\SLDRV\Slnthal.sys [101328 2005-05-11] ( )
S3 SlWdmSup; C:\Windows\System32\DRIVERS\SLDRV\SlWdmSup.sys [13248 2005-05-11] ( )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-26] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25472 2009-07-15] (The OpenVPN Project)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\Users\DIMITRIS\AppData\Local\Temp\catchme.sys [X]
U5 eamon; C:\Windows\System32\Drivers\eamon.sys [114472 2009-05-14] (ESET)
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
U5 epfw; C:\Windows\System32\Drivers\epfw.sys [133000 2009-05-14] (ESET)
S3 GVCplDrv; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S1 rdkqmvvv; \??\C:\Windows\system32\drivers\rdkqmvvv.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S0 TfFsMon; No ImagePath
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; No ImagePath
S1 uumradln; \??\C:\Windows\system32\drivers\uumradln.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 20:54 - 2015-03-25 20:54 - 00000000 ____D () C:\Users\DIMITRIS\Downloads\FRST-OlderVersion
2015-03-25 19:12 - 2015-03-25 19:12 - 02168320 _____ () C:\Users\DIMITRIS\Downloads\adwcleaner_4.113.exe
2015-03-25 19:02 - 2015-03-25 19:06 - 00000000 ____D () C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}
2015-03-25 18:34 - 2015-03-25 19:00 - 00000000 ____D () C:\Users\DIMITRIS\Downloads\ghgjhkjgkjgkjgkjgkjgkgkj
2015-03-25 18:09 - 2015-03-25 18:09 - 00000000 ____D () C:\ProgramData\11321316169410382761
2015-03-25 18:07 - 2015-03-25 18:11 - 00000000 ____D () C:\ProgramData\{af6161df-9181-6de8-af61-161df918877e}
2015-03-25 17:59 - 2015-03-25 18:02 - 00000000 ____D () C:\Program Files\PCFixKit
2015-03-25 17:59 - 2015-03-25 17:59 - 00000722 _____ () C:\Users\DIMITRIS\Desktop\PCFixKit.lnk
2015-03-25 17:59 - 2015-03-25 17:59 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\PCFixKit
2015-03-25 17:59 - 2015-03-25 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCFixKit
2015-03-25 17:58 - 2015-03-25 17:58 - 02241760 _____ (www.PCFixKit.com ) C:\Users\DIMITRIS\Downloads\PCFixKit_Setup.exe
2015-03-25 17:34 - 2015-03-25 17:34 - 00000000 ____H () C:\Users\DIMITRIS\Documents\Default.rdp
2015-03-25 14:32 - 2015-03-25 14:32 - 00014551 ____C () C:\ComboFix.txt
2015-03-25 14:08 - 2015-03-25 14:32 - 00000000 ___DC () C:\ComboFix
2015-03-25 14:02 - 2015-03-25 14:02 - 00000212 _____ () C:\Users\DIMITRIS\Desktop\Ψηφιακά Εκπαιδευτικά Βοηθήματα.URL
2015-03-24 22:27 - 2015-03-24 22:27 - 00004918 ____N () C:\bootex.log
2015-03-24 22:26 - 2015-03-24 22:26 - 00000000 ____D () C:\found.006
2015-03-24 01:03 - 2015-03-25 14:32 - 00000000 ___DC () C:\Qoobox
2015-03-24 01:03 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-24 01:03 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-24 01:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-24 01:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-24 01:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-24 01:03 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-24 01:03 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-24 01:03 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-24 01:01 - 2015-03-24 01:29 - 00000000 ____D () C:\Windows\erdnt
2015-03-24 00:21 - 2015-03-25 14:06 - 05615749 ____R (Swearware) C:\Users\DIMITRIS\Desktop\ComboFix.exe
2015-03-23 23:31 - 2015-03-23 23:31 - 00000000 ____D () C:\found.005
2015-03-23 11:02 - 2015-03-23 11:02 - 00001109 _____ () C:\Users\DIMITRIS\Desktop\DEYTERO MALWAREBYTES.txt
2015-03-23 09:52 - 2015-03-23 09:52 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-23 09:50 - 2015-03-23 09:50 - 16727128 _____ () C:\Users\DIMITRIS\Downloads\RogueKiller.exe
2015-03-22 16:46 - 2015-03-22 16:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-21 12:01 - 2015-03-21 12:02 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Νέος φάκελος (4)
2015-03-20 23:02 - 2015-03-20 23:04 - 01054912 _____ (Adobe) C:\Users\DIMITRIS\Downloads\install_flashplayer17x32au_mssd_awc_aih.exe
2015-03-16 13:40 - 2015-03-16 13:40 - 00001067 _____ () C:\Users\DIMITRIS\Downloads\scan mbam(1).txt
2015-03-16 13:39 - 2015-03-16 13:39 - 00001067 _____ () C:\Users\DIMITRIS\Downloads\scan mbam.txt
2015-03-16 13:29 - 2015-03-16 13:29 - 00001061 ____C () C:\mbam3.txt
2015-03-16 13:28 - 2015-03-16 13:28 - 00001093 ____C () C:\mbam2.txt
2015-03-15 01:47 - 2015-03-15 01:48 - 05139710 _____ () C:\Users\DIMITRIS\Downloads\0001-Install_Win8_8.1_Win7_Vista_6112_03122014.zip
2015-03-14 23:45 - 2015-03-14 23:45 - 01388333 _____ (Thisisu) C:\Users\DIMITRIS\Desktop\JRT.exe
2015-03-14 23:43 - 2015-03-14 23:44 - 02171392 _____ () C:\Users\DIMITRIS\Desktop\adwcleaner_4.112.exe
2015-03-14 21:36 - 2015-03-14 21:36 - 05882936 _____ (Lenovo Group Limited ) C:\Users\DIMITRIS\Downloads\a4etn05us17.exe
2015-03-14 17:54 - 2015-03-23 10:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-10 03:12 - 2015-03-10 03:14 - 00047114 _____ () C:\Users\DIMITRIS\Downloads\Addition.txt
2015-03-10 03:09 - 2015-03-25 20:56 - 00017718 _____ () C:\Users\DIMITRIS\Downloads\FRST.txt
2015-03-10 03:07 - 2015-03-25 20:55 - 00000000 ___DC () C:\FRST
2015-03-10 02:56 - 2015-03-25 20:54 - 01135104 ____C (Farbar) C:\Users\DIMITRIS\Downloads\FRST.exe
2015-03-09 18:34 - 2015-03-09 18:34 - 00386616 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00143344 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmhgfs.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00107120 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vm3dmp.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00098928 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00063920 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx_svga.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00025136 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmaudio.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00014208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00011440 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmmouse.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00000000 ____D () C:\Windows\system32\SPReview
2015-03-09 18:31 - 2015-03-09 18:31 - 03223152 _____ (VMware, Inc.) C:\Windows\system32\vm3dgl.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00219248 _____ (VMware, Inc.) C:\Windows\system32\vm3dum.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00173232 _____ (VMware, Inc.) C:\Windows\system32\vmx_fb.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00111912 _____ (ThinPrint AG) C:\Windows\system32\TPVMW32.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00079176 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUI.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00063088 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\WsmProv.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00053360 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLib.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00050800 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00034416 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLibJava.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00023904 _____ (ThinPrint AG) C:\Windows\system32\TPVMMondeu.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00016432 _____ (VMware, Inc.) C:\Windows\system32\vmx_mode.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00009576 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonjpn.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00009072 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUIjpn.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00009064 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUIdeu.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\WsmCl.dll
