Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

stop: c0000135 the program can't start because %hs is missing from your computer


  • This topic is locked This topic is locked
33 replies to this topic

#1 patippa

patippa

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 24 September 2012 - 06:03 AM

sorry in advice for my english, i'm italian and my english is terrible... just 5 days ago i installed avg and a few day after pc wont go after boot win logo after that blue screen with stop: c0000135 the program can't start because %hs is missing from your computer
a very big thank you in advice and a big hug from milan!!!!!


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 22-09-2012 22:52:35
Running from L:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-20] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-26] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1694608 2012-03-12] (Bandoo Media, inc)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3039352 2012-08-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-18] ()
HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-18] ()
HKU\home\...\Run: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-14] (Google Inc.)
HKU\home\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\home\...\Run: [MusicManager] "C:\Users\home\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7321600 2012-08-31] (Google Inc.)
HKU\home\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\home\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-04-03] ()
HKU\home\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [954256 2012-04-03] (Samsung)
HKU\home\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\home\...\Run: [Facebook Update] "C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\home\...\Run: [cacaoweb] "C:\Users\home\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [433152 2012-09-17] ()
HKU\home\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [75624 2012-01-05] (Alcohol Soft Development Team)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ===================

2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe -s [234784 2010-10-07] (Apple Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5751928 2012-08-19] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [184304 2012-08-19] (AVG Technologies CZ, s.r.o.)
2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-24] ()
2 UserAccess7; C:\Windows\SysWow64\UAService7.exe [143360 2012-06-08] (Sony DADC Austria AG.)
2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-18] ()

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [150880 2012-08-13] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [60768 2012-08-09] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [175968 2012-08-09] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [230240 2012-08-09] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [105312 2012-08-09] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40288 2012-08-09] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [199520 2012-08-09] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-18] (AVG Technologies)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2012-01-14] (DT Soft Ltd)
3 mobiolavs; C:\Windows\System32\Drivers\mobiolavs.sys [28304 2011-04-06] (SHAPE Services GmbH)
3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [29120 2011-04-06] (SHAPE Services)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-06-20] (Duplex Secure Ltd.)
3 ssdudfu; C:\Windows\System32\Drivers\ssdudfu.sys [101960 2011-10-26] (MCCI)
3 ssudobex; C:\Windows\System32\Drivers\ssudobex.sys [203320 2012-02-24] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 ss_bus; C:\Windows\System32\Drivers\ss_bus.sys [127488 2011-10-26] (MCCI Corporation)
3 ss_mdfl; C:\Windows\System32\Drivers\ss_mdfl.sys [18944 2011-10-26] (MCCI Corporation)
