Solved NvsvcStart Missing & Task Manager

[absalom]

I have the typical NvsvcStart Missing virus,and I have done 'almost' everything found on the intenet but nothing happened with the Spyhunter etc.

Now im trying to remove it manually but I CANT FOLLoW ALL THE STEPS I read about.
For example I CANT FIND the NvsvcStart file.... beside this.. I discovered I CANT end the process thru the Task Manager,it gives No access......

Well.... help.......

Windows Vista 32-bit user

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.


Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Broni]

Reopened.

 

[absalom]

Im back! and thanks Broni!! Here are the texts!

*the "unknown" language is Greek

THIS IS THE FRST file

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
Ran by DIMITRIS (administrator) on YPOLOGISTIS on 10-03-2015 03:09:05
Running from C:\Users\DIMITRIS\Downloads
Loaded Profiles: DIMITRIS & UpdatusUser (Available profiles: DIMITRIS & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4186112 2006-12-12] (Realtek Semiconductor)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
HKLM\...\RunOnce: [VistaSetup] => [X]
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\MountPoints2: {ae310849-319e-11e4-aff7-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\MountPoints2: {c9bc8e9e-9912-11db-b22c-001a4d81c564} - F:\LaunchU3.exe
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\MountPoints2: {c9bc8e9e-9912-11db-b22c-001a4d81c564} - F:\LaunchU3.exe
HKU\S-1-5-18\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
AppInit_DLLs: 0 => 0 File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quest.gr
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...HP=http://start.funmoods.com/?f=1&a=make&OSP=
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {0A54C6B5-CF7E-4DE3-AE22-4DE4384532A2} URL = http://www.mystartsearch.com/web/?u...04&ts=1424463278&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {2712AFFD-EC40-4303-B561-9BFBE0D0D619} URL = http://www.mystartsearch.com/web/?u...04&ts=1424463278&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?u...04&ts=1424463278&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {2712AFFD-EC40-4303-B561-9BFBE0D0D619} URL = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
BHO: GrreataSaveo4U -> {18d32c9a-b516-4b21-865c-2794b12cb21e} -> C:\Program Files\GrreataSaveo4U\V6eTjsDM9sI6mZ.dll No File
BHO: 50CoiuapaonoS -> {5964b0c7-ba54-430b-82a6-85a3d30596b0} -> C:\Program Files\50CoiuapaonoS\Y6evMq30e4YSJW.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/el-gr/wlscctrl2.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\..\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-18] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Google Docs) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (YouTube) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (Adblock Plus) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-09]
CHR Extension: (Google Search) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Sheets) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Tab Activate) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmadbnpnnolpaljadgakjilggigioaj [2015-02-20]
CHR Extension: (Google Wallet) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Gmail) - C:\Users\DIMITRIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1087792 2014-05-22] (Flexera Software LLC)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-19] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2014-01-13] (AVG Technologies)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [32256 2005-05-10] (B.H.A Corporation) [File not signed]
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [23168 2007-08-08] (eMPIA Technology, Inc.)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [38240 2009-05-14] (ESET)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
S3 gdrv; C:\Windows\gdrv.sys [14656 2010-06-13] (Windows (R) Codename Longhorn DDK provider)
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [16968 2010-07-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [6656 2008-01-19] (Microsoft Corporation)
S3 Mtlmnt5; C:\Windows\System32\DRIVERS\SLDRV\Mtlmnt5.sys [237616 2005-05-11] ( )
S3 Mtlstrm; C:\Windows\System32\DRIVERS\SLDRV\Mtlstrm.sys [1464848 2005-05-11] ( )
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [237632 2010-08-18] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [656320 2010-07-16] (PC Tools)
R0 RecAgent; C:\Windows\System32\DRIVERS\SLDRV\RecAgent.sys [14680 2005-05-11] ( )
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [26976 2014-05-22] (Feitian Technologies Co., Ltd.)
S3 Slntamr; C:\Windows\System32\DRIVERS\SLDRV\slntamr.sys [698848 2005-05-11] ( )
S3 SlNtHal; C:\Windows\System32\DRIVERS\SLDRV\Slnthal.sys [101328 2005-05-11] ( )
S3 SlWdmSup; C:\Windows\System32\DRIVERS\SLDRV\SlWdmSup.sys [13248 2005-05-11] ( )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-26] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25472 2009-07-15] (The OpenVPN Project)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.)
U5 eamon; C:\Windows\System32\Drivers\eamon.sys [114472 2009-05-14] (ESET)
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
U5 epfw; C:\Windows\System32\Drivers\epfw.sys [133000 2009-05-14] (ESET)
S3 GVCplDrv; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S1 rdkqmvvv; \??\C:\Windows\system32\drivers\rdkqmvvv.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S0 TfFsMon; No ImagePath
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; No ImagePath
S1 uumradln; \??\C:\Windows\system32\drivers\uumradln.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 03:09 - 2015-03-10 03:11 - 00019339 _____ () C:\Users\DIMITRIS\Downloads\FRST.txt
2015-03-10 03:07 - 2015-03-10 03:09 - 00000000 ___DC () C:\FRST
2015-03-10 02:56 - 2015-03-10 02:57 - 01134592 _____ (Farbar) C:\Users\DIMITRIS\Downloads\FRST.exe
2015-03-09 18:34 - 2015-03-09 18:34 - 00386616 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00143344 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmhgfs.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00107120 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vm3dmp.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00098928 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00063920 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx_svga.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00025136 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmaudio.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00014208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00011440 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmmouse.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2015-03-09 18:34 - 2015-03-09 18:34 - 00000000 ____D () C:\Windows\system32\SPReview
2015-03-09 18:31 - 2015-03-09 18:31 - 03223152 _____ (VMware, Inc.) C:\Windows\system32\vm3dgl.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00219248 _____ (VMware, Inc.) C:\Windows\system32\vm3dum.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00173232 _____ (VMware, Inc.) C:\Windows\system32\vmx_fb.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00111912 _____ (ThinPrint AG) C:\Windows\system32\TPVMW32.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00079176 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUI.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00063088 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\WsmProv.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00053360 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLib.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00050800 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00034416 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLibJava.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00023904 _____ (ThinPrint AG) C:\Windows\system32\TPVMMondeu.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00016432 _____ (VMware, Inc.) C:\Windows\system32\vmx_mode.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00009576 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonjpn.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00009072 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUIjpn.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00009064 _____ (ThinPrint AG) C:\Windows\system32\TPVMMonUIdeu.dll
2015-03-09 18:31 - 2015-03-09 18:31 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\WsmCl.dll
2015-03-09 18:30 - 2015-03-09 18:31 - 00316736 _____ (ThinPrint AG) C:\Windows\system32\TPVMMon.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00484192 _____ (ThinPrint AG) C:\Windows\system32\TPSvc.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00144664 _____ (ThinPrint AG) C:\Windows\system32\tprdpw32.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\extmgr.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll
2015-03-09 18:30 - 2015-03-09 18:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-03-09 18:15 - 2015-03-09 18:15 - 00000000 ____D () C:\ProgramData\Weskysoft
2015-03-08 17:07 - 2015-03-09 21:16 - 00001155 _____ () C:\Windows\setupact.log
2015-03-08 17:07 - 2015-03-09 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-07 18:23 - 2015-03-07 18:23 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Νέος φάκελος (3)
2015-03-07 15:25 - 2015-03-07 15:25 - 00000104 _____ () C:\Users\DIMITRIS\Desktop\Ιnternet - Συντόμευση.lnk
2015-03-07 14:59 - 2015-03-07 14:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-06 06:36 - 2015-03-06 06:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-03 20:47 - 2015-03-03 20:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\50515F29.sys
2015-02-28 23:49 - 2015-02-28 23:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\59B37FEE.sys
2015-02-28 21:27 - 2015-02-28 21:27 - 00000219 _____ () C:\Users\DIMITRIS\Desktop\Η Β ι β λ ι ο θ η κ η μ ο υ.URL
2015-02-28 21:26 - 2015-02-28 21:26 - 00000000 _____ () C:\Users\DIMITRIS\Desktop\Νέο Παρουσίαση του Microsoft Office PowerPoint.pptx
2015-02-23 22:04 - 2015-01-23 05:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-23 22:04 - 2015-01-23 04:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-23 04:20 - 2014-10-10 03:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-23 04:20 - 2014-10-10 03:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-23 04:20 - 2014-10-10 01:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-23 04:19 - 2014-12-19 02:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-23 04:14 - 2014-11-04 02:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-23 03:59 - 2014-08-27 02:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-23 03:59 - 2014-08-27 02:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-23 03:58 - 2014-10-24 03:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-23 03:58 - 2014-10-24 03:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-23 03:53 - 2014-11-26 04:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-23 03:45 - 2014-08-12 04:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-23 03:44 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-23 03:44 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-23 03:44 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-23 03:44 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-23 03:43 - 2015-01-09 02:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-23 03:40 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-23 03:40 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-23 03:40 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-23 03:28 - 2015-01-13 03:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-23 03:27 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-23 03:27 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-23 03:22 - 2015-01-15 06:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-23 03:22 - 2014-12-03 04:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-23 03:22 - 2014-10-10 03:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-23 03:10 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-23 03:09 - 2014-12-06 05:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-22 20:36 - 2015-01-14 03:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-22 20:36 - 2015-01-14 03:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-22 20:36 - 2015-01-14 03:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-22 20:36 - 2015-01-14 03:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-22 20:36 - 2015-01-14 03:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-22 20:36 - 2015-01-14 03:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-22 20:36 - 2015-01-14 03:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-22 20:36 - 2015-01-14 03:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-22 20:36 - 2015-01-14 03:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-22 20:36 - 2015-01-14 03:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-22 20:36 - 2015-01-14 03:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-22 20:36 - 2015-01-14 03:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-22 20:36 - 2015-01-14 03:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-22 20:36 - 2015-01-14 03:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-22 20:35 - 2015-01-14 03:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-22 20:35 - 2015-01-14 03:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-22 20:35 - 2015-01-14 03:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-22 20:35 - 2015-01-14 03:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-22 20:35 - 2015-01-14 03:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-22 20:35 - 2015-01-14 03:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-22 20:14 - 2015-02-22 20:14 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe
2015-02-22 20:05 - 2015-03-08 16:58 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2015-02-22 20:05 - 2015-02-22 20:05 - 00000869 _____ () C:\Users\DIMITRIS\Desktop\DllSuite.lnk
2015-02-22 20:04 - 2015-02-22 20:04 - 00000000 ____D () C:\Program Files\DLLSuite
2015-02-22 13:57 - 2015-02-22 13:59 - 128722160 _____ (Microsoft Corporation) C:\Users\DIMITRIS\Downloads\msert.exe
2015-02-22 13:55 - 2015-02-22 13:55 - 38804664 _____ (Microsoft Corporation) C:\Users\DIMITRIS\Downloads\Windows-KB890830-V5.21.exe
2015-02-22 04:03 - 2015-02-22 05:26 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2015-02-22 03:51 - 2015-02-22 03:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-YPOLOGISTIS-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2015-02-22 03:47 - 2015-02-22 03:47 - 00000000 ___DC () C:\RegBackup
2015-02-22 00:31 - 2015-02-22 00:31 - 00000869 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-22 00:31 - 2015-02-22 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-22 00:31 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 00:31 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-22 00:30 - 2015-02-22 00:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-22 00:23 - 2015-03-10 00:11 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-02-22 00:23 - 2015-02-22 00:31 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Malwarebytes
2015-02-22 00:22 - 2015-02-22 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 00:20 - 2015-02-22 00:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-22 00:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 22:27 - 2015-02-21 22:27 - 00000000 __SHD () C:\found.004
2015-02-21 04:34 - 2015-02-21 04:34 - 00000000 __SHD () C:\found.003
2015-02-21 04:29 - 2015-03-09 18:49 - 00667670 _____ () C:\spyhunter.fix
2015-02-21 04:29 - 2010-05-13 17:34 - 00014232 _____ () C:\Windows\system32\sh4native.exe
2015-02-21 04:05 - 2015-02-21 04:05 - 00000000 ____D () C:\ProgramData\WEBREG
2015-02-21 04:03 - 2015-02-21 04:06 - 00000509 _____ () C:\ProgramData\hpzinstall.log
2015-02-21 03:17 - 2015-03-05 13:22 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\spyhunter
2015-02-21 00:31 - 2015-02-21 00:31 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_640
2015-02-21 00:29 - 2015-02-21 04:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-21 00:29 - 2015-02-21 00:29 - 00002053 _____ () C:\Users\DIMITRIS\Desktop\SpyHunter.lnk
2015-02-21 00:29 - 2015-02-21 00:29 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-02-21 00:28 - 2015-02-21 03:52 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-02-21 00:27 - 2015-02-21 00:27 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-02-21 00:25 - 2015-03-05 13:22 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\Νέος φάκελος
2015-02-20 22:59 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\50CoiuapaonoS
2015-02-20 22:58 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\GrreataSaveo4U
2015-02-20 22:56 - 2015-02-20 23:03 - 00000000 ____D () C:\Program Files\Tab Activate
2015-02-20 22:54 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\50Cooupons
2015-02-20 22:54 - 2015-02-20 22:54 - 00000000 ____D () C:\ProgramData\ahlnnkdkemhadhfaehjogeamchnofabl
2015-02-20 22:38 - 2015-02-20 22:38 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\DIMITRIS\Downloads\SpyHunter-Installer.exe
2015-02-20 22:21 - 2015-03-09 22:21 - 00001350 _____ () C:\Windows\Tasks\CQJNUU.job
2015-02-20 22:20 - 2015-03-09 22:20 - 00001350 _____ () C:\Windows\Tasks\GBEGBQ.job
2015-02-20 22:15 - 2015-02-20 22:15 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Opera Software
2015-02-20 22:14 - 2015-03-08 03:11 - 00000000 ____D () C:\Program Files\Opera
2015-02-20 22:12 - 2015-02-20 22:59 - 00000000 ____D () C:\ProgramData\11321316169410382761
2015-02-20 22:11 - 2015-02-21 07:18 - 00000000 ____D () C:\Program Files\PriCEELess
2015-02-20 22:04 - 2015-02-20 22:06 - 16578402 _____ ( ) C:\Users\DIMITRIS\Desktop\DLLSuite_Setup.exe
2015-02-20 17:16 - 2015-02-20 17:16 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\ParetoLogic
2015-02-18 18:56 - 2015-03-07 15:02 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-18 18:56 - 2015-02-18 18:56 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Oracle
2015-02-18 18:55 - 2015-03-07 14:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-18 18:55 - 2015-02-18 18:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-18 18:55 - 2015-02-18 18:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-18 18:55 - 2015-02-18 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-18 15:44 - 2015-02-18 15:44 - 00016384 _____ () C:\Windows\SPInstall.etl
2015-02-18 13:53 - 2015-02-18 13:53 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Sun
2015-02-18 13:42 - 2015-02-18 13:43 - 00006529 _____ () C:\Windows\system32\jupdate-1.6.0_07-b06.log
2015-02-18 11:55 - 2015-02-18 12:09 - 00000000 ___DC () C:\MATS
2015-02-18 08:09 - 2015-03-09 19:51 - 00017438 _____ () C:\Windows\PFRO.log
2015-02-18 06:36 - 2015-02-18 06:36 - 00034780 _____ () C:\Users\DIMITRIS\Desktop\sfcdetails.txt
2015-02-18 00:27 - 2015-02-18 00:27 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Local\Macromedia
2015-02-14 02:19 - 2015-02-14 02:30 - 00000000 ___DC () C:\28eea4b49fa1d21192