2015-03-09 18:30 - 2015-03-09 18:31 - 00316736 _____ (ThinPrint AG) C:\Windows\system32\TPVMMon.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00484192 _____ (ThinPrint AG) C:\Windows\system32\TPSvc.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00144664 _____ (ThinPrint AG) C:\Windows\system32\tprdpw32.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\extmgr.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-03-09 18:15 - 2015-03-09 18:15 - 00000000 ____D () C:\ProgramData\Weskysoft
2015-03-08 17:07 - 2015-03-09 21:16 - 00001155 _____ () C:\Windows\setupact.log
2015-03-08 17:07 - 2015-03-09 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-07 18:23 - 2015-03-07 18:23 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Νέος φάκελος (3)
2015-03-07 15:25 - 2015-03-07 15:25 - 00000104 _____ () C:\Users\DIMITRIS\Desktop\Ιnternet - Συντόμευση.lnk
2015-03-07 14:59 - 2015-03-07 14:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-03 20:47 - 2015-03-03 20:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\50515F29.sys
2015-02-28 23:49 - 2015-02-28 23:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\59B37FEE.sys
2015-02-28 21:27 - 2015-02-28 21:27 - 00000219 _____ () C:\Users\DIMITRIS\Desktop\Η Β ι β λ ι ο θ η κ η μ ο υ.URL
2015-02-23 22:04 - 2015-01-23 05:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-23 22:04 - 2015-01-23 04:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-23 04:20 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-23 04:20 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-23 04:20 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-23 04:19 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-23 04:14 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-23 03:59 - 2014-08-27 02:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-23 03:59 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-23 03:58 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-23 03:58 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-23 03:53 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-23 03:45 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-23 03:44 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-23 03:44 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-23 03:44 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-23 03:44 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-23 03:43 - 2015-01-09 02:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-23 03:40 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-23 03:40 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-23 03:40 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-23 03:28 - 2015-01-13 03:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-23 03:27 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-23 03:27 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-23 03:22 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-23 03:22 - 2014-12-03 04:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-23 03:22 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-23 03:10 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-23 03:09 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 20:33 - 2014-01-12 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 19:30 - 2014-01-13 23:00 - 01873830 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 19:24 - 2008-10-22 23:15 - 00016384 _____ () C:\Windows\system32\Ikeext.etl
2015-03-25 19:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 19:24 - 2006-11-02 14:47 - 00004560 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:24 - 2006-11-02 14:47 - 00004560 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:24 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-25 19:21 - 2006-11-02 15:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-25 19:20 - 2014-01-15 02:29 - 00000000 ___DC () C:\AdwCleaner
2015-03-25 19:20 - 2014-01-12 17:41 - 00000828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 19:20 - 2011-07-28 03:54 - 00000967 _____ () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:34 - 2015-02-20 22:14 - 00000000 ____D () C:\Program Files\Opera
2015-03-25 16:11 - 2015-02-22 00:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-03-25 14:52 - 2015-02-18 08:09 - 00019432 _____ () C:\Windows\PFRO.log
2015-03-25 14:26 - 2006-11-02 12:23 - 00000252 ____C () C:\Windows\system.ini
2015-03-24 01:33 - 2006-11-02 13:18 - 00000000 ____D () C:\Users\Public
2015-03-24 01:33 - 2006-11-02 13:18 - 00000000 ____D () C:\Users\Default
2015-03-23 23:24 - 2015-02-22 00:31 - 00000869 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-23 23:24 - 2015-02-22 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-23 23:24 - 2015-02-22 00:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-21 12:16 - 2014-05-27 13:28 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Panellhn gENIKA
2015-03-21 12:15 - 2013-05-29 13:46 - 00000000 ____D () C:\Users\DIMITRIS\Downloads\LHPSEIS
2015-03-17 06:15 - 2015-02-22 00:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2015-02-22 00:31 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2015-02-22 00:20 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 14:15 - 2015-02-21 04:29 - 00690486 _____ () C:\spyhunter.fix
2015-03-16 11:58 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\tracing
2015-03-14 20:43 - 2007-09-12 07:13 - 00000000 ____D () C:\Users\DIMITRIS
2015-03-14 20:43 - 2006-11-02 12:22 - 74186752 _____ () C:\Windows\system32\config\software_previous
2015-03-14 20:43 - 2006-11-02 12:22 - 47710208 _____ () C:\Windows\system32\config\components_previous
2015-03-14 20:43 - 2006-11-02 12:22 - 104333312 _____ () C:\Windows\system32\config\system_previous
2015-03-14 20:43 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-03-14 20:43 - 2006-11-02 12:22 - 00065536 _____ () C:\Windows\system32\config\sam_previous
2015-03-14 20:43 - 2006-11-02 12:22 - 00028672 _____ () C:\Windows\system32\config\security_previous
2015-03-14 20:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-03-13 21:11 - 2014-01-15 02:36 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Local\Adobe
2015-03-13 01:20 - 2014-03-19 06:27 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\ISTORIA
2015-03-12 04:09 - 2007-03-26 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 13:12 - 2010-10-04 18:16 - 02747172 _____ () C:\Windows\system32\Drivers\Cat.DB
2015-03-09 21:16 - 2011-11-20 05:19 - 00001905 _____ () C:\Windows\diagwrn.xml
2015-03-09 21:16 - 2011-11-20 05:19 - 00001905 _____ () C:\Windows\diagerr.xml
2015-03-08 16:58 - 2015-02-22 20:05 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2015-03-07 15:02 - 2015-02-18 18:56 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-07 14:55 - 2015-02-18 18:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-07 14:54 - 2014-10-16 11:37 - 00000000 ____D () C:\Program Files\Java
2015-03-05 13:22 - 2015-02-21 03:17 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\spyhunter
2015-03-05 13:22 - 2015-02-21 00:25 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Νέος φάκελος
2015-03-05 12:06 - 2007-03-26 18:17 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-03-03 20:51 - 2006-11-02 12:33 - 01720600 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 06:50 - 2009-10-03 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 03:20 - 2011-11-20 16:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-24 03:17 - 2012-07-21 18:06 - 00001796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 03:07 - 2011-11-20 16:51 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-23 05:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-02-23 04:48 - 2014-10-09 19:14 - 02536496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 04:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\el-GR