3 ss_mdm; C:\Windows\System32\Drivers\ss_mdm.sys [161280 2011-10-26] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-22 09:49 - 2012-09-22 21:03 - 00000000 ____D C:\Users\All Users\Recovery
2012-09-21 03:11 - 2012-09-21 03:11 - 00010014 ____A C:\Users\home\Documents\anagrafica.xlsx
2012-09-21 01:56 - 2012-09-21 01:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-09-21 01:56 - 2012-09-21 01:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2012-09-20 23:45 - 2012-09-20 23:47 - 00000000 ____D C:\Users\home\Downloads\Beat.the.Beat.Rhythm.Paradise.PAL.WII-SUSHi_KDFiLE.COM
2012-09-20 15:48 - 2012-09-20 22:30 - 00000000 ____D C:\Users\home\Downloads\Dark.Shadows.2012.iTALiAN.AC3.BDRip.XviD-AT0MiC.AVi
2012-09-20 15:37 - 2012-09-20 22:30 - 00000000 ____D C:\Users\home\Downloads\Scream.4.2011brrip-torr
2012-09-20 14:04 - 2012-09-20 22:30 - 00000000 ____D C:\Users\home\Downloads\Bel.Ami.2012.BDRip-TRL
2012-09-20 14:01 - 2012-09-20 22:36 - 00000000 ____D C:\Users\home\Downloads\The.Woman.In.Black.2012.iTALiAN.BDRip.XviD-TRL
2012-09-20 05:58 - 2012-09-20 05:58 - 00002563 ____A C:\Users\home\Desktop\Love Chronicles 2 La spada e la rosa.lnk
2012-09-20 00:21 - 2012-09-20 01:54 - 00000000 ____D C:\Users\home\Downloads\Hungererottagiochiames2012FtH.ttobdrip
2012-09-20 00:00 - 2012-09-20 16:53 - 00000000 ____D C:\Users\home\Downloads\Battleship.2012.BRRip.AC3.5.1.640.kbps.ITA.AVI-M4V.Streamita.net.avi
2012-09-19 23:44 - 2012-09-20 01:54 - 00000000 ____D C:\Users\home\Downloads\MInBak3Bip
2012-09-19 23:29 - 2012-09-20 00:13 - 00000000 ____D C:\Users\home\Downloads\TeDitto.Bip
2012-09-19 12:16 - 2012-09-21 01:21 - 00000000 ____D C:\Users\home\Downloads\brawl.multi5_WIIZLED.iso
2012-09-19 11:48 - 2012-09-19 11:48 - 02153266 ____A C:\Users\home\Downloads\sc-ats.rar
2012-09-19 11:40 - 2012-09-19 11:40 - 00002152 ____A C:\Users\Public\Desktop\Awesomenauts.lnk
2012-09-19 11:40 - 2012-09-19 11:40 - 00000000 ____D C:\Program Files (x86)\Ronimo Games
2012-09-19 11:16 - 2012-09-19 11:35 - 00000000 ____D C:\Users\home\Downloads\Awesomenauts-TiNYiSO
2012-09-19 06:32 - 2012-09-19 06:35 - 07896159 ____A C:\Users\home\Downloads\ibordisonofixatidue.rar
2012-09-19 05:27 - 2012-09-19 05:28 - 08070289 ____A C:\Users\home\Downloads\1111bord2crackfix.rar
2012-09-19 05:18 - 2012-09-19 05:18 - 00002308 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-09-19 05:12 - 2012-09-19 05:12 - 00000000 ____D C:\Program Files (x86)\2K Games
2012-09-19 01:26 - 2012-09-20 14:19 - 00000000 ____D C:\Users\home\Downloads\Borderlands 2
2012-09-19 00:53 - 2012-09-22 18:26 - 00000000 ____D C:\Windows\LastGood
2012-09-19 00:53 - 2012-09-22 09:55 - 00000000 ____D C:\Windows\LastGood.Tmp
2012-09-19 00:52 - 2012-08-30 11:14 - 26228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 19828584 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 13391720 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-09-19 00:52 - 2012-08-30 11:14 - 12465512 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 09066344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 07626088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 07397736 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 06109032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 02745192 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 02573672 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 02216808 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 01866088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 00830312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-09-19 00:52 - 2012-08-30 11:14 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-09-19 00:52 - 2012-07-03 07:25 - 00189288 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-09-19 00:52 - 2012-07-03 07:25 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-09-19 00:43 - 2012-09-19 00:49 - 227564624 ____A (NVIDIA Corporation) C:\Users\home\Downloads\306.23-desktop-win8-win7-winvista-64bit-international-whql.exe
2012-09-18 23:57 - 2012-09-19 00:59 - 00000000 ____D C:\Users\home\Downloads\Borderlands.2-Ski-RM