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 03:00 - 2014-01-13 23:00 - 01691483 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 02:33 - 2014-01-12 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 01:51 - 2006-11-02 14:47 - 00004560 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 01:51 - 2006-11-02 14:47 - 00004560 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 01:35 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\tracing
2015-03-09 21:16 - 2011-11-20 05:19 - 00001905 _____ () C:\Windows\diagwrn.xml
2015-03-09 21:16 - 2011-11-20 05:19 - 00001905 _____ () C:\Windows\diagerr.xml
2015-03-09 19:51 - 2008-10-22 23:15 - 00016384 _____ () C:\Windows\system32\Ikeext.etl
2015-03-09 19:51 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 19:51 - 2006-11-02 14:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-09 19:49 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-09 14:48 - 2007-09-12 07:13 - 00000000 ____D () C:\Users\DIMITRIS
2015-03-09 14:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-03-09 14:48 - 2006-11-02 12:22 - 74186752 _____ () C:\Windows\system32\config\software_previous
2015-03-09 14:48 - 2006-11-02 12:22 - 47448064 _____ () C:\Windows\system32\config\components_previous
2015-03-09 14:48 - 2006-11-02 12:22 - 104333312 _____ () C:\Windows\system32\config\system_previous
2015-03-09 14:48 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-03-09 14:48 - 2006-11-02 12:22 - 00065536 _____ () C:\Windows\system32\config\sam_previous
2015-03-09 14:48 - 2006-11-02 12:22 - 00028672 _____ () C:\Windows\system32\config\security_previous
2015-03-07 14:54 - 2014-10-16 11:37 - 00000000 ____D () C:\Program Files\Java
2015-03-05 12:06 - 2007-03-26 18:17 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-03-05 07:36 - 2014-09-06 23:17 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\FirefoxToolbar
2015-03-03 20:51 - 2006-11-02 12:33 - 01720600 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 15:16 - 2009-10-03 11:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 03:20 - 2011-11-20 16:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-24 03:17 - 2012-07-21 18:06 - 00001796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 03:07 - 2011-11-20 16:51 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-24 03:07 - 2010-10-04 18:16 - 02741112 _____ () C:\Windows\system32\Drivers\Cat.DB
2015-02-23 05:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-02-23 04:48 - 2014-10-09 19:14 - 02536496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 04:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\el-GR
2015-02-23 04:10 - 2007-03-26 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-22 05:43 - 2014-10-09 19:17 - 00144560 _____ () C:\Users\DIMITRIS\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-21 07:18 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Local\cache
2015-02-21 04:06 - 2011-06-30 13:52 - 00148540 _____ () C:\Windows\hpoins12.dat
2015-02-21 04:05 - 2011-06-30 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-21 00:21 - 2014-09-05 08:34 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-02-21 00:21 - 2014-01-12 17:41 - 00000828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-21 00:21 - 2011-07-28 03:54 - 00000967 _____ () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-20 22:23 - 2014-01-11 16:16 - 00000000 ____D () C:\Program Files\Google
2015-02-20 17:19 - 2015-01-31 09:43 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-20 17:19 - 2014-02-18 15:07 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\SOFTWARE
2015-02-20 15:52 - 2011-07-08 03:57 - 00000000 ____D () C:\Users\DIMITRIS\Documents\WEBSITE
2015-02-20 15:51 - 2011-07-08 03:59 - 00000000 ____D () C:\Users\DIMITRIS\Documents\ΠΡΟΓΡΑΜΜΑΤΑ
2015-02-20 01:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-18 06:32 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-02-18 00:27 - 2014-01-15 02:36 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Local\Adobe
2015-02-18 00:26 - 2014-01-12 12:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-18 00:26 - 2014-01-12 12:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 15:13 - 2014-01-30 13:33 - 00000680 _____ () C:\Users\DIMITRIS\AppData\Local\d3d9caps.dat
2015-02-15 09:50 - 2011-11-20 17:41 - 00000000 ____D () C:\Users\DIMITRIS\Desktop\xx
2015-02-14 02:57 - 2009-03-19 22:09 - 00000000 ____D () C:\Users\DIMITRIS\Documents\Οι σαρώσεις μου
2015-02-14 02:36 - 2006-11-02 12:23 - 00000305 _____ () C:\Windows\win.ini
2015-02-14 01:23 - 2015-01-31 09:59 - 00000000 ____D () C:\Users\DIMITRIS\Dropbox
2015-02-14 01:22 - 2015-01-31 09:41 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\Dropbox
2015-02-12 06:37 - 2010-12-04 05:00 - 00000000 ____D () C:\Users\DIMITRIS\AppData\Roaming\phonostar-Player