==================== Files in the root of some directories =======

2014-01-14 22:13 - 2014-01-14 22:14 - 0003701 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-01-13 21:38 - 2014-01-13 22:01 - 0003747 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\DIMITRIS\AppData\Roaming\CQJNUU
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ
2015-01-08 16:24 - 2015-02-20 21:32 - 0000115 _____ () C:\Users\DIMITRIS\AppData\Roaming\LogFile.txt
2014-06-23 03:38 - 2014-06-23 03:38 - 0029544 _____ () C:\Users\DIMITRIS\AppData\Roaming\UserTile.png
2014-01-30 13:33 - 2015-02-17 15:13 - 0000680 _____ () C:\Users\DIMITRIS\AppData\Local\d3d9caps.dat
2011-05-27 11:41 - 2011-06-01 12:19 - 0013896 _____ () C:\ProgramData\e53m0v5b47
2011-06-07 02:11 - 2011-06-07 02:11 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2009-10-20 05:05 - 2009-10-20 05:05 - 0184336 _____ () C:\ProgramData\Fast team team.13g7vk3
2009-08-13 21:15 - 2009-08-13 21:15 - 0217104 _____ () C:\ProgramData\Fast team team.25vmutn
2009-09-09 21:59 - 2009-09-09 21:59 - 0000016 _____ () C:\ProgramData\Fast team team.28214
2009-12-17 09:39 - 2009-12-17 09:39 - 0372752 _____ () C:\ProgramData\Fast team team.5g99lsa
2009-10-27 03:00 - 2009-10-27 03:00 - 0229392 _____ () C:\ProgramData\Fast team team.818arp4
2009-10-27 03:44 - 2009-10-27 03:44 - 0000000 _____ () C:\ProgramData\Fast team team.buqh87x
2009-10-20 05:05 - 2009-10-20 05:05 - 0110608 _____ () C:\ProgramData\Fast team team.cjpio63
2009-12-17 09:39 - 2009-12-17 09:39 - 0356368 _____ () C:\ProgramData\Fast team team.le9gb
2009-08-04 03:02 - 2009-08-04 03:02 - 0360464 _____ () C:\ProgramData\Fast team team.myh67jd
2009-10-27 03:22 - 2009-10-27 03:22 - 0094224 _____ () C:\ProgramData\Fast team team.rdal7a
2011-11-16 08:54 - 2011-11-16 08:58 - 0000432 _____ () C:\ProgramData\FAtywhGoBOpdzD
2015-02-21 04:03 - 2015-02-21 04:06 - 0000509 _____ () C:\ProgramData\hpzinstall.log
2012-07-20 13:01 - 2012-07-20 13:01 - 0000051 _____ () C:\ProgramData\ltqwjpgrmggwamq
2009-12-17 09:40 - 2009-12-17 09:40 - 0167952 _____ () C:\ProgramData\Memo Cake Bait.nreds8c
2011-11-16 08:56 - 2011-11-16 08:56 - 0000288 _____ () C:\ProgramData\~FAtywhGoBOpdzD
2011-11-16 08:56 - 2011-11-16 08:56 - 0000216 _____ () C:\ProgramData\~FAtywhGoBOpdzDr

Some content of TEMP:
====================
C:\Users\DIMITRIS\AppData\Local\Temp\dcfcabfcdej.exe
C:\Users\DIMITRIS\AppData\Local\Temp\Firmware__7123_il35546.exe
C:\Users\DIMITRIS\AppData\Local\Temp\Quarantine.exe
C:\Users\DIMITRIS\AppData\Local\Temp\row.exe
C:\Users\DIMITRIS\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 19:31

==================== End Of Log ============================

 

[absalom]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by DIMITRIS at 2015-03-25 20:56:35
Running from C:\Users\DIMITRIS\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-Click YouTube To MP3 Converter 2.2 (HKLM\...\1-Click YouTube To MP3 Converter_is1) (Version: - )
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ACID Xpress 7.0 (HKLM\...\{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}) (Version: 7.0.64 - Sony)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe Photoshop CS4_is1) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AIO_Scan (Version: 82.0.203.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CiD Help (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\play cash gram) (Version: - )
CiD Help (HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\play cash gram) (Version: - )
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DiscAPI (Studio 10) (Version: 2.10.0060 - Pinnacle Systems) Hidden
DJ_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DLL Suite 2013 (HKLM\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version: - )
Dropbox (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
E110 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 82.0.203.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FIFA 09 (HKLM\...\{2315B23D-3E21-4920-837D-AE6460934ECB}) (Version: 1.0.1.1 - Electronic Arts)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (HKLM\...\KB970892_SQL9) (Version: 9.3.4053 - Microsoft Corporation)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet All-In-One Software 8.0 (HKLM\...\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Επωνυμία Επιχείρησης)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LightScribe 1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware έκδοση 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 el) (HKLM\...\Mozilla Firefox 26.0 (x86 el)) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
Opera Stable 28.0.1750.48 (HKLM\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
PCFixKit 2.0 (HKLM\...\{08E486BC-850F-413A-B1D4-52CD42D411B3}_is1) (Version: - www.PCFixKit.com)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
phonostar-Player Version 2.01.4 (HKLM\...\phonostarRadioPlayer_is1) (Version: - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
RAPID (Studio 10) (Version: 1.00.0004 - Pinnacle Systems) Hidden
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Recover My Files (HKLM\...\Recover My Files_is1) (Version: 4.9.4.1343 - GetData Pty Ltd)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SketchUp 2014 (HKLM\...\{574C5F13-E589-493D-99A3-70B7D9E477BA}) (Version: 14.0.4900 - Trimble Navigation Limited)
SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Ενημερώσεις NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ell) (Version: - Microsoft Corporation)
Πίνακας Ελέγχου NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
Σύμβουλος αναβάθμισης των Windows Vista (HKLM\...\{11350FDD-AC14-476F-AE4C-C5DF6A14844B}) (Version: 1.0.4 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\DIMITRIS\Downloads\ghgjhkjgkjgkjgkjgkjgkgkj\setup.exe ()
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