2012-09-18 23:55 - 2012-09-18 23:55 - 00000000 ____D C:\Users\home\AppData\Roaming\AVG2013
2012-09-18 23:50 - 2012-09-18 23:50 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-09-18 23:50 - 2012-09-18 23:50 - 00000935 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-09-18 23:50 - 2012-09-18 23:50 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-09-18 09:40 - 2012-09-18 09:40 - 00002194 ____A C:\Users\home\Desktop\lostrealms.exe - collegamento.lnk
2012-09-18 07:26 - 2012-09-20 03:09 - 00000000 ____D C:\Users\home\Desktop\Nuova cartella (4)
2012-09-18 01:36 - 2012-09-18 02:30 - 00000000 ____D C:\Users\home\Downloads\Fieldrunners_2-HD-v1.0-Devilhoofer.ipa
2012-09-17 21:48 - 2012-09-17 21:49 - 00000000 ____D C:\Users\home\AppData\Local\{B7EAF21C-7A82-41A5-9FFA-DDC36B90B75A}
2012-09-17 09:39 - 2012-09-17 09:39 - 00000000 ____D C:\Users\home\AppData\Roaming\blg
2012-09-17 09:39 - 2012-09-17 09:39 - 00000000 ____D C:\Users\All Users\blg
2012-09-17 08:09 - 2012-09-18 09:42 - 00000000 ____D C:\Users\home\AppData\Roaming\VendelGAMES
2012-09-16 09:48 - 2012-09-18 07:42 - 00000000 ____D C:\Users\home\Downloads\Love-Chronicles-L-incantesimo
2012-09-16 09:48 - 2012-09-17 08:06 - 00000000 ____D C:\Users\home\Downloads\LoReLeSuPri
2012-09-16 09:13 - 2012-09-16 09:15 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2012-09-16 08:40 - 2012-09-18 09:41 - 00000000 ____D C:\Users\home\Downloads\Love-Chronicles-2-La-spada-e-la-rosa
2012-09-16 08:19 - 2012-09-18 07:42 - 00000000 ____D C:\Users\home\Downloads\Love-Death-Bitten
2012-09-16 08:19 - 2012-09-18 07:42 - 00000000 ____D C:\Users\home\Downloads\Love_&_Death_Bitten
2012-09-16 08:19 - 2012-09-18 07:42 - 00000000 ____D C:\Users\home\Downloads\Love Chronicles 2 La spada e la rosa
2012-09-16 08:04 - 2012-09-16 08:04 - 00000000 ____D C:\Users\home\AppData\Roaming\TuneUp Software
2012-09-16 08:04 - 2012-09-16 08:04 - 00000000 ____D C:\Users\home\AppData\Local\AVG Secure Search
2012-09-16 08:04 - 2012-09-16 08:04 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-09-16 08:03 - 2012-09-18 23:49 - 00000000 ____D C:\Users\All Users\AVG2013
2012-09-16 08:03 - 2012-09-16 08:03 - 00000000 ___HD C:\$AVG
2012-09-16 08:02 - 2012-09-18 07:38 - 00000000 ____D C:\Program Files (x86)\AVG
2012-09-16 07:59 - 2012-09-22 18:26 - 00000000 ____D C:\Users\All Users\MFAData
2012-09-16 07:59 - 2012-09-16 08:12 - 00000000 ____D C:\Users\home\AppData\Local\Avg2013
2012-09-16 07:59 - 2012-09-16 07:59 - 04411392 ____A (AVG Technologies) C:\Users\home\Downloads\avg_free_stb_all_2013_2667.exe
2012-09-16 07:59 - 2012-09-16 07:59 - 00000000 ____D C:\Users\home\AppData\Local\MFAData
2012-09-16 01:23 - 2012-09-16 01:23 - 00000000 ____D C:\Users\home\AppData\Local\{90472C72-9508-42BE-86A1-61EF1031BFFB}
2012-09-15 16:12 - 2012-09-19 00:58 - 00000580 ____A C:\Windows\setupact.log
2012-09-15 16:12 - 2012-09-15 16:12 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 00:30 - 2012-09-18 07:39 - 00000000 ____D C:\Users\home\Documents\Nuova cartella
2012-09-14 11:52 - 2012-09-14 11:52 - 00312576 ____A C:\Users\home\Documents\cc_20120914_215225.reg
2012-09-14 11:50 - 2012-09-18 07:38 - 00000000 ____D C:\Program Files\CCleaner
2012-09-14 11:50 - 2012-09-14 11:50 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-14 11:49 - 2012-09-14 11:50 - 03927560 ____A (Piriform Ltd) C:\Users\home\Downloads\ccsetup322.exe
2012-09-14 10:14 - 2012-09-14 10:14 - 00000026 ___AS C:\cfg.ini
2012-09-14 09:19 - 2012-09-14 09:20 - 00000000 ____D C:\Users\home\AppData\Local\{0EA557C6-DF6F-4FC7-A180-7FDFACE1B2DE}
2012-09-14 03:50 - 2012-09-14 03:50 - 00000000 ____D C:\Windows\system64
2012-09-14 03:48 - 2012-09-14 03:48 - 01420039 ____A C:\Users\home\Downloads\[MT]William Golding - Il Signore Delle Mosche[Ebook-Ita-Pdf-Romanzo].zip
2012-09-12 17:18 - 2012-09-13 05:40 - 00000000 ____D C:\Users\home\AppData\Local\{0766C3FC-F54E-4BD2-A151-BD1BAC8EBC07}