==================== Files in the root of some directories =======

2014-01-14 22:13 - 2014-01-14 22:14 - 0003701 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-01-13 21:38 - 2014-01-13 22:01 - 0003747 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2010-07-29 19:09 - 2010-07-29 19:09 - 0002333 _____ () C:\Users\DIMITRIS\AppData\Roaming\121A.tmp
2010-07-30 15:41 - 2010-07-30 15:41 - 0002333 _____ () C:\Users\DIMITRIS\AppData\Roaming\3D8C.tmp
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\DIMITRIS\AppData\Roaming\CQJNUU
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ
2015-01-08 16:24 - 2015-02-20 21:32 - 0000115 _____ () C:\Users\DIMITRIS\AppData\Roaming\LogFile.txt
2014-06-23 03:38 - 2014-06-23 03:38 - 0029544 _____ () C:\Users\DIMITRIS\AppData\Roaming\UserTile.png
2014-01-30 13:33 - 2015-02-17 15:13 - 0000680 _____ () C:\Users\DIMITRIS\AppData\Local\d3d9caps.dat
2011-06-01 01:01 - 2011-06-01 01:02 - 0013880 _____ () C:\ProgramData\4153593714
2011-05-27 11:41 - 2011-06-01 12:19 - 0013896 _____ () C:\ProgramData\e53m0v5b47
2011-06-07 02:11 - 2011-06-07 02:11 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2009-10-20 05:05 - 2009-10-20 05:05 - 0184336 _____ () C:\ProgramData\Fast team team.13g7vk3
2009-08-13 21:15 - 2009-08-13 21:15 - 0217104 _____ () C:\ProgramData\Fast team team.25vmutn
2009-09-09 21:59 - 2009-09-09 21:59 - 0000016 _____ () C:\ProgramData\Fast team team.28214
2009-12-17 09:39 - 2009-12-17 09:39 - 0372752 _____ () C:\ProgramData\Fast team team.5g99lsa
2009-10-27 03:00 - 2009-10-27 03:00 - 0229392 _____ () C:\ProgramData\Fast team team.818arp4
2009-10-27 03:44 - 2009-10-27 03:44 - 0000000 _____ () C:\ProgramData\Fast team team.buqh87x
2009-10-20 05:05 - 2009-10-20 05:05 - 0110608 _____ () C:\ProgramData\Fast team team.cjpio63
2009-12-17 09:39 - 2009-12-17 09:39 - 0356368 _____ () C:\ProgramData\Fast team team.le9gb
2009-08-04 03:02 - 2009-08-04 03:02 - 0360464 _____ () C:\ProgramData\Fast team team.myh67jd
2009-10-27 03:22 - 2009-10-27 03:22 - 0094224 _____ () C:\ProgramData\Fast team team.rdal7a
2011-11-16 08:54 - 2011-11-16 08:58 - 0000432 _____ () C:\ProgramData\FAtywhGoBOpdzD
2015-02-21 04:03 - 2015-02-21 04:06 - 0000509 _____ () C:\ProgramData\hpzinstall.log
2012-07-20 13:01 - 2012-07-20 13:01 - 0000051 _____ () C:\ProgramData\ltqwjpgrmggwamq
2009-12-17 09:40 - 2009-12-17 09:40 - 0167952 _____ () C:\ProgramData\Memo Cake Bait.nreds8c
2012-07-19 03:52 - 2012-07-19 03:54 - 4503728 ____T () C:\ProgramData\pmt_0piot.pad
2011-11-16 08:56 - 2011-11-16 08:56 - 0000288 _____ () C:\ProgramData\~FAtywhGoBOpdzD
2011-11-16 08:56 - 2011-11-16 08:56 - 0000216 _____ () C:\ProgramData\~FAtywhGoBOpdzDr

Files to move or delete:
====================
C:\ProgramData\pmt_0piot.pad


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-09 20:18

==================== End Of Log ============================

 

[absalom]

Let me add some more info here. I think it has to do also with that AVG.Toolbar issue.... It remains as a Toolbar in my Mozilla.Only if I re-open the Mozilla browser it dissapears. I Restored the System,but...it appeared again,after having gone for some hours.

Here is the Second Text,ADDITION



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-03-2015 01
Ran by DIMITRIS at 2015-03-10 03:12:09
Running from C:\Users\DIMITRIS\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-Click YouTube To MP3 Converter 2.2 (HKLM\...\1-Click YouTube To MP3 Converter_is1) (Version: - )
2DD8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - )
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ACID Xpress 7.0 (HKLM\...\{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}) (Version: 7.0.64 - Sony)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe Photoshop CS4_is1) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AIO_Scan (Version: 82.0.203.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CiD Help (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\play cash gram) (Version: - )
CiD Help (HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\...\play cash gram) (Version: - )
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DiscAPI (Studio 10) (Version: 2.10.0060 - Pinnacle Systems) Hidden
DJ_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 82.0.203.000 - Hewlett-Packard) Hidden
DLL Suite 2013 (HKLM\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version: - )
Dropbox (HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 82.0.203.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FIFA 09 (HKLM\...\{2315B23D-3E21-4920-837D-AE6460934ECB}) (Version: 1.0.1.1 - Electronic Arts)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (HKLM\...\KB970892_SQL9) (Version: 9.3.4053 - Microsoft Corporation)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet All-In-One Software 8.0 (HKLM\...\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Επωνυμία Επιχείρησης)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LightScribe 1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware έκδοση 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Portugues do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 el) (HKLM\...\Mozilla Firefox 26.0 (x86 el)) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
phonostar-Player Version 2.01.4 (HKLM\...\phonostarRadioPlayer_is1) (Version: - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
RAPID (Studio 10) (Version: 1.00.0004 - Pinnacle Systems) Hidden
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Recover My Files (HKLM\...\Recover My Files_is1) (Version: 4.9.4.1343 - GetData Pty Ltd)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SketchUp 2014 (HKLM\...\{574C5F13-E589-493D-99A3-70B7D9E477BA}) (Version: 14.0.4900 - Trimble Navigation Limited)
SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
SpyHunter (HKLM\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Ενημερώσεις NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ell) (Version: - Microsoft Corporation)
Πίνακας Ελέγχου NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
Σύμβουλος αναβάθμισης των Windows Vista (HKLM\...\{11350FDD-AC14-476F-AE4C-C5DF6A14844B}) (Version: 1.0.4 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4062343756-1977868193-1024004534-1008_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