03-03-2015 21:12:08 Windows Update
07-03-2015 17:09:38 Windows Update
08-03-2015 17:30:56 Windows Update
09-03-2015 15:36:03 Windows Update
12-03-2015 03:24:16 Πρόγραμμα εγκατάστασης λειτουργικών μονάδων των Windows
12-03-2015 03:49:03 Windows Update
24-03-2015 01:03:58 ComboFix created restore point
25-03-2015 18:36:10 Microsoft Antimalware Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-02-21 00:31 - 2015-03-24 01:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B8B7383-75CD-4720-9D89-472F943D4DE5} - System32\Tasks\{78874856-38EC-4C02-8840-3AA3ED78EEE2} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K6HH8XO\install_sbd_en[1].exe" -d C:\Users\DIMITRIS
Task: {0E955B03-BA21-4AAD-9118-91A7F89F7CC5} - System32\Tasks\{35A6DD0B-D370-4F3E-B756-8692753C84B1} => pcalua.exe -a "C:\Program Files\phpDesigner\unins000.exe"
Task: {1E7194C9-B6D4-49EE-BA52-D37EA52B0FFB} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {1FCFDBF9-BCBB-4A09-8944-15ACFF7E8343} - System32\Tasks\Java => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {25057D49-E4A4-45D7-B6AD-A8D41691E294} - System32\Tasks\{2D3D0F93-D188-4E2F-8B88-83943467BDFE} => Firefox.exe http://ui.skype.com/ui/0/6.22.0.107/el/abandoninstall?page=tsProgressBar
Task: {25DF4AE0-0D01-4ECF-9B48-74A8C7CA5ABE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {280625D5-4811-4FFE-86BC-0721711D87E9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: {29650556-BC38-4BEF-A496-616FBA86F9D6} - System32\Tasks\{6785AF2F-F4CA-4FEA-AC1E-57F95208C7BA} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {2BECAE92-8DA1-41BE-9207-109D3F0A74D1} - System32\Tasks\{E3D72A18-7278-445B-AF82-5E07C08D00C1} => pcalua.exe -a "c:\program files\real\realplayer\\RealPlay.exe" -d "C:\Program Files\Mozilla Firefox" -c "C:\Users\DIMITRIS\AppData\Local\Temp\videosz-deep-oral-ladies-2-82.mpg"
Task: {300D618F-2BB9-4E62-AA37-7161ADD27C36} - System32\Tasks\{1801F864-3962-416B-8A3D-053B021AA018} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[2].exe" -d C:\Windows\system32
Task: {41010679-0E8C-4DA7-854B-E160249CCF42} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10] (Hewlett-Packard Co.)
Task: {450F68C6-CAF6-4256-833C-A42A7482A336} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {52D3AC25-C68F-4B22-9EA5-6047311E0FEE} - System32\Tasks\{63C7AD5B-7669-40BB-9277-53BEC7388EAE} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWS4FID1\NOF-Essentials[1].exe" -d C:\Users\DIMITRIS\Desktop
Task: {5307BD4F-EC33-4A72-BDBD-DFF22B7252AF} - System32\Tasks\{19E220FB-999C-4A4E-B8B0-7C9AFE2EB491} => pcalua.exe -a D:\setup.exe -d D:\
Task: {53F8D33B-ABD6-41FF-B8E3-CD67991402F1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: {54E1965B-851C-4FB4-A9D9-D49FF168C4F9} - System32\Tasks\{708B35DD-72EE-46AC-A360-9BA97D262F60} => pcalua.exe -a C:\PROGRA~1\SPINSO~1\GLOSSO~1\GlossoMatheia.exe -d C:\Users\DIMITRIS\Downloads -c C:\Users\DIMITRIS\Downloads\Ασκήσεις ΑΕΠΠ - Εθνικότητες Ισπανίας.psc
Task: {57A06A2B-3142-41F4-9DB3-955440E8CFFC} - System32\Tasks\{B2C67E3D-E4A5-4C3F-87E1-BE4485F7B7A8} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D9EXU2F\NOF-Essentials[1].exe" -d C:\Users\DIMITRIS
Task: {589662FF-B3C2-49DA-8BB6-A73431248A4D} - System32\Tasks\{88432499-D3E3-4DD9-8D64-394053ED4781} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\FIFA 09_uninst.exe" -d "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support"
Task: {61FBCEDB-E894-404B-8288-9BE482EE6604} - System32\Tasks\Real Networks Scheduler => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Task: {6DFB832D-BECB-40DB-A3F7-25BA881ADD38} - System32\Tasks\{2BFBB7F9-E810-4EDB-A18D-76C5FBD930B3} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM7DJPIA\download[1].exe" -d C:\Windows\system32
Task: {71B35727-B610-4A9C-BC5B-B4BCFAB14B73} - System32\Tasks\{3D253D9D-87B4-404B-9D27-3AA7E6C9B896} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Task: {72D89400-5324-479A-B398-421FBCE2DA78} - System32\Tasks\{BFA9979A-3F6A-4E55-B662-318694509CEA} => pcalua.exe -a C:\Users\DIMITRIS\Downloads\win_spy_software_8_3_crack_by_ACME.exe -d C:\Users\DIMITRIS\Downloads
Task: {73E2A2F2-AEA4-46F5-B526-057EBB9384D2} - System32\Tasks\{D42CBAD5-095A-431B-93A0-D6D7D8B40E75} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM7DJPIA\InstallPool[3].exe" -d C:\Windows\system32
Task: {791CE9FB-A258-434F-8711-E1A3D5C96831} - System32\Tasks\{71CC04EF-9D77-42DA-958D-4992B5B26032} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D9EXU2F\acidxpress70_enu[1].exe" -d C:\Users\DIMITRIS
Task: {80AC2723-95EA-4ADD-B7AE-A645CAD596ED} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {82FD057A-37B8-4D2E-A3CB-100E3978D17E} - System32\Tasks\{C2C5A4C4-0466-40D8-8A55-3F7B0C01B7C7} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[8].exe" -d C:\Windows\system32
Task: {8F4C1F93-D407-4CFC-924B-802321B3D1C8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {90A1174B-045B-4CFE-BB8E-7E673856A6A2} - System32\Tasks\{6442D402-4704-4B61-82AC-9CE006ED7F6D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2QI9UFT\Russian_League_08_eng[1].exe" -d C:\Users\DIMITRIS
Task: {9309190F-6928-44A2-8161-3930B48B6897} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe
Task: {99C6F52E-E7D9-4E68-A1A5-9817D08BAA75} - System32\Tasks\{0283EBCB-A8E9-44C2-A9CD-B7630831E256} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\Profes.sayt.za.7_chasov.2010\Paket\Expansions\joomla &amp; Danwer\DENWER_3.0\Denwer3_Base_2008-01-13_a2.2.4_p5.2.4_m5.0.45_pma2.6.1.exe" -d "C:\Users\DIMITRIS\Desktop\Profes.sayt.za.7_chasov.2010\Paket\Expansions\joomla &amp; Danwer\DENWER_3.0"
Task: {9CD2AD55-C8D0-497E-A4AA-131DE9E76C17} - System32\Tasks\Opera scheduled Autoupdate 1424463335 => C:\Program Files\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {A1065142-D339-4463-AAE3-B442052305EE} - System32\Tasks\{87A39743-58BA-43C6-82FF-DE0EAAD41E77} => pcalua.exe -a C:\Users\DIMITRIS\Downloads\PoolSharksInstaller.exe -d C:\Windows\system32
Task: {A8F36AC8-5062-4B7A-A33E-EF4364070E8D} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AB642975-7363-4B11-993A-B64F34966F2B} - System32\Tasks\{50C1F4D8-A8FD-4560-B64C-BC995389E020} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\EADM\eadm-installer.exe" -d "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\EADM"