2012-09-11 23:36 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 23:36 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 23:36 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 23:36 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 23:36 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 23:36 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 23:36 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 09:33 - 2012-09-11 09:33 - 00000000 ____D C:\Users\home\AppData\Local\{B8829A45-B2B4-4D42-8382-2CC2CD05855B}
2012-09-09 09:36 - 2012-09-09 09:36 - 00000000 ____D C:\Users\home\AppData\Local\{C9EAC528-5D1D-40C9-9263-B3ED8D49A611}
2012-09-07 05:18 - 2012-09-07 05:18 - 00000000 ____A C:\Users\home\Downloads\9D27.tmp
2012-09-06 01:02 - 2012-09-06 01:02 - 00000000 ____D C:\Users\home\AppData\Local\{42813AEF-EFF0-4D54-B3E1-079D0B187E5E}
2012-09-05 17:01 - 2012-09-18 07:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-09-05 17:01 - 2012-09-05 17:01 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-04 08:12 - 2012-09-04 08:15 - 05289849 ____A C:\Users\home\Downloads\AirParrot.v1.0.4.Incl.Keygen.and.Patch-Lz0.rar
2012-09-04 08:00 - 2012-09-04 21:47 - 00000000 ____D C:\Program Files (x86)\AirParrot
2012-09-04 08:00 - 2012-09-04 08:00 - 00002905 ____A C:\Users\home\Desktop\AirParrot.lnk
2012-09-04 08:00 - 2012-09-04 08:00 - 00000000 ____D C:\Users\home\AppData\Local\AirParrot
2012-09-04 07:58 - 2012-09-04 07:59 - 03039232 ____A C:\Users\home\Downloads\AirParrot.msi
2012-09-03 06:37 - 2012-09-03 06:37 - 00000000 ____D C:\Users\home\Documents\IAmAlive
2012-09-03 06:26 - 2012-09-18 07:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-09-02 23:55 - 2012-09-03 05:55 - 00000000 ____D C:\Users\home\Downloads\IA4mAl5iv6e-elamigos
2012-09-01 07:38 - 2012-09-01 07:39 - 00000000 ____D C:\Users\home\AppData\Local\{023E46EA-1215-46E6-8195-175E4A4B194C}
2012-08-31 23:59 - 2012-09-01 00:32 - 391716855 ____A C:\Users\home\Downloads\Italia-v1.11-TheCyber.ipa
2012-08-31 05:37 - 2008-10-25 05:17 - 25562526 ____A C:\Users\home\Desktop\0201 - Mario Kart DS (E)_trim.nds
2012-08-30 21:39 - 2012-08-30 21:39 - 00000000 ____D C:\Users\home\AppData\Local\{5EDCE5A7-EB3D-4688-B395-B69FC78903E6}
2012-08-30 13:40 - 2012-06-27 11:35 - 01264247 ____A C:\Users\home\Desktop\Ted Dekker - Il Cimitero Dei Vangeli Segreti.mobi
2012-08-30 13:36 - 2012-08-30 13:36 - 03966408 ____A C:\Users\home\Downloads\Ted Dekker - Il Cimitero Dei Vangeli Segreti [PDF Epub Mobi].zip
2012-08-30 05:08 - 2012-08-30 05:09 - 00000000 ____D C:\Users\home\AppData\Local\{5B2AA749-FC58-4D15-93FA-BF9B7AE7A8EB}
2012-08-30 00:40 - 2012-08-30 00:40 - 00429416 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-08-29 10:38 - 2012-08-29 10:40 - 00000000 ____D C:\Users\home\Downloads\5441674SS
2012-08-29 10:25 - 2012-08-29 10:25 - 00000000 ____D C:\Program Files (x86)\Steam
2012-08-29 07:13 - 2012-08-29 07:13 - 01316813 ____A C:\Users\home\Downloads\Wood For R4SDHC v1.29.zip
2012-08-29 07:01 - 2012-08-29 07:05 - 31867772 ____A C:\Users\home\Downloads\Italian-1.34.rar
2012-08-29 06:02 - 2012-08-29 07:17 - 00000000 ____D C:\Users\home\Desktop\TWEWYv2
2012-08-29 05:40 - 2012-08-29 05:45 - 00000000 ____D C:\Users\home\Desktop\Nuova cartella
2012-08-29 04:55 - 2012-08-29 06:02 - 00000000 ____D C:\Users\home\Downloads\WorldEndsWithYou_eng
2012-08-27 14:15 - 2012-08-27 14:15 - 05156308 ____A C:\Users\home\Downloads\TWEWYv2.rar
2012-08-27 07:29 - 2012-08-27 07:29 - 00000000 ____D C:\Users\home\AppData\Roaming\DieselPuppet
2012-08-27 07:28 - 2012-08-23 00:08 - 00002573 ____A C:\Users\home\Desktop\Twisted Lands Shadow Town Edizione Speciale - Copia.lnk
2012-08-26 06:57 - 2012-09-19 04:59 - 00000000 ____D C:\Users\home\Downloads\Serenity.2005.iTALiAN.AC3.DVDRip.XviD
2012-08-26 02:22 - 2012-09-22 18:26 - 00000000 ____D C:\DVDConverterPortable
2012-08-26 02:17 - 2012-08-26 02:17 - 00293457 ____A (PortableAppZ.blogspot.com) C:\Users\home\Downloads\DVD_Converter_Portable_4.x.x_Multilingual_Online.exe