23-02-2015 03:01:31 Windows Update
24-02-2015 03:01:10 Windows Update
27-02-2015 22:52:27 Windows Update
03-03-2015 21:12:08 Windows Update
07-03-2015 17:09:38 Windows Update
08-03-2015 17:30:56 Windows Update
09-03-2015 15:36:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-02-21 00:31 - 2015-02-22 05:21 - 00000855 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B8B7383-75CD-4720-9D89-472F943D4DE5} - System32\Tasks\{78874856-38EC-4C02-8840-3AA3ED78EEE2} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K6HH8XO\install_sbd_en[1].exe" -d C:\Users\DIMITRIS
Task: {0E955B03-BA21-4AAD-9118-91A7F89F7CC5} - System32\Tasks\{35A6DD0B-D370-4F3E-B756-8692753C84B1} => pcalua.exe -a "C:\Program Files\phpDesigner\unins000.exe"
Task: {1E7194C9-B6D4-49EE-BA52-D37EA52B0FFB} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {1FCFDBF9-BCBB-4A09-8944-15ACFF7E8343} - System32\Tasks\Java => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {25057D49-E4A4-45D7-B6AD-A8D41691E294} - System32\Tasks\{2D3D0F93-D188-4E2F-8B88-83943467BDFE} => Firefox.exe http://ui.skype.com/ui/0/6.22.0.107/el/abandoninstall?page=tsProgressBar
Task: {25DF4AE0-0D01-4ECF-9B48-74A8C7CA5ABE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {280625D5-4811-4FFE-86BC-0721711D87E9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: {29650556-BC38-4BEF-A496-616FBA86F9D6} - System32\Tasks\{6785AF2F-F4CA-4FEA-AC1E-57F95208C7BA} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {2BECAE92-8DA1-41BE-9207-109D3F0A74D1} - System32\Tasks\{E3D72A18-7278-445B-AF82-5E07C08D00C1} => pcalua.exe -a "c:\program files\real\realplayer\\RealPlay.exe" -d "C:\Program Files\Mozilla Firefox" -c "C:\Users\DIMITRIS\AppData\Local\Temp\videosz-deep-oral-ladies-2-82.mpg"
Task: {300D618F-2BB9-4E62-AA37-7161ADD27C36} - System32\Tasks\{1801F864-3962-416B-8A3D-053B021AA018} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[2].exe" -d C:\Windows\system32
Task: {41010679-0E8C-4DA7-854B-E160249CCF42} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10] (Hewlett-Packard Co.)
Task: {450F68C6-CAF6-4256-833C-A42A7482A336} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {52D3AC25-C68F-4B22-9EA5-6047311E0FEE} - System32\Tasks\{63C7AD5B-7669-40BB-9277-53BEC7388EAE} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWS4FID1\NOF-Essentials[1].exe" -d C:\Users\DIMITRIS\Desktop
Task: {5307BD4F-EC33-4A72-BDBD-DFF22B7252AF} - System32\Tasks\{19E220FB-999C-4A4E-B8B0-7C9AFE2EB491} => pcalua.exe -a D:\setup.exe -d D:\
Task: {53F8D33B-ABD6-41FF-B8E3-CD67991402F1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: {54E1965B-851C-4FB4-A9D9-D49FF168C4F9} - System32\Tasks\{708B35DD-72EE-46AC-A360-9BA97D262F60} => pcalua.exe -a C:\PROGRA~1\SPINSO~1\GLOSSO~1\GlossoMatheia.exe -d C:\Users\DIMITRIS\Downloads -c C:\Users\DIMITRIS\Downloads\Ασκήσεις ΑΕΠΠ - Εθνικότητες Ισπανίας.psc
Task: {57A06A2B-3142-41F4-9DB3-955440E8CFFC} - System32\Tasks\{B2C67E3D-E4A5-4C3F-87E1-BE4485F7B7A8} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D9EXU2F\NOF-Essentials[1].exe" -d C:\Users\DIMITRIS
Task: {589662FF-B3C2-49DA-8BB6-A73431248A4D} - System32\Tasks\{88432499-D3E3-4DD9-8D64-394053ED4781} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\FIFA 09_uninst.exe" -d "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support"
Task: {61FBCEDB-E894-404B-8288-9BE482EE6604} - System32\Tasks\Real Networks Scheduler => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Task: {6DFB832D-BECB-40DB-A3F7-25BA881ADD38} - System32\Tasks\{2BFBB7F9-E810-4EDB-A18D-76C5FBD930B3} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM7DJPIA\download[1].exe" -d C:\Windows\system32
Task: {6EF7945E-79A2-4918-BBF0-3449761B07C4} - System32\Tasks\CQJNUU => C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe <==== ATTENTION
Task: {71B35727-B610-4A9C-BC5B-B4BCFAB14B73} - System32\Tasks\{3D253D9D-87B4-404B-9D27-3AA7E6C9B896} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Task: {72D89400-5324-479A-B398-421FBCE2DA78} - System32\Tasks\{BFA9979A-3F6A-4E55-B662-318694509CEA} => pcalua.exe -a C:\Users\DIMITRIS\Downloads\win_spy_software_8_3_crack_by_ACME.exe -d C:\Users\DIMITRIS\Downloads
Task: {73E2A2F2-AEA4-46F5-B526-057EBB9384D2} - System32\Tasks\{D42CBAD5-095A-431B-93A0-D6D7D8B40E75} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM7DJPIA\InstallPool[3].exe" -d C:\Windows\system32
Task: {791CE9FB-A258-434F-8711-E1A3D5C96831} - System32\Tasks\{71CC04EF-9D77-42DA-958D-4992B5B26032} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D9EXU2F\acidxpress70_enu[1].exe" -d C:\Users\DIMITRIS
Task: {80AC2723-95EA-4ADD-B7AE-A645CAD596ED} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {82FD057A-37B8-4D2E-A3CB-100E3978D17E} - System32\Tasks\{C2C5A4C4-0466-40D8-8A55-3F7B0C01B7C7} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[8].exe" -d C:\Windows\system32
Task: {8F4C1F93-D407-4CFC-924B-802321B3D1C8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {90A1174B-045B-4CFE-BB8E-7E673856A6A2} - System32\Tasks\{6442D402-4704-4B61-82AC-9CE006ED7F6D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2QI9UFT\Russian_League_08_eng[1].exe" -d C:\Users\DIMITRIS
Task: {9309190F-6928-44A2-8161-3930B48B6897} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe
Task: {99C6F52E-E7D9-4E68-A1A5-9817D08BAA75} - System32\Tasks\{0283EBCB-A8E9-44C2-A9CD-B7630831E256} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\Profes.sayt.za.7_chasov.2010\Paket\Expansions\joomla &amp; Danwer\DENWER_3.0\Denwer3_Base_2008-01-13_a2.2.4_p5.2.4_m5.0.45_pma2.6.1.exe" -d "C:\Users\DIMITRIS\Desktop\Profes.sayt.za.7_chasov.2010\Paket\Expansions\joomla &amp; Danwer\DENWER_3.0"
Task: {A1065142-D339-4463-AAE3-B442052305EE} - System32\Tasks\{87A39743-58BA-43C6-82FF-DE0EAAD41E77} => pcalua.exe -a C:\Users\DIMITRIS\Downloads\PoolSharksInstaller.exe -d C:\Windows\system32
Task: {A8F36AC8-5062-4B7A-A33E-EF4364070E8D} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AB642975-7363-4B11-993A-B64F34966F2B} - System32\Tasks\{50C1F4D8-A8FD-4560-B64C-BC995389E020} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\EADM\eadm-installer.exe" -d "C:\Users\DIMITRIS\Desktop\στοιχημα\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\EADM"
Task: {B1DD67FE-E564-4065-ADDC-579ACAEEE406} - System32\Tasks\{69F6188A-614E-4C87-B799-C54B3FCEF72A} => pcalua.exe -a C:\Users\DIMITRIS\Desktop\Fifa.00.FO.Max.Payne\Fifa.00.FO.Max.Payne\KUR.EXE -d C:\Users\DIMITRIS\Desktop\Fifa.00.FO.Max.Payne\Fifa.00.FO.Max.Payne
Task: {B7BBA1C2-AB70-4B4F-916A-3A070A70424B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B985DF40-BEB3-489E-A8C1-E99D21D0B42B} - System32\Tasks\{CD7F8248-4F69-4057-B789-FA65A3D5EFE5} => pcalua.exe -a C:\Windows\system32\QuickTime.cpl
Task: {C117D1EC-DD26-4ED6-9DB9-DE1CF04D5ABC} - System32\Tasks\{E04A8E6C-DBA2-45F6-BDE7-C732D3E32D2D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSIXJ3XF\MP10Setup[1].exe" -d C:\Windows\system32
Task: {C4408D8A-EED0-4C78-BCBA-9E948D5F0BC4} - System32\Tasks\{2AA1F964-B391-4D33-86E2-FCA69F7AB8C5} => pcalua.exe -a "D:\Support\FIFA 08_uninst.exe" -d D:\Support
Task: {C70FAC1C-9566-41EC-801B-96163BB59190} - System32\Tasks\{9E3488DB-27ED-4D6C-BED9-DA03457D27E4} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\PoolStars-0.49.533b[3].exe" -d C:\Windows\system32
Task: {CC9920F7-75DA-4FBF-86F3-8AC67CC6CA4C} - System32\Tasks\{26CFDCAB-2177-4AD9-A7A1-4DA727B967AA} => Firefox.exe http://ui.skype.com/ui/0/6.22.0.107/el/abandoninstall?page=tsProgressBar
Task: {D05325F5-4A61-4763-9781-3EE8764E69BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {D114702D-DFD6-4EDD-A48A-834C2CC4F781} - System32\Tasks\{765D0C1F-A816-4B41-9D0D-400110674A0D} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z7MWE56\InstallPool[6].exe" -d C:\Windows\system32
Task: {D76EC604-F038-4F46-A49B-5787DC900F11} - System32\Tasks\Opera scheduled Autoupdate 1424463335 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {D7D2F0AB-E41B-4ADF-BB7F-51307CBAAE12} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4062343756-1977868193-1024004534-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {D9105E7A-8A00-4475-B49D-3C3737C81121} - System32\Tasks\GBEGBQ => C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe <==== ATTENTION
Task: {E15E8E01-F438-44B3-B786-AB0C47409013} - System32\Tasks\{C208D0B2-3436-4300-B551-38E06B32B2BB} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82NVFGW9\InstallPool[4].exe" -d C:\Windows\system32
Task: {E1E46532-6DED-4A39-8367-7DA4003F9835} - System32\Tasks\{040B2AE7-1BD5-4711-B723-92DDC9C00643} => pcalua.exe -a "C:\Program Files\EA SPORTS\FIFA 06 Demo\EAUninstall.exe"
Task: {E28DF6B5-7CDB-4BE5-9450-9FD8C0212774} - System32\Tasks\{B42D819C-539A-4833-9CAF-924F7EED74F6} => Firefox.exe http://ui.skype.com/ui/0/5.8.0.158/el/go/help.faq.installer?LastError=1618
Task: {E516394F-86E8-4EA6-9AC4-87785942812A} - System32\Tasks\{341B4881-EAD5-4FDE-A0E1-99B320F1E1C4} => pcalua.exe -a "C:\Users\DIMITRIS\Desktop\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support\FIFA 09_uninst.exe" -d "C:\Users\DIMITRIS\Desktop\FIFA.09.Full-Rip.Skullptura\FIFA 09\Support"
Task: {E523E7EC-C995-46F5-82BE-70EE03F004E6} - System32\Tasks\{AADD312E-1829-405D-B3DC-B115D3D8DE7B} => pcalua.exe -a D:\Run.exe -d D:\
Task: {E5AC0C8E-90C9-411F-85EC-05138BAE4373} - System32\Tasks\Vista Task Low => c:\Program Files\RealArcade\RealArcade.exe
Task: {E7E335E9-0757-43E3-A40E-58BEEF23C92A} - System32\Tasks\{30800A88-7219-42D7-82C7-F74E35F76DCA} => pcalua.exe -a C:\PROGRA~1\PROGES~1\PROGEC~1\UNWISE.EXE -c "C:\PROGRA~1\PROGES~1\PROGEC~1\install.log"
Task: {E92CC64D-50EE-4CE3-A427-6457F75F209E} - System32\Tasks\{37518E1C-7463-4B18-8D25-78E174B4D33C} => pcalua.exe -a "C:\Users\DIMITRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM8LWUPF\InstallPool[3].exe" -d C:\Windows\system32
Task: {E9CC0597-E431-4AD5-A4EA-F47729DD399E} - System32\Tasks\{0BA59934-72DD-41D7-93FF-EC84A6D93574} => pcalua.exe -a C:\Windows\IsUn0408.exe -d C:\Windows -c -f"C:\Program Files\EA SPORTS\FIFA 2000\uninst.log"
Task: {EC288708-0985-4E11-9A28-2058A6F219F6} - System32\Tasks\{D3395A30-5EA2-4EEE-A60A-10D53E8FBFE6} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe" -c /M{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF} /Z"UNINSTALL"
Task: {F93D1355-371E-4B56-BFEA-4356664BC957} - System32\Tasks\{E1C8F1F6-4E8A-4814-BBD5-46E7D2E06700} => pcalua.exe -a C:\Users\DIMITRIS\Desktop\rzr-fa10\Setup.exe -d C:\Users\DIMITRIS\Desktop\rzr-fa10
Task: {FA1682C6-1859-4B22-B828-248D3199CEEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-18] (Adobe Systems Incorporated)
Task: {FA309EBC-7CE7-4D6D-B3AA-3675143F9229} - System32\Tasks\{A285CDA4-4C4D-41FA-B039-923368F0E864} => pcalua.exe -a C:\Windows\iun3404.exe -c C:\Program Files\Fifa 2000
Task: {FA57AD51-4CAE-4608-B2A1-CCD837E2BD36} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - DIMITRIS => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {FA84D65B-64F0-45F2-AE30-CD66600B84E6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe
Task: {FC26C03E-B848-4B03-B35B-A41044FD1A3F} - System32\Tasks\{F47EBF87-663C-4E62-8243-24679E46A372} => pcalua.exe -a C:\Windows\unvise32qt.exe -d C:\Windows -c C:\Windows\system32\QUICKT~1\UNINST~1.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CQJNUU.job => C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe <==== ATTENTION
Task: C:\Windows\Tasks\GBEGBQ.job => C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2012-04-02 07:16 - 2008-09-09 10:01 - 00283680 _____ () C:\Windows\System32\prntjpg.dll
2009-09-21 17:13 - 2009-08-03 11:18 - 00061440 _____ () C:\Windows\system32\wintab32.dll
2007-01-02 20:38 - 2007-01-02 20:38 - 00065536 _____ () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2007-01-02 20:38 - 2007-01-02 20:38 - 00077824 _____ () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
2015-02-18 00:25 - 2015-02-18 00:25 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:63238B95
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO - Guitarra Flamenca paso a paso Vol 3.mpg:TOC.WMV
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol1.mpg:TOC.WMV
AlternateDataStreams: C:\Users\DIMITRIS\Documents\OSCAR HERRERO Guitarra flamenca paso a paso Vol2.mpg:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img7.jpg
HKU\S-1-5-21-4062343756-1977868193-1024004534-1008\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MSIDLL => rundll32.exe msiuic32.dll,jlGtpiWuy
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: TorrentEasy => "C:\Program Files\TorrentEasy\TorrentEasy.exe -autorun"