Task: {B1DD67FE-E564-4065-ADDC-579ACAEEE406} - System32\Tasks\{69F6188A-614E-4C87-B799-C54B3FCEF72A} => pcalua.exe -a C:\Users\DIMITRIS\Desktop\Fifa.00.FO.Max.Payne\Fifa.00.FO.Max.Payne\KUR.EXE -d C:\Users\DIMITRIS\Desktop\Fifa.00.FO.Max.Payne\Fifa.00.FO.Max.Payne
Task: {B7BBA1C2-AB70-4B4F-916A-3A070A70424B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B985DF40-BEB3-489E-A8C1-E99D21D0B42B} - System32\Tasks\{CD7F8248-4F69-4057-B789-FA65A3D5EFE5} => pcalua.exe -a C:\Windows\system32\QuickTime.cpl
Task: {C117D1EC-DD26-4ED6-9DB9-DE1CF04D5ABC} - System32\Tasks\{E04A8E6C-DBA2-45F6-BDE7-C732D3E32D2D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSIXJ3XF\MP10Setup[1].exe" -d C:\Windows\system32
Task: {C4408D8A-EED0-4C78-BCBA-9E948D5F0BC4} - System32\Tasks\{2AA1F964-B391-4D33-86E2-FCA69F7AB8C5} => pcalua.exe -a "D:\Support\FIFA 08_uninst.exe" -d D:\Support
Task: {C70FAC1C-9566-41EC-801B-96163BB59190} - System32\Tasks\{9E3488DB-27ED-4D6C-BED9-DA03457D27E4} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\PoolStars-0.49.533b[3].exe" -d C:\Windows\system32
Task: {CC9920F7-75DA-4FBF-86F3-8AC67CC6CA4C} - System32\Tasks\{26CFDCAB-2177-4AD9-A7A1-4DA727B967AA} => Firefox.exe http://ui.skype.com/ui/0/6.22.0.107/el/abandoninstall?page=tsProgressBar
Task: {D05325F5-4A61-4763-9781-3EE8764E69BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {D114702D-DFD6-4EDD-A48A-834C2CC4F781} - System32\Tasks\{765D0C1F-A816-4B41-9D0D-400110674A0D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z7MWE56\InstallPool[6].exe" -d C:\Windows\system32
Task: {D7D2F0AB-E41B-4ADF-BB7F-51307CBAAE12} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {E15E8E01-F438-44B3-B786-AB0C47409013} - System32\Tasks\{C208D0B2-3436-4300-B551-38E06B32B2BB} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[4].exe" -d C:\Windows\system32
Task: {E1E46532-6DED-4A39-8367-7DA4003F9835} - System32\Tasks\{040B2AE7-1BD5-4711-B723-92DDC9C00643} => pcalua.exe -a "C:\Program Files\EA SPORTS\FIFA 06 Demo\EAUninstall.exe"
Task: {E28DF6B5-7CDB-4BE5-9450-9FD8C0212774} - System32\Tasks\{B42D819C-539A-4833-9CAF-924F7EED74F6} => Firefox.exe http://ui.skype.com/ui/0/5.8.0.158/el/go/help.faq.installer?LastError=1618
Task: {E516394F-86E8-4EA6-9AC4-87785942812A} - System32\Tasks\{341B4881-EAD5-4FDE-A0E1-99B320F1E1C4} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\FIFA 09_uninst.exe" -d "C:\Users\DIMITRIS\Desktop\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support"
Task: {E523E7EC-C995-46F5-82BE-70EE03F004E6} - System32\Tasks\{AADD312E-1829-405D-B3DC-B115D3D8DE7B} => pcalua.exe -a D:\Run.exe -d D:\
Task: {E5AC0C8E-90C9-411F-85EC-05138BAE4373} - System32\Tasks\Vista Task Low => c:\Program Files\RealArcade\RealArcade.exe
Task: {E7E335E9-0757-43E3-A40E-58BEEF23C92A} - System32\Tasks\{30800A88-7219-42D7-82C7-F74E35F76DCA} => pcalua.exe -a C:\PROGRA~1\PROGES~1\PROGEC~1\UNWISE.EXE -c "C:\PROGRA~1\PROGES~1\PROGEC~1\install.log"
Task: {E92CC64D-50EE-4CE3-A427-6457F75F209E} - System32\Tasks\{37518E1C-7463-4B18-8D25-78E174B4D33C} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM8LWUPF\InstallPool[3].exe" -d C:\Windows\system32
Task: {E9CC0597-E431-4AD5-A4EA-F47729DD399E} - System32\Tasks\{0BA59934-72DD-41D7-93FF-EC84A6D93574} => pcalua.exe -a C:\Windows\IsUn0408.exe -d C:\Windows -c -f"C:\Program Files\EA SPORTS\FIFA 2000\uninst.log"
Task: {EC288708-0985-4E11-9A28-2058A6F219F6} - System32\Tasks\{D3395A30-5EA2-4EEE-A60A-10D53E8FBFE6} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe" -c /M{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF} /Z"UNINSTALL"
Task: {F93D1355-371E-4B56-BFEA-4356664BC957} - System32\Tasks\{E1C8F1F6-4E8A-4814-BBD5-46E7D2E06700} => pcalua.exe -a C:\Users\DIMITRIS\Desktop\rzr-fa10\Setup.exe -d C:\Users\DIMITRIS\Desktop\rzr-fa10
Task: {FA1682C6-1859-4B22-B828-248D3199CEEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-18] (Adobe Systems Incorporated)
Task: {FA309EBC-7CE7-4D6D-B3AA-3675143F9229} - System32\Tasks\{A285CDA4-4C4D-41FA-B039-923368F0E864} => pcalua.exe -a C:\Windows\iun3404.exe -c C:\Program Files\Fifa 2000
Task: {FA57AD51-4CAE-4608-B2A1-CCD837E2BD36} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - DIMITRIS => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {FA84D65B-64F0-45F2-AE30-CD66600B84E6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe
Task: {FC26C03E-B848-4B03-B35B-A41044FD1A3F} - System32\Tasks\{F47EBF87-663C-4E62-8243-24679E46A372} => pcalua.exe -a C:\Windows\unvise32qt.exe -d C:\Windows -c C:\Windows\system32\QUICKT~1\UNINST~1.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2012-04-02 07:16 - 2008-09-09 10:01 - 00283680 _____ () C:\Windows\System32\prntjpg.dll
2015-03-25 19:02 - 2015-03-25 19:02 - 00482304 _____ () C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}\setup.exe
2007-01-02 20:38 - 2007-01-02 20:38 - 00065536 _____ () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2007-01-02 20:38 - 2007-01-02 20:38 - 00077824 _____ () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:63238B95
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO - Guitarra Flamenca paso a paso Vol 3.mpg:TOC.WMV
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol1.mpg:TOC.WMV
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol2.mpg:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img7.jpg
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4062343756-1977868193-1024004534-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4062343756-1977868193-1024004534-1003 - Limited - Enabled)
DIMITRIS (S-1-5-21-4062343756-1977868193-1024004534-1001 - Administrator - Enabled) => C:\Users\DIMITRIS
Guest (S-1-5-21-4062343756-1977868193-1024004534-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-4062343756-1977868193-1024004534-1008 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: (MOBILE ASSIST)Realtek RTL8139/810x Family Fast Ethernet NIC
Description: (MOBILE ASSIST)Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 07:24:35 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/25/2015 07:24:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0x9a0, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