2012-08-26 02:09 - 2012-09-19 04:59 - 00000000 ____D C:\Users\home\Downloads\The.Avengers.2012.iTALiAN.REPACK.MD.DVDRip.XViD-REV
2012-08-26 00:44 - 2012-09-18 07:39 - 00000000 ____D C:\Users\home\Downloads\TraFa.of.Cy.Lan.Sel.incl.Crkfix-SKI
2012-08-24 07:33 - 2012-08-24 07:33 - 00001391 ____A C:\Users\home\Desktop\TFOC.exe - collegamento.lnk
2012-08-24 04:23 - 2012-08-24 04:23 - 00000000 ____A C:\Users\home\Downloads\98798456457-tfc.part07.rar.part
2012-08-23 15:08 - 2012-08-23 15:11 - 00000000 ____D C:\Users\home\AppData\Local\{085A95B3-38CF-47E8-9658-F6184FACDF41}
2012-08-23 15:08 - 2012-08-23 15:08 - 00000000 ____D C:\Users\home\AppData\Local\{D4C64BF5-A291-407E-B528-2BCD33BC7E8B}
2012-08-23 11:28 - 2012-08-23 11:28 - 00000000 ____D C:\Users\All Users\Alawar Stargaze
2012-08-23 10:35 - 2012-08-23 11:39 - 00460800 ____A C:\Users\home\Documents\volantino baschet.pub
2012-08-23 02:30 - 2012-08-23 04:10 - 183478011 ____A C:\Users\home\Downloads\FL Studio HD-v1.4.1-Relikk.ipa
2012-08-23 01:28 - 2012-08-23 01:28 - 00000000 ____D C:\Users\All Users\Elephant Games
2012-08-23 00:51 - 2012-08-23 00:53 - 00000000 ____D C:\Users\home\Downloads\1Surface_MysteryOfAnotherWorld_SE


==================== 3 Months Modified Files ==================

2012-09-21 03:11 - 2012-09-21 03:11 - 00010014 ____A C:\Users\home\Documents\anagrafica.xlsx
2012-09-20 14:54 - 2011-09-14 09:56 - 00001156 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034612243-3823185903-554146032-1001UA.job
2012-09-20 14:42 - 2012-02-13 12:35 - 00001146 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-20 14:19 - 2012-04-04 01:17 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-20 13:46 - 2012-01-25 13:56 - 00001174 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3034612243-3823185903-554146032-1001UA.job
2012-09-20 13:46 - 2011-09-14 09:41 - 01956760 ____A C:\Windows\WindowsUpdate.log
2012-09-20 05:58 - 2012-09-20 05:58 - 00002563 ____A C:\Users\home\Desktop\Love Chronicles 2 La spada e la rosa.lnk
2012-09-20 03:54 - 2011-09-14 09:56 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034612243-3823185903-554146032-1001Core.job
2012-09-20 01:07 - 2012-01-25 13:56 - 00001152 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3034612243-3823185903-554146032-1001Core.job
2012-09-19 23:24 - 2012-02-13 12:35 - 00001142 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-19 11:48 - 2012-09-19 11:48 - 02153266 ____A C:\Users\home\Downloads\sc-ats.rar
2012-09-19 11:40 - 2012-09-19 11:40 - 00002152 ____A C:\Users\Public\Desktop\Awesomenauts.lnk
2012-09-19 06:35 - 2012-09-19 06:32 - 07896159 ____A C:\Users\home\Downloads\ibordisonofixatidue.rar
2012-09-19 05:28 - 2012-09-19 05:27 - 08070289 ____A C:\Users\home\Downloads\1111bord2crackfix.rar
2012-09-19 05:18 - 2012-09-19 05:18 - 00002308 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-09-19 00:58 - 2012-09-15 16:12 - 00000580 ____A C:\Windows\setupact.log
2012-09-19 00:49 - 2012-09-19 00:43 - 227564624 ____A (NVIDIA Corporation) C:\Users\home\Downloads\306.23-desktop-win8-win7-winvista-64bit-international-whql.exe
2012-09-18 23:50 - 2012-09-18 23:50 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-09-18 23:50 - 2012-09-18 23:50 - 00000935 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-09-18 09:40 - 2012-09-18 09:40 - 00002194 ____A C:\Users\home\Desktop\lostrealms.exe - collegamento.lnk
2012-09-17 21:55 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-17 21:55 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-17 21:51 - 2011-08-12 03:16 - 00739004 ____A C:\Windows\System32\perfh010.dat
2012-09-17 21:51 - 2011-08-12 03:16 - 00146076 ____A C:\Windows\System32\perfc010.dat
2012-09-17 21:51 - 2009-07-13 21:13 - 01653742 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-17 21:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-16 09:06 - 2012-06-20 06:23 - 00000124 ____A C:\Users\home\Documents\ax_files.xml