==================== Accounts: =============================

Administrator (S-1-5-21-4062343756-1977868193-1024004534-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4062343756-1977868193-1024004534-1003 - Limited - Enabled)
DIMITRIS (S-1-5-21-4062343756-1977868193-1024004534-1001 - Administrator - Enabled) => C:\Users\DIMITRIS
Guest (S-1-5-21-4062343756-1977868193-1024004534-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-4062343756-1977868193-1024004534-1008 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: (MOBILE ASSIST)Realtek RTL8139/810x Family Fast Ethernet NIC
Description: (MOBILE ASSIST)Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 07:52:13 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/09/2015 07:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0xa44, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

Error: (03/09/2015 07:32:59 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/09/2015 07:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0xa00, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

Error: (03/09/2015 07:28:21 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/09/2015 07:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0xa38, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

Error: (03/09/2015 06:50:43 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/09/2015 06:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0xa18, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.

Error: (03/09/2015 02:50:20 PM) (Source: SQLBrowser) (EventID: 11) (User: )
Description: The SQLBrowser service encountered a critical failure.

Error: (03/09/2015 02:50:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ελαττωματική εφαρμογή sqlservr.exe, έκδοση 2005.90.4053.0, χρονική σήμανση 0x4a1c88c7, ελαττωματική λειτουργική μονάδα kernel32.dll, έκδοση 6.0.6002.19034, χρονική σήμανση 0x52f2ec86, κωδικός εξαίρεσης 0xc06d007e, μετατόπιση σφάλματος 0x0003fd1e,
αναγνωριστικό διεργασίας 0xa14, χρόνος έναρξης εφαρμογής 0xsqlservr.exe0.


System errors:
=============
Error: (03/09/2015 08:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Πρόγραμμα Εγκατάστασης λειτουργικών μονάδων των Windows%%1053

Error: (03/09/2015 08:02:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Πρόγραμμα Εγκατάστασης λειτουργικών μονάδων των Windows

Error: (03/09/2015 08:02:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server VSS Writer1

Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: TfFsMon
TfSysMon

Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SQL Server (SQLEXPRESS)%%1053

Error: (03/09/2015 07:53:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000SQL Server (SQLEXPRESS)

Error: (03/09/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: TfFsMon
TfSysMon

Error: (03/09/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server VSS Writer1

Error: (03/09/2015 07:33:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SQL Server (SQLEXPRESS)%%1053


Microsoft Office Sessions:
=========================
Error: (11/29/2010 04:03:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1818 seconds with 360 seconds of active time. This session ended with a crash.

Error: (10/29/2010 05:15:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3341 seconds with 1380 seconds of active time. This session ended with a crash.

Error: (10/28/2010 07:43:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 924 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/27/2010 07:33:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1104 seconds with 180 seconds of active time. This session ended with a crash.

Error: (10/27/2010 07:05:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5901 seconds with 3720 seconds of active time. This session ended with a crash.