Error: (03/25/2015 07:05:39 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/25/2015 07:05:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0x98c, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

Error: (03/25/2015 06:36:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Σφάλμα της υπηρεσίας σκιωδών αντιγράφων τόμου: Μη αναμενόμενο σφάλμα κατά την αναζήτηση της διασύνδεσης IVssWriterCallback. hr = 0x80070005.
Αυτό συχνά προκαλείται από λανθασμένες ρυθμίσεις ασφαλείας κατά τη διεργασία εγγραφής ή αίτησης.


Λειτουργία:
Συγκέντρωση δεδομένων συσκευής εγγραφής

Περιβάλλον:
Αναγνωριστικό κλάσης συσκευής εγγραφής: {e8132975-6f93-4464-a53e-1050253ae220}
Όνομα συσκευής εγγραφής: System Writer
Αναγνωριστικό παρουσίας συσκευής εγγραφής: {2c46188a-8faa-448e-b029-47666ea31cf1}

Error: (03/25/2015 06:34:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Δεν ήταν δυνατή η ενημέρωση της καταχώρησης <C:\USERS\DIMITRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NA8NAJAP.DEFAULT\SAFEBROWSING> στο χάρτη κατακερματισμού.

Περιβάλλον: Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
Μια συσκευή που είναι συνδεδεμένη με το σύστημα δεν λειτουργεί. (0x8007001f)

Error: (03/25/2015 06:34:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Δεν ήταν δυνατή η ενημέρωση της καταχώρησης <C:\USERS\DIMITRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NA8NAJAP.DEFAULT\SAFEBROWSING> στο χάρτη κατακερματισμού.

Περιβάλλον: Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
Μια συσκευή που είναι συνδεδεμένη με το σύστημα δεν λειτουργεί. (0x8007001f)

Error: (03/25/2015 06:34:18 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Δεν ήταν δυνατή η ενημέρωση της καταχώρησης <C:\USERS\DIMITRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NA8NAJAP.DEFAULT\EXTENSIONS\STAGED> στο χάρτη κατακερματισμού.

Περιβάλλον: Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
Μια συσκευή που είναι συνδεδεμένη με το σύστημα δεν λειτουργεί. (0x8007001f)

Error: (03/25/2015 06:22:00 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/25/2015 06:21:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0x9b8, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.


System errors:
=============
Error: (03/25/2015 07:29:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (03/25/2015 07:26:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: TfFsMon
TfSysMon

Error: (03/25/2015 07:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server VSS Writer1

Error: (03/25/2015 07:26:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SQL Server (SQLEXPRESS)%%1053

Error: (03/25/2015 07:26:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000SQL Server (SQLEXPRESS)

Error: (03/25/2015 07:21:30 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update

Error: (03/25/2015 07:11:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: NVIDIA Update Service Daemon

Error: (03/25/2015 07:06:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: TfFsMon
TfSysMon

Error: (03/25/2015 07:06:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server VSS Writer1

Error: (03/25/2015 07:06:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SQL Server (SQLEXPRESS)%%1053


Microsoft Office Sessions:
=========================
Error: (11/29/2010 04:03:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1818 seconds with 360 seconds of active time. This session ended with a crash.

Error: (10/29/2010 05:15:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3341 seconds with 1380 seconds of active time. This session ended with a crash.

Error: (10/28/2010 07:43:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 924 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/27/2010 07:33:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1104 seconds with 180 seconds of active time. This session ended with a crash.

Error: (10/27/2010 07:05:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5901 seconds with 3720 seconds of active time. This session ended with a crash.

Error: (11/10/2009 08:59:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 229 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/14/2009 06:18:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3703 seconds with 2580 seconds of active time. This session ended with a crash.

Error: (08/27/2009 02:45:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/25/2009 03:22:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 10680 seconds with 6720 seconds of active time. This session ended with a crash.