2012-09-16 07:59 - 2012-09-16 07:59 - 04411392 ____A (AVG Technologies) C:\Users\home\Downloads\avg_free_stb_all_2013_2667.exe
2012-09-15 16:12 - 2012-09-15 16:12 - 00000000 ____A C:\Windows\setuperr.log
2012-09-14 12:19 - 2011-09-14 09:57 - 00002447 ____A C:\Users\home\Desktop\Google Chrome.lnk
2012-09-14 11:52 - 2012-09-14 11:52 - 00312576 ____A C:\Users\home\Documents\cc_20120914_215225.reg
2012-09-14 11:50 - 2012-09-14 11:50 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-14 11:50 - 2012-09-14 11:49 - 03927560 ____A (Piriform Ltd) C:\Users\home\Downloads\ccsetup322.exe
2012-09-14 10:14 - 2012-09-14 10:14 - 00000026 ___AS C:\cfg.ini
2012-09-14 03:48 - 2012-09-14 03:48 - 01420039 ____A C:\Users\home\Downloads\[MT]William Golding - Il Signore Delle Mosche[Ebook-Ita-Pdf-Romanzo].zip
2012-09-07 05:18 - 2012-09-07 05:18 - 00000000 ____A C:\Users\home\Downloads\9D27.tmp
2012-09-05 17:01 - 2012-09-05 17:01 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-04 08:15 - 2012-09-04 08:12 - 05289849 ____A C:\Users\home\Downloads\AirParrot.v1.0.4.Incl.Keygen.and.Patch-Lz0.rar
2012-09-04 08:00 - 2012-09-04 08:00 - 00002905 ____A C:\Users\home\Desktop\AirParrot.lnk
2012-09-04 07:59 - 2012-09-04 07:58 - 03039232 ____A C:\Users\home\Downloads\AirParrot.msi
2012-09-01 00:32 - 2012-08-31 23:59 - 391716855 ____A C:\Users\home\Downloads\Italia-v1.11-TheCyber.ipa
2012-08-30 13:36 - 2012-08-30 13:36 - 03966408 ____A C:\Users\home\Downloads\Ted Dekker - Il Cimitero Dei Vangeli Segreti [PDF Epub Mobi].zip
2012-08-30 11:14 - 2012-09-19 00:52 - 26228072 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 19828584 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 13391720 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-08-30 11:14 - 2012-09-19 00:52 - 12465512 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 09066344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 07626088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 07397736 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 06109032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 02745192 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 02573672 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 02422120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 02216808 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 01866088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 00830312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-08-30 11:14 - 2012-09-19 00:52 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-08-30 11:14 - 2012-06-02 07:22 - 18229096 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-08-30 11:14 - 2012-03-18 11:34 - 00971624 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-08-30 11:14 - 2011-10-26 03:48 - 00016366 ____A C:\Windows\System32\nvinfo.pb
2012-08-30 11:14 - 2011-09-16 23:18 - 15291752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-08-30 11:14 - 2011-09-16 23:18 - 01760104 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-08-30 11:14 - 2011-08-12 03:21 - 14879080 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-08-30 11:14 - 2011-08-12 03:21 - 02725224 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-08-30 08:18 - 2012-03-18 11:36 - 03487434 ____A C:\Windows\System32\nvcoproc.bin
2012-08-30 08:18 - 2011-03-30 00:45 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-08-30 08:18 - 2011-03-30 00:45 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-08-30 08:18 - 2011-03-30 00:45 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-08-30 08:18 - 2011-03-30 00:45 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-08-30 08:18 - 2011-03-30 00:44 - 03266920 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-08-30 08:17 - 2011-03-30 00:45 - 06198120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-08-30 00:40 - 2012-08-30 00:40 - 00429416 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-08-29 07:13 - 2012-08-29 07:13 - 01316813 ____A C:\Users\home\Downloads\Wood For R4SDHC v1.29.zip