Error: (11/10/2009 08:59:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 229 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/14/2009 06:18:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3703 seconds with 2580 seconds of active time. This session ended with a crash.

Error: (08/27/2009 02:45:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/25/2009 03:22:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 10680 seconds with 6720 seconds of active time. This session ended with a crash.

Error: (07/14/2009 11:38:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-03-10 03:11:48.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:11:48.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:11:48.151
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:11:47.939
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:11:47.520
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:11:47.303
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:11:47.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:11:46.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:10:51.509
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 03:10:51.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
Percentage of memory in use: 93%
Total physical RAM: 1022.83 MB
Available physical RAM: 70.32 MB
Total Pagefile: 2562.82 MB
Available Pagefile: 739.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.93 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:232.88 GB) (Free:109.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LRMCFRE_EL_DVD) (CDROM) (Total:2.42 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 41112F68)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[absalom]

Excuse me but I couldnt figured out if the characters are over 50,000.

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[absalom]

The ROGUE KILLER.report

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : DIMITRIS [Administrator]
Started from : C:\Users\DIMITRIS\Downloads\RogueKiller.exe
Mode : Delete -- Date : 03/14/2015 18:12:16

¤¤¤ Processes : 1 ¤¤¤
[Proc.Svchost] svchost.exe(1028) -- [x] -> Killed [TermThr]

¤¤¤ Registry : 26 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786} -> Deleted
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Replaced ()
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Replaced (1)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.WallPaper] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop | WallPaper : C:\Windows\Web\Wallpaper\img7.jpg -> Replaced (C:\Users\DIMITRIS\AppData\Roaming\Microsoft\Windows Photo Gallery\Ταπετσαρία της Συλλογής φωτογραφιών των Windows.jpg)

¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] CQJNUU.job -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> Deleted
[Suspicious.Path] GBEGBQ.job -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> Deleted
[Suspicious.Path] \\CQJNUU -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> Deleted
[Suspicious.Path] \\GBEGBQ -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> ERROR [0]

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x891511e8

¤¤¤ Web browsers : 1 ¤¤¤
[FIREFX:Addon] na8najap.default : McAfee Security Scan Plus [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKX-00ERMA0 ATA Device +++++
--- User ---
[MBR] 8858a9278792b5eabb678ce717f16aac
[BSP] db5394e192465c077b12bca589f200a3 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03142015_180842.log

 

[absalom]

BRONI ! a problem OCCURED...........

I had my Network Driver missing and lost the connection to the internet...... here is the procedure of what happened........

@ After having the RogueKiller used and deleted the items that showed up,
I strarted the Malwarebytes scan... after a while,(and when I had already deleted some quarantine items in the Malwarebytes) I REALIZED that the connection with the internet was starting to get lost. I CHECKED ,and it was my ETHERNET REALTEK NIC programme missing. I WAS ABOUT TO communicate with you,in here,from my sisters laptop,but,I DID a System Restore and the connection came back. I DONT know IF IT WILL last though,if I turn the pc off again after hours maybe.

So,I must tell here that WHEN I started the Malwarebytes scan- as Im reffering in the beggining - I remember some EHTERNET files... that might have been deleted. I had them printed-screened. Im trying to guess the reason for having my connection lost.

 

[absalom]

these are the Malwarebytes logs,in print-screen.

 

[Broni]

Can you post MBAM log?

• open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

[absalom]

Ill do it. But these logs Im showing you,were in Quarantine.
what date of Scanned logs you want???? this is of the 16th today.

But.... tell me,should I UPDATE the Realtek Ethernet? would this cause any effect?

 

[absalom]

THIS IS THE ADWCLEANER REPORT


# AdwCleaner v4.112 - Logfile created 16/03/2015 at 13:49:27
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : DIMITRIS - YPOLOGISTIS
# Running from : C:\Users\DIMITRIS\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\50CoiuapaonoS
Folder Deleted : C:\Program Files\50Cooupons
Folder Deleted : C:\Program Files\GrreataSaveo4U
Folder Deleted : C:\Program Files\PriCEELess
Folder Deleted : C:\Users\DIMITRIS\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\DIMITRIS\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\DIMITRIS\AppData\Roaming\ParetoLogic
Folder Deleted : C:\ProgramData\ahlnnkdkemhadhfaehjogeamchnofabl
File Deleted : C:\Users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\invalidprefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\P18d32c9a_b516_4b21_865c_2794b12cb21e_.P18d32c9a_b516_4b21_865c_2794b12cb21e_
Key Deleted : HKLM\SOFTWARE\Classes\P18d32c9a_b516_4b21_865c_2794b12cb21e_.P18d32c9a_b516_4b21_865c_2794b12cb21e_.9
Key Deleted : HKLM\SOFTWARE\Classes\P5964b0c7_ba54_430b_82a6_85a3d30596b0_.P5964b0c7_ba54_430b_82a6_85a3d30596b0_
Key Deleted : HKLM\SOFTWARE\Classes\P5964b0c7_ba54_430b_82a6_85a3d30596b0_.P5964b0c7_ba54_430b_82a6_85a3d30596b0_.9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18d32c9a-b516-4b21-865c-2794b12cb21e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5964b0c7-ba54-430b-82a6-85a3d30596b0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18d32c9a-b516-4b21-865c-2794b12cb21e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5964b0c7-ba54-430b-82a6-85a3d30596b0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18d32c9a-b516-4b21-865c-2794b12cb21e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{18d32c9a-b516-4b21-865c-2794b12cb21e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5964b0c7-ba54-430b-82a6-85a3d30596b0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A54C6B5-CF7E-4DE3-AE22-4DE4384532A2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2712AFFD-EC40-4303-B561-9BFBE0D0D619}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF549236-6258-4AC6-A043-5B5B89C6EB61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Settings Manager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AF549236-6258-4AC6-A043-5B5B89C6EB61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Protector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16609


-\\ Mozilla Firefox v26.0 (el)


-\\ Google Chrome v


-\\ Opera v28.0.1750.40


*************************

AdwCleaner[R0].txt - [12394 bytes] - [15/01/2014 02:31:25]
AdwCleaner[R1].txt - [965 bytes] - [15/01/2014 03:05:01]
AdwCleaner[R2].txt - [4655 bytes] - [16/03/2015 13:44:26]
AdwCleaner[S0].txt - [12655 bytes] - [15/01/2014 02:33:38]
AdwCleaner[S1].txt - [1027 bytes] - [15/01/2014 03:06:41]
AdwCleaner[S2].txt - [4439 bytes] - [16/03/2015 13:49:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4498 bytes] ##########

 

[absalom]

this IS THE JUNKWARE REPORT.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by DIMITRIS on ƒœ¬ 16/03/2015 at 14:34:33.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\DIMITRIS\AppData\Roaming\mozilla\firefox\profiles\na8najap.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ƒœ¬ 16/03/2015 at 14:39:23.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Create new restore point and re-run RogueKiller.
Create new restore point and re-run MBAM.
Post both logs.

 

[absalom]

Ok......

 

[Broni]

..and?

 

[absalom]

ROGUE KILLER LOGS

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : DIMITRIS [Administrator]
Started from : C:\Users\DIMITRIS\Downloads\RogueKiller.exe
Mode : Delete -- Date : 03/23/2015 10:14:00

¤¤¤ Processes : 1 ¤¤¤
[Proc.Svchost] svchost.exe(3384) -- [x] -> Killed [TermThr]

¤¤¤ Registry : 25 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7157C43A-713F-49A7-81A5-9FA012C2E398} | NameServer : 169.254.250.250 [UNITED STATES (US)] -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.WallPaper] HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Control Panel\Desktop | WallPaper : C:\Windows\Web\Wallpaper\img7.jpg -> Not selected

¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] CQJNUU.job -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> ERROR [0]
[Suspicious.Path] GBEGBQ.job -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> ERROR [0]
[Suspicious.Path] \\CQJNUU -- C:\Users\DIMITRIS\AppData\Roaming\CQJNUU.exe (/infocmdline=VhHH7A7XPKx4gQlvFdo9+mK0BLFCLvZPcSJWJMX4WlgyoWfpGNY7QGdFsJgZtBZqwnuzLa/gZfC3xmJl6s0+XPcpmOw+rcRXfLgkDRhza34SrRoyUsXuSpO+Gs/Myw8CgzkCSnWZUtTQOHJLPqVhEi56exlTmPtqP3Ggk0iMmN0FQiGUkv5KF5q/CTEL/qsPeHhxjj3314dlzfvN4CCaHuwCTlauK3YvKTuNpND8gs6ev3JRuNWQCh5g3Ixs8Y8wfa4XV6txJw/j95TFHI+a68HAxwalBbez+GOv0iomM8QvaTvZ0NTV/CrTVUrd/sj1utE0KkJIBBwimviUz5NkCBs4AkaMEP6zEKElwpYglOowO1hgTXWOPGfLCeMx/h3PE2dI3Gf8cYp4ByokcHKxhKdQx8uob8RAKJaIv41EYeFae0x5m2b36g/Y28rRL02oTeLV9AEhKwqD/NexIGYz9OLaG0xhm/QiWtA04ferp44+oIfZRhhgZwl9UEWsf2fG) -> ERROR [0]
[Suspicious.Path] \\GBEGBQ -- C:\Users\DIMITRIS\AppData\Roaming\GBEGBQ.exe (/infocmdline=URRy2/bg13rm8x6DbEKqFll6tQUIUVqO+O6hDyWCovs5Ps2aqFUvnNm8licq8GOVE4WqpotFoMvVxW5NqmzbOywPOHFhKk6ojp+vI/RJsJgWer+jaWC+8sz1ePCaY+o+hWua5/diz7v5+IBeDpZu6gaKGgKtxasbXPpzOKNBXn2mZgroiW+7AgfN5gS8X2JLRGYqwjQFcnFOwQz5ogfRdtVvEQRxMCl+LJ+g9uo68yyAfJW7Lvo1J22WHxkkPY4SxYd/v5PT3Skr8SLO6fOy2ucXjO+6ILfgOMJMDcf48BVh0RJlNyUs47iqZhHPiMOpwqFvoPfJ0suzGmQDGo19+CjwqBwLmnKAq1VguhqsqoepOrCpzuQkdm7fbq4HVzSfWLyttxa4ZYZ1CN273cuqjI0Mcxd+8WcA1sfR93b83QzkJRelXdluKyI7KR6Jzuf46jW1KOvz9xwHsxA8Cc+Yau0+eCVNYWGl24Et0fxIFJIN8GxjsnRCNZoV38ByuUwi) -> ERROR [0]

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x891511e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x891511e8

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKX-00ERMA0 ATA Device +++++
--- User ---
[MBR] 8858a9278792b5eabb678ce717f16aac
[BSP] db5394e192465c077b12bca589f200a3 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_03142015_181210.log - RKreport_SCN_03142015_180842.log - RKreport_SCN_03232015_101204.log - RKreport_DEL_03232015_101316.log
RKreport_DEL_03232015_101348.log

 

[absalom]

MALWAREBYTES LOGS


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/3/2015
Scan Time: 10:19:27 πμ
Logfile: DEYTERO MALWAREBYTES.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.23.02
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: DIMITRIS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384285
Time Elapsed: 34 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[absalom]

COMBOFIX Log Report
ComboFix 15-03-23.01 - DIMITRIS 24/03/2015 1:07.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.1023.271 [GMT 2:00]
Running from: c:\users\DIMITRIS\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\11321316169410382761
c:\programdata\11321316169410382761\14e3ff1a5b63b70fbb5f4b1522b589f9.ini
c:\programdata\11321316169410382761\33c7d52988179474bb5f4b1522b589f9.ini
c:\programdata\11321316169410382761\48b3953b525f68d7bb5f4b1522b589f9.ini
c:\programdata\11321316169410382761\cd5b15e575e1c3d0bb5f4b1522b589f9.ini
c:\programdata\11321316169410382761\e62923f612d821d1bb5f4b1522b589f9.ini
c:\programdata\11321316169410382761\f58fc3a7beebbd86bb5f4b1522b589f9.ini
c:\programdata\11321316169410382761\f70fcb9ed91b0ab1bb5f4b1522b589f9.ini
c:\programdata\4153593714
c:\programdata\pmt_0piot.pad
c:\users\DIMITRIS\AppData\Roaming\121A.tmp
c:\users\DIMITRIS\AppData\Roaming\3D8C.tmp
c:\windows\msdownld.tmp
c:\windows\system32\install
.
.
((((((((((((((((((((((((( Files Created from 2015-02-23 to 2015-03-23 )))))))))))))))))))))))))))))))
.
.
2015-03-23 23:25 . 2015-03-23 23:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-23 21:31 . 2015-03-23 21:31 -------- d-----w- C:\found.005
2015-03-23 07:53 . 2015-03-23 07:53 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5205CB4-23C0-40B9-B789-F7607E8F5149}\MpKsl2f76a42c.sys
2015-03-23 07:52 . 2015-03-23 07:52 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-18 14:53 . 2014-09-17 09:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0712A70C-5901-4F10-9A6B-0715B77CD3D0}\gapaengine.dll
2015-03-18 14:33 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5205CB4-23C0-40B9-B789-F7607E8F5149}\mpengine.dll
2015-03-14 18:47 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-14 15:54 . 2015-03-23 08:15 -------- d-----w- c:\programdata\RogueKiller
2015-03-13 20:19 . 2015-03-13 20:19 -------- d-----w- c:\program files\McAfee Security Scan
2015-03-13 19:16 . 2015-03-13 20:19 -------- d-----w- c:\programdata\McAfee Security Scan
2015-03-13 19:15 . 2015-03-13 19:15 -------- d-----w- c:\programdata\McAfee
2015-03-10 01:07 . 2015-03-10 01:13 -------- dc----w- C:\FRST
2015-03-09 16:34 . 2015-03-09 16:34 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys
2015-03-09 16:34 . 2015-03-09 16:34 11440 ----a-w- c:\windows\system32\drivers\vmmouse.sys
2015-03-09 16:34 . 2015-03-09 16:34 143344 ----a-w- c:\windows\system32\drivers\vmhgfs.sys
2015-03-09 16:34 . 2015-03-09 16:34 98928 ----a-w- c:\windows\system32\drivers\vmci.sys
2015-03-09 16:34 . 2015-03-09 16:34 25136 ----a-w- c:\windows\system32\drivers\vmaudio.sys
2015-03-09 16:34 . 2015-03-09 16:34 107120 ----a-w- c:\windows\system32\drivers\vm3dmp.sys
2015-03-09 16:34 . 2015-03-09 16:34 386616 ----a-w- c:\windows\system32\drivers\MegaSR.sys
2015-03-09 16:34 . 2015-03-09 16:34 6656 ----a-w- c:\windows\system32\drivers\errdev.sys
2015-03-09 16:34 . 2015-03-09 16:34 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2015-03-09 16:34 . 2015-03-09 16:34 45568 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2015-03-09 16:34 . 2015-03-09 16:34 -------- d-----w- c:\windows\system32\SPReview
2015-03-09 16:34 . 2015-03-09 16:34 386464 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll
2015-03-09 16:30 . 2015-03-09 16:30 484192 ----a-w- c:\windows\system32\TPSvc.dll
2015-03-09 16:30 . 2015-03-09 16:30 144664 ----a-w- c:\windows\system32\tprdpw32.dll
2015-03-09 16:30 . 2015-03-09 16:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2015-03-09 16:30 . 2015-03-09 16:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2015-03-09 16:30 . 2015-03-09 16:30 17408 ----a-w- c:\windows\system32\corpol.dll
2015-03-09 16:15 . 2015-03-09 16:15 -------- d-----w- c:\programdata\Weskysoft
2015-03-07 12:59 . 2015-03-07 12:59 -------- d-----w- c:\program files\Common Files\Java
2015-03-03 18:47 . 2015-03-03 18:47 114904 ----a-w- c:\windows\system32\drivers\50515F29.sys
2015-02-28 21:49 . 2015-02-28 21:49 114904 ----a-w- c:\windows\system32\drivers\59B37FEE.sys
2015-02-23 20:04 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-23 02:20 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-02-23 02:20 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-02-23 02:20 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2015-02-23 02:19 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-02-23 02:14 . 2014-11-04 00:19 2048 ----a-w- c:\windows\system32\tzres.dll
2015-02-23 01:59 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-02-23 01:59 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2015-02-23 01:58 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2015-02-23 01:58 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2015-02-23 01:53 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-23 01:45 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-02-23 01:44 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-23 01:44 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-23 01:44 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-23 01:44 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2015-02-23 01:43 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-23 01:40 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-02-23 01:40 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-02-23 01:40 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-02-23 01:28 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-23 01:27 . 2015-02-23 01:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-02-23 01:22 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-23 01:22 . 2014-12-03 02:06 278528 ----a-w- c:\windows\system32\schannel.dll
2015-02-23 01:22 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-23 01:10 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-23 01:09 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
2015-02-22 18:35 . 2015-01-14 01:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-22 18:35 . 2015-01-14 01:41 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2015-02-22 18:35 . 2015-01-14 01:41 195072 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2015-02-22 18:35 . 2015-01-14 01:41 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2015-02-22 18:35 . 2015-01-14 01:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-22 18:14 . 2015-02-22 18:14 215475 ----a-w- c:\windows\oem_uninst.exe
2015-02-22 18:04 . 2015-02-22 18:04 -------- d-----w- c:\program files\DLLSuite
2015-02-22 03:23 . 2015-03-22 06:20 -------- d-----w- c:\windows\system32\catroot2
2015-02-22 02:51 . 2015-03-23 22:10 -------- d-----w- c:\windows\system32\wbem\repository
2015-02-22 02:03 . 2015-02-22 03:26 181064 ----a-w- c:\windows\PSEXESVC.EXE
2015-02-22 01:47 . 2015-02-22 01:47 -------- dc----w- C:\RegBackup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-23 22:50 . 2015-02-21 22:23 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-03-17 04:15 . 2015-02-21 22:31 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 04:15 . 2015-02-21 22:31 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 04:15 . 2015-02-21 22:20 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-07 12:55 . 2015-02-18 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-03 04:50 . 2009-10-03 09:57 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2015-02-17 22:26 . 2014-01-12 10:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 22:26 . 2014-01-12 10:13 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-12 4186112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2013-01-31 2859296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 978520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-04 23:01 4489472 ----a-w- c:\users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSIDLL"=rundll32.exe msiwtl32.dll,ilveTqIxD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-12 22:26]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.pctools.com/mrc/fix_homepage/
mSearchURL = hxxp://www.Google.com/
TCP: Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
FF - ProfilePath - c:\users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Facebook Update - c:\users\DIMITRIS\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-MSIDLL - msiuic32.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-TorrentEasy - c:\program files\TorrentEasy\TorrentEasy.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-24 01:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CD6E2E5-6388-3395-55F1-28F39FA6F24A}*]
@Allowed: (Read) (RestrictedCode)
"gafmglfkpiibke"=hex:61,63,63,6c,61,63,68,6b,64,63,66,68,64,6a,65,6b,61,70,64,
6a,6d,69,63,61,66,6e,66,61,64,69,68,6b,66,6d,6a,6a,61,67,64,63,70,63,6b,67,\
.
[HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2015-03-24 01:33:27
ComboFix-quarantined-files.txt 2015-03-23 23:33
.
Pre-Run: 31 Κατάλογοι 109.692.678.144 διαθέσιμα byte
Post-Run: 35 Κατάλογοι 116.102.332.416 διαθέσιμα byte
.
- - End Of File - - D0D826AB578B027A85B423EA9D8D330C
5C616939100B85E558DA92B899A0FC36