Error: (07/14/2009 11:38:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-03-25 20:56:23.696
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:56:23.477
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:56:23.243
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:56:22.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:56:22.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:56:22.339
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:56:22.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:56:21.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:55:50.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 20:55:50.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 1022.83 MB
Available physical RAM: 493.28 MB
Total Pagefile: 2307.82 MB
Available Pagefile: 1411.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.27 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:232.88 GB) (Free:111.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 41112F68)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[absalom]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by DIMITRIS at 2015-03-26 10:32:13 Run:1
Running from C:\Users\DIMITRIS\Desktop
Loaded Profiles: DIMITRIS & UpdatusUser (Available profiles: DIMITRIS & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\MountPoints2: {c9bc8e9e-9912-11db-b22c-001a4d81c564} - F:\LaunchU3.exe
Startup: C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
ShortcutTarget: setup.lnk -> C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}\setup.exe ()
C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk
C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {2712AFFD-EC40-4303-B561-9BFBE0D0D619} URL = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.omniboxes.com/?type=sc&t...d=WDCXWD2500AAKX-00ERMA0_WD-WCC2EYD0520405204
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2014-01-13] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
C:\Windows\System32\DRIVERS\ehdrv.sys
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [38240 2009-05-14] (ESET)
C:\Windows\System32\DRIVERS\epfwwfp.sys
S3 catchme; \??\C:\Users\DIMITRIS\AppData\Local\Temp\catchme.sys [X]
U5 eamon; C:\Windows\System32\Drivers\eamon.sys [114472 2009-05-14] (ESET)
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
U5 epfw; C:\Windows\System32\Drivers\epfw.sys [133000 2009-05-14] (ESET)
S3 GVCplDrv; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S1 rdkqmvvv; \??\C:\Windows\system32\drivers\rdkqmvvv.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S0 TfFsMon; No ImagePath
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; No ImagePath
S1 uumradln; \??\C:\Windows\system32\drivers\uumradln.sys [X]
C:\Windows\System32\Drivers\eamon.sys
C:\Windows\System32\Drivers\epfw.sys
2014-01-14 22:13 - 2014-01-14 22:14 - 0003701 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-01-14 22:13 - 2014-01-14 22:14 - 0003701 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-01-13 21:38 - 2014-01-13 22:01 - 0003747 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\DIMITRIS\AppData\Roaming\CQJNUU
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ
2015-01-08 16:24 - 2015-02-20 21:32 - 0000115 _____ () C:\Users\DIMITRIS\AppData\Roaming\LogFile.txt
2014-06-23 03:38 - 2014-06-23 03:38 - 0029544 _____ () C:\Users\DIMITRIS\AppData\Roaming\UserTile.png
2014-01-30 13:33 - 2015-02-17 15:13 - 0000680 _____ () C:\Users\DIMITRIS\AppData\Local\d3d9caps.dat
2011-05-27 11:41 - 2011-06-01 12:19 - 0013896 _____ () C:\ProgramData\e53m0v5b47
2011-06-07 02:11 - 2011-06-07 02:11 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2009-10-20 05:05 - 2009-10-20 05:05 - 0184336 _____ () C:\ProgramData\Fast team team.13g7vk3
2009-08-13 21:15 - 2009-08-13 21:15 - 0217104 _____ () C:\ProgramData\Fast team team.25vmutn
2009-09-09 21:59 - 2009-09-09 21:59 - 0000016 _____ () C:\ProgramData\Fast team team.28214
2009-12-17 09:39 - 2009-12-17 09:39 - 0372752 _____ () C:\ProgramData\Fast team team.5g99lsa
2009-10-27 03:00 - 2009-10-27 03:00 - 0229392 _____ () C:\ProgramData\Fast team team.818arp4
2009-10-27 03:44 - 2009-10-27 03:44 - 0000000 _____ () C:\ProgramData\Fast team team.buqh87x
2009-10-20 05:05 - 2009-10-20 05:05 - 0110608 _____ () C:\ProgramData\Fast team team.cjpio63
2009-12-17 09:39 - 2009-12-17 09:39 - 0356368 _____ () C:\ProgramData\Fast team team.le9gb
2009-08-04 03:02 - 2009-08-04 03:02 - 0360464 _____ () C:\ProgramData\Fast team team.myh67jd
2009-10-27 03:22 - 2009-10-27 03:22 - 0094224 _____ () C:\ProgramData\Fast team team.rdal7a
2011-11-16 08:54 - 2011-11-16 08:58 - 0000432 _____ () C:\ProgramData\FAtywhGoBOpdzD
2015-02-21 04:03 - 2015-02-21 04:06 - 0000509 _____ () C:\ProgramData\hpzinstall.log
2012-07-20 13:01 - 2012-07-20 13:01 - 0000051 _____ () C:\ProgramData\ltqwjpgrmggwamq
2009-12-17 09:40 - 2009-12-17 09:40 - 0167952 _____ () C:\ProgramData\Memo Cake Bait.nreds8c
2011-11-16 08:56 - 2011-11-16 08:56 - 0000288 _____ () C:\ProgramData\~FAtywhGoBOpdzD
2011-11-16 08:56 - 2011-11-16 08:56 - 0000216 _____ () C:\ProgramData\~FAtywhGoBOpdzDr
C:\Users\DIMITRIS\AppData\Local\Temp\dcfcabfcdej.exe
C:\Users\DIMITRIS\AppData\Local\Temp\Firmware__7123_il35546.exe
C:\Users\DIMITRIS\AppData\Local\Temp\Quarantine.exe
C:\Users\DIMITRIS\AppData\Local\Temp\row.exe
C:\Users\DIMITRIS\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
Task: {0B8B7383-75CD-4720-9D89-472F943D4DE5} - System32\Tasks\{78874856-38EC-4C02-8840-3AA3ED78EEE2} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K6HH8XO\install_sbd_en[1].exe" -d C:\Users\DIMITRIS
C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K6HH8XO\install_sbd_en[1].exe
Task: {1E7194C9-B6D4-49EE-BA52-D37EA52B0FFB} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {300D618F-2BB9-4E62-AA37-7161ADD27C36} - System32\Tasks\{1801F864-3962-416B-8A3D-053B021AA018} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[2].exe" -d C:\Windows\system32
C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[2].exe
Task: {450F68C6-CAF6-4256-833C-A42A7482A336} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:63238B95
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO - Guitarra Flamenca paso a paso Vol 3.mpg:TOC.WMV
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol1.mpg:TOC.WMV
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol2.mpg:TOC.WMV
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

*****************

"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc8e9e-9912-11db-b22c-001a4d81c564}" => Key deleted successfully.
HKCR\CLSID\{c9bc8e9e-9912-11db-b22c-001a4d81c564} => Key not found.
C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk => Moved successfully.
C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}\setup.exe => Moved successfully.
"C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk" => File/Directory not found.

"C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}" directory move:

Could not move "C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab}" directory. => Scheduled to move on reboot.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2712AFFD-EC40-4303-B561-9BFBE0D0D619}" => Key deleted successfully.
HKCR\CLSID\{2712AFFD-EC40-4303-B561-9BFBE0D0D619} => Key not found.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} => Key not found.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" => Key deleted successfully.
HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => Value was restored successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\system32\drivers\avgtpx86.sys => Moved successfully.
ehdrv => Unable to stop service
ehdrv => Service deleted successfully.
C:\Windows\System32\DRIVERS\ehdrv.sys => Moved successfully.
epfwwfp => Service stopped successfully.
epfwwfp => Service deleted successfully.
C:\Windows\System32\DRIVERS\epfwwfp.sys => Moved successfully.
catchme => Service deleted successfully.
eamon => Service deleted successfully.
ENTECH => Service deleted successfully.
epfw => Service deleted successfully.
GVCplDrv => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
rdkqmvvv => Service deleted successfully.
taphss6 => Service deleted successfully.
TfFsMon => Service deleted successfully.
TfNetMon => Service deleted successfully.
TfSysMon => Service deleted successfully.
uumradln => Service deleted successfully.
C:\Windows\System32\Drivers\eamon.sys => Moved successfully.
C:\Windows\System32\Drivers\epfw.sys => Moved successfully.
C:\Program Files\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
"C:\Program Files\Mozilla Firefoxavg-secure-search.xml" => File/Directory not found.
C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml => Moved successfully.
C:\Users\DIMITRIS\AppData\Roaming\CQJNUU => Moved successfully.
C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ => Moved successfully.
C:\Users\DIMITRIS\AppData\Roaming\LogFile.txt => Moved successfully.
C:\Users\DIMITRIS\AppData\Roaming\UserTile.png => Moved successfully.
C:\Users\DIMITRIS\AppData\Local\d3d9caps.dat => Moved successfully.
C:\ProgramData\e53m0v5b47 => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\ProgramData\Fast team team.13g7vk3 => Moved successfully.
C:\ProgramData\Fast team team.25vmutn => Moved successfully.
C:\ProgramData\Fast team team.28214 => Moved successfully.
C:\ProgramData\Fast team team.5g99lsa => Moved successfully.
C:\ProgramData\Fast team team.818arp4 => Moved successfully.
C:\ProgramData\Fast team team.buqh87x => Moved successfully.
C:\ProgramData\Fast team team.cjpio63 => Moved successfully.
C:\ProgramData\Fast team team.le9gb => Moved successfully.
C:\ProgramData\Fast team team.myh67jd => Moved successfully.
C:\ProgramData\Fast team team.rdal7a => Moved successfully.
C:\ProgramData\FAtywhGoBOpdzD => Moved successfully.
C:\ProgramData\hpzinstall.log => Moved successfully.
C:\ProgramData\ltqwjpgrmggwamq => Moved successfully.
C:\ProgramData\Memo Cake Bait.nreds8c => Moved successfully.
C:\ProgramData\~FAtywhGoBOpdzD => Moved successfully.
C:\ProgramData\~FAtywhGoBOpdzDr => Moved successfully.
C:\Users\DIMITRIS\AppData\Local\Temp\dcfcabfcdej.exe => Moved successfully.
C:\Users\DIMITRIS\AppData\Local\Temp\Firmware__7123_il35546.exe => Moved successfully.
C:\Users\DIMITRIS\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\DIMITRIS\AppData\Local\Temp\row.exe => Moved successfully.
C:\Users\DIMITRIS\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}" => Key deleted successfully.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}" => Key deleted successfully.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B8B7383-75CD-4720-9D89-472F943D4DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B8B7383-75CD-4720-9D89-472F943D4DE5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{78874856-38EC-4C02-8840-3AA3ED78EEE2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{78874856-38EC-4C02-8840-3AA3ED78EEE2}" => Key deleted successfully.
"C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K6HH8XO\install_sbd_en[1].exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E7194C9-B6D4-49EE-BA52-D37EA52B0FFB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E7194C9-B6D4-49EE-BA52-D37EA52B0FFB}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{300D618F-2BB9-4E62-AA37-7161ADD27C36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{300D618F-2BB9-4E62-AA37-7161ADD27C36}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1801F864-3962-416B-8A3D-053B021AA018} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1801F864-3962-416B-8A3D-053B021AA018}" => Key deleted successfully.
"C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[2].exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{450F68C6-CAF6-4256-833C-A42A7482A336}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{450F68C6-CAF6-4256-833C-A42A7482A336}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found.
C:\ProgramData\TEMP => ":63238B95" ADS removed successfully.
C:\Users\DIMITRIS\Documents\OSCAR HERRERO - Guitarra Flamenca paso a paso Vol 3.mpg => ":TOC.WMV" ADS removed successfully.
C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol1.mpg => ":TOC.WMV" ADS removed successfully.
C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol2.mpg => ":TOC.WMV" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Classes\exefile" => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-26 10:35:46)<=

C:\ProgramData\{3202902a-f4fa-ed8d-3202-2902af4f40ab} => Moved successfully.

==== End of Fixlog 10:35:54 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[absalom]

Results of screen317's Security Check version 0.99.99
Windows Vista Service Pack 2 x86 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 75
Java 8 Update 40
Adobe Flash Player 16.0.0.305 Flash Player out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox 26.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[absalom]

Farbar Service Scanner Version: 17-01-2015
Ran by DIMITRIS (administrator) on 27-03-2015 at 07:29:50
Running from "C:\Users\DIMITRIS\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

[absalom]

This is the log from the Sopho Tool ........................ ->

Mal/FakeAvCn-C

 

[Broni]

Update Firefox to the current version.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

You only need to update 32-bit version. 64-bit version is fine.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[absalom]

Of course Ill do.... im about to read your post (future tense)
lets see what happens.

 

[Broni]

 

[absalom]

Concerning the online important passwords....

I only have one bank-account of my own.
The only 'connection' with the internet,is that Im using it for an <<online bet-site>> in which I have an account of course.
I know what you mean,but I cant change it... right now,or even if Im going to,its going to take several weeks.
I dont have money often in it,only if I raise money from the bet-site or put some,for random stuff.
Well,the bank often Warns me if there is a "strange" movement...of 'raising money',even if its me...they have a secure system I suppose... I'll see what to do though. Agree?

 

[Broni]

There were no trojans so your passwords should be safe.

12. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.

 

[absalom]

Nope..... im here....always where.... this is a print screen im uploading.... of what I still see when I open my pc.....

also,new problems seem to be arrived... my AdBlock doesnt functions..... although it skows it Turned On...
my pc always crashes.....

Broni,maybe I still have this problems with the Mozilla and my Flash player.I dont know.

 

[absalom]

Im posting another print screen,of what I confront in the browser...that AVG thing doesnt go away...
when I SpyHunter my pc,there are still 4 Movie Toolbar Trojans that dont go away...

 

[absalom]

HI,AGAIN

 

[Broni]

As for Firefox...
Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

If the above didn't help...

Uninstall Firefox completely using this manual: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer
NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy.

As for nvsvc.dll error...
nvsvc.dll comes from your nVidia video driver.
You have two choices:
- reinstall nVidia driver
- disable "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" startup
According to this: http://www.pacs-portal.co.uk/startup_pages/14000-14999/14662_nvsvc.dll.htm

Initially installed with Vista display drivers for NVIDIA based graphics cards. This entry replaced the "NVIDIA Display Driver Service" or "NVIDIA Driver Helper Service" in XP - which was used in part to maintain overclocked display settings. In a GeForce 8800GT test system this isn't the case. Disabling it caused no ill effects but it's exact purpose isn't known

If you want to go with the latter option...
Go Start and in "Start search: type "msconfig" and press Enter.
Find following line:
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
Remove checkmark and restart computer.

 

[absalom]

As for the firefox.... I had done it once before this reset....

I disabled the nvidia.... the Run Dll message didnt showed up again.... the AVG toolbar S$#%^$& DIDnt showed also... ill see hows it going. I think to unistall also Nvidia and reinstall it?... ill be back to see Sunday how goes.

 

[Broni]

Let me know.