2012-08-29 07:05 - 2012-08-29 07:01 - 31867772 ____A C:\Users\home\Downloads\Italian-1.34.rar
2012-08-27 14:15 - 2012-08-27 14:15 - 05156308 ____A C:\Users\home\Downloads\TWEWYv2.rar
2012-08-26 02:17 - 2012-08-26 02:17 - 00293457 ____A (PortableAppZ.blogspot.com) C:\Users\home\Downloads\DVD_Converter_Portable_4.x.x_Multilingual_Online.exe
2012-08-24 07:33 - 2012-08-24 07:33 - 00001391 ____A C:\Users\home\Desktop\TFOC.exe - collegamento.lnk
2012-08-24 04:23 - 2012-08-24 04:23 - 00000000 ____A C:\Users\home\Downloads\98798456457-tfc.part07.rar.part
2012-08-23 11:39 - 2012-08-23 10:35 - 00460800 ____A C:\Users\home\Documents\volantino baschet.pub
2012-08-23 04:10 - 2012-08-23 02:30 - 183478011 ____A C:\Users\home\Downloads\FL Studio HD-v1.4.1-Relikk.ipa
2012-08-23 00:08 - 2012-08-27 07:28 - 00002573 ____A C:\Users\home\Desktop\Twisted Lands Shadow Town Edizione Speciale - Copia.lnk
2012-08-22 22:38 - 2012-08-22 22:38 - 00001976 ____A C:\Users\home\Desktop\Redrum_2-Time_Lies.exe - collegamento.lnk
2012-08-22 11:33 - 2012-08-22 11:33 - 01587203 ____A C:\Users\home\Downloads\Update_kindle_5.1.2.bin
2012-08-22 11:30 - 2012-04-15 13:03 - 00000922 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-08-22 11:22 - 2012-08-22 11:19 - 48540160 ____A C:\Users\home\Downloads\calibre-0.8.65.msi
2012-08-22 10:12 - 2012-09-11 23:36 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 23:36 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 23:36 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 23:36 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 04:23 - 2012-08-21 04:22 - 13377279 ____A C:\Users\home\Downloads\D2 Crk & Updt 1 by Skdrw.rar
2012-08-19 17:12 - 2012-08-19 16:58 - 50197253 ____A C:\Users\home\Downloads\Sle3ep5ingD7og9sPatch1.3-1.4_M7-elamigos.rar
2012-08-19 09:23 - 2012-08-19 09:22 - 06657322 ____A C:\Users\home\Downloads\3DMGAME-Sleeping.Dogs.v1.4.Crack.Only-3DM.rar
2012-08-16 17:20 - 2009-07-13 20:45 - 05050368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 10:08 - 2012-08-15 10:08 - 00001012 ____A C:\Users\home\Desktop\Darksiders2.exe - collegamento.lnk
2012-08-15 02:19 - 2012-04-04 01:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 02:19 - 2011-09-14 21:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-13 06:40 - 2012-08-13 06:40 - 00150880 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-08-11 03:28 - 2012-08-11 03:26 - 07939086 ____A C:\Users\home\Downloads\runtastic PRO v3.3.2.zip
2012-08-09 18:52 - 2012-08-09 18:52 - 00199520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-09 18:52 - 2012-08-09 18:52 - 00105312 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-08-09 18:52 - 2012-08-09 18:52 - 00040288 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-08-09 03:56 - 2012-08-09 03:56 - 00230240 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
2012-08-09 03:56 - 2012-08-09 03:56 - 00175968 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-08-09 03:56 - 2012-08-09 03:56 - 00060768 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-08-09 00:04 - 2012-08-08 23:59 - 211927944 ____A (NVIDIA Corporation) C:\Users\home\Downloads\301.42-desktop-win7-winvista-64bit-international-whql (1).exe
2012-08-08 23:30 - 2012-08-08 23:30 - 00001537 ____A C:\Users\Public\Desktop\Who Wants To Be A Millionaire Special Editions.lnk
2012-08-07 08:06 - 2012-08-07 08:04 - 16418169 ____A C:\Users\home\Downloads\40_prototype2preloadfix_6819f.rar
2012-08-06 01:50 - 2012-08-06 01:50 - 00001208 ____A C:\Users\Public\Desktop\La città perduta di Zerzura.lnk
2012-08-02 14:05 - 2012-08-02 14:04 - 02206663 ____A C:\Users\home\Downloads\WebCamera v2.3.0.ipa
2012-08-02 14:01 - 2012-04-14 11:25 - 00001148 ____A C:\Users\home\Desktop\Mobiola WebCamera for iPhone.lnk
2012-08-02 14:00 - 2012-08-02 14:00 - 10305387 ____A C:\Users\home\Downloads\Mobiola_WebCamera_for_iPhone_Desktop (2).zip