 

[Broni]

Uninstall McAfee Security Scan, typical foistware.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RegNull;;
[HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CD6E2E5-6388-3395-55F1-28F39FA6F24A}*]

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[absalom]

ComboFix 15-03-23.01 - DIMITRIS 24/03/2015 17:14:35.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.1023.391 [GMT 2:00]
Running from: c:\users\DIMITRIS\Desktop\ComboFix.exe
Command switches used :: c:\users\DIMITRIS\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-02-24 to 2015-03-24 )))))))))))))))))))))))))))))))
.
.
2015-03-24 15:29 . 2015-03-24 15:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-24 15:29 . 2015-03-24 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-23 23:35 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0078CF38-F0F3-4164-B8A3-8D8F95C41EAF}\mpengine.dll
2015-03-23 21:31 . 2015-03-23 21:31 -------- d-----w- C:\found.005
2015-03-23 07:52 . 2015-03-23 07:52 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-18 14:53 . 2014-09-17 09:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0712A70C-5901-4F10-9A6B-0715B77CD3D0}\gapaengine.dll
2015-03-14 18:47 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-14 15:54 . 2015-03-23 08:15 -------- d-----w- c:\programdata\RogueKiller
2015-03-10 01:07 . 2015-03-10 01:13 -------- dc----w- C:\FRST
2015-03-09 16:34 . 2015-03-09 16:34 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys
2015-03-09 16:34 . 2015-03-09 16:34 11440 ----a-w- c:\windows\system32\drivers\vmmouse.sys
2015-03-09 16:34 . 2015-03-09 16:34 143344 ----a-w- c:\windows\system32\drivers\vmhgfs.sys
2015-03-09 16:34 . 2015-03-09 16:34 98928 ----a-w- c:\windows\system32\drivers\vmci.sys
2015-03-09 16:34 . 2015-03-09 16:34 25136 ----a-w- c:\windows\system32\drivers\vmaudio.sys
2015-03-09 16:34 . 2015-03-09 16:34 107120 ----a-w- c:\windows\system32\drivers\vm3dmp.sys
2015-03-09 16:34 . 2015-03-09 16:34 386616 ----a-w- c:\windows\system32\drivers\MegaSR.sys
2015-03-09 16:34 . 2015-03-09 16:34 6656 ----a-w- c:\windows\system32\drivers\errdev.sys
2015-03-09 16:34 . 2015-03-09 16:34 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2015-03-09 16:34 . 2015-03-09 16:34 45568 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2015-03-09 16:34 . 2015-03-09 16:34 -------- d-----w- c:\windows\system32\SPReview
2015-03-09 16:34 . 2015-03-09 16:34 386464 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll
2015-03-09 16:30 . 2015-03-09 16:30 484192 ----a-w- c:\windows\system32\TPSvc.dll
2015-03-09 16:30 . 2015-03-09 16:30 144664 ----a-w- c:\windows\system32\tprdpw32.dll
2015-03-09 16:30 . 2015-03-09 16:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2015-03-09 16:30 . 2015-03-09 16:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2015-03-09 16:30 . 2015-03-09 16:30 17408 ----a-w- c:\windows\system32\corpol.dll
2015-03-09 16:15 . 2015-03-09 16:15 -------- d-----w- c:\programdata\Weskysoft
2015-03-07 12:59 . 2015-03-07 12:59 -------- d-----w- c:\program files\Common Files\Java
2015-03-03 18:47 . 2015-03-03 18:47 114904 ----a-w- c:\windows\system32\drivers\50515F29.sys
2015-02-28 21:49 . 2015-02-28 21:49 114904 ----a-w- c:\windows\system32\drivers\59B37FEE.sys
2015-02-23 20:04 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-23 02:20 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-02-23 02:20 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-02-23 02:20 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2015-02-23 02:19 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-02-23 02:14 . 2014-11-04 00:19 2048 ----a-w- c:\windows\system32\tzres.dll
2015-02-23 01:59 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-02-23 01:59 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2015-02-23 01:58 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2015-02-23 01:58 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2015-02-23 01:53 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-23 01:45 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-02-23 01:44 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-23 01:44 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-23 01:44 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-23 01:44 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2015-02-23 01:43 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-23 01:40 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-02-23 01:40 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-02-23 01:40 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-02-23 01:28 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-23 01:27 . 2015-02-23 01:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-02-23 01:22 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-23 01:22 . 2014-12-03 02:06 278528 ----a-w- c:\windows\system32\schannel.dll
2015-02-23 01:22 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-23 01:10 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-23 01:09 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
2015-02-22 18:35 . 2015-01-14 01:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-22 18:35 . 2015-01-14 01:41 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2015-02-22 18:35 . 2015-01-14 01:41 195072 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2015-02-22 18:35 . 2015-01-14 01:41 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2015-02-22 18:35 . 2015-01-14 01:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-22 18:14 . 2015-02-22 18:14 215475 ----a-w- c:\windows\oem_uninst.exe
2015-02-22 18:04 . 2015-02-22 18:04 -------- d-----w- c:\program files\DLLSuite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-24 14:07 . 2015-02-21 22:23 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-03-17 04:15 . 2015-02-21 22:31 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 04:15 . 2015-02-21 22:31 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 04:15 . 2015-02-21 22:20 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-07 12:55 . 2015-02-18 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-03 04:50 . 2009-10-03 09:57 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-22 03:26 . 2015-02-22 02:03 181064 ----a-w- c:\windows\PSEXESVC.EXE
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2015-02-20 22:29 . 2015-02-20 22:29 110080 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2015-02-17 22:26 . 2014-01-12 10:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 22:26 . 2014-01-12 10:13 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\DIMITRIS\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-12 4186112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2013-01-31 2859296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 978520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-04 23:01 4489472 ----a-w- c:\users\DIMITRIS\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSIDLL"=rundll32.exe msiwtl32.dll,ilveTqIxD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-12 22:26]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.pctools.com/mrc/fix_homepage/
mSearchURL = hxxp://www.Google.com/
TCP: Interfaces\{477D8F93-64FE-4185-8251-1BFB5C9CB076}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110324084242
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
FF - ProfilePath - c:\users\DIMITRIS\AppData\Roaming\Mozilla\Firefox\Profiles\na8najap.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-24 17:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CD6E2E5-6388-3395-55F1-28F39FA6F24A}*]
@Allowed: (Read) (RestrictedCode)
"gafmglfkpiibke"=hex:61,63,63,6c,61,63,68,6b,64,63,66,68,64,6a,65,6b,61,70,64,
6a,6d,69,63,61,66,6e,66,61,64,69,68,6b,66,6d,6a,6a,61,67,64,63,70,63,6b,67,\
.
[HKEY_USERS\S-1-5-21-4062343756-1977868193-1024004534-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2015-03-24 17:36:03
ComboFix-quarantined-files.txt 2015-03-24 15:35
ComboFix2.txt 2015-03-23 23:33
.
Pre-Run: 34 Κατάλογοι 112.792.514.560 διαθέσιμα byte
Post-Run: 35 Κατάλογοι 120.983.138.304 διαθέσιμα byte
.
- - End Of File - - C7A0F0BB59C8E220E006E0ECE47D95C5
5C616939100B85E558DA92B899A0FC36

 

[absalom]

Update * Im confronting problems with the connection Internet.
I lost signal and returns,time by time.

 

[Broni]

It doesn't look like you ran Combofix fix.
Please re-read my previous reply and redo.