2012-08-02 14:00 - 2012-08-02 14:00 - 10305387 ____A C:\Users\home\Downloads\Mobiola_WebCamera_for_iPhone_Desktop (1).zip
2012-08-02 12:44 - 2012-08-02 12:36 - 86418133 ____A C:\Users\home\Downloads\Lone Survivor PC.rar
2012-08-02 09:58 - 2012-09-11 23:36 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:37 - 2012-08-02 09:35 - 735069799 ____A C:\Users\home\Desktop\Tre.Uomini.E.Una.Pecora.2012.iTALiAN.BDRip.XviD-TRL_xvid.mp4
2012-08-02 08:57 - 2012-09-11 23:36 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-19 01:51 - 2012-07-19 01:51 - 08261106 ____A C:\Users\home\Downloads\Fergie – Feel Alive (Feat. Pitbull) iTunes Plus AAC M4A.zip
2012-07-18 10:15 - 2012-08-15 21:29 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-18 09:46 - 2012-07-18 09:46 - 00179051 ____A C:\Users\home\Downloads\imgresize (1).zip
2012-07-18 05:53 - 2012-07-18 05:53 - 00000248 ____A C:\Users\home\Downloads\S3USB.zip
2012-07-18 05:52 - 2012-07-18 05:52 - 01517376 ____A C:\Users\home\Downloads\wrar420.exe
2012-07-18 05:52 - 2012-07-18 05:51 - 08275209 ____A C:\Users\home\Downloads\8053_Windows72413.zip
2012-07-18 05:52 - 2012-07-18 05:51 - 06451444 ____A C:\Users\home\Downloads\8053_64_VCT_21113.zip
2012-07-18 05:52 - 2012-07-18 05:51 - 05152603 ____A C:\Users\home\Downloads\8053_V73113beta_64bit.zip
2012-07-18 00:28 - 2012-07-18 00:28 - 00001896 ____A C:\Users\home\Desktop\DeadIslandGame.exe - collegamento.lnk
2012-07-17 01:04 - 2012-07-17 01:04 - 00001377 ____A C:\Users\Public\Desktop\Insanely Twisted Shadow Planet.lnk
2012-07-16 23:49 - 2012-07-19 01:53 - 08671054 ____A C:\Users\home\Desktop\Fergie - Feel Alive (Feat. Pitbull).m4a
2012-07-16 00:21 - 2012-07-16 00:17 - 139603827 ____A C:\Users\home\Downloads\The Walking Dead vol.01 (Saldapress)(c2c)(2012).cbr
2012-07-16 00:17 - 2012-07-16 00:17 - 01074664 ____A C:\Users\home\Downloads\setup (2).exe
2012-07-16 00:17 - 2012-07-16 00:17 - 01074664 ____A C:\Users\home\Downloads\setup (1).exe
2012-07-14 16:17 - 2012-07-14 16:17 - 00000482 ____A C:\Users\home\Desktop\mangle.exe.log
2012-07-13 02:00 - 2012-06-20 09:23 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-13 02:00 - 2012-06-20 09:23 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-13 02:00 - 2012-06-20 09:23 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-13 02:00 - 2012-06-20 09:23 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-11 10:18 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-09 05:36 - 2012-07-09 05:36 - 00179051 ____A C:\Users\home\Downloads\imgresize.zip
2012-07-08 04:13 - 2012-07-08 03:02 - 255775844 ____A C:\Users\home\Downloads\CDGR216.rar
2012-07-06 07:20 - 2012-07-06 06:50 - 255532084 ____A C:\Users\home\Downloads\CDGR215.rar
2012-07-06 06:00 - 2012-07-06 05:30 - 255925668 ____A C:\Users\home\Downloads\CDGR212.rar
2012-07-04 14:16 - 2012-08-15 22:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 22:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 22:14 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 22:14 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 22:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-11 23:36 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-07-03 07:25 - 2012-09-19 00:52 - 00189288 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-07-03 07:25 - 2012-09-19 00:52 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-07-02 23:37 - 2012-03-18 11:34 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-06-30 09:33 - 2012-06-30 09:33 - 01838662 ____A C:\Users\home\Downloads\Downloader (5)
2012-06-30 09:32 - 2012-06-30 09:31 - 01838662 ____A C:\Users\home\Downloads\Downloader (4)
2012-06-30 09:30 - 2012-06-30 09:30 - 02300844 ____A C:\Users\home\Downloads\Downloader (1)
2012-06-30 09:30 - 2012-06-30 09:30 - 01946674 ____A C:\Users\home\Downloads\Downloader (3)
2012-06-30 09:30 - 2012-06-30 09:30 - 01838662 ____A C:\Users\home\Downloads\Downloader
2012-06-30 09:30 - 2012-06-30 09:30 - 01766502 ____A C:\Users\home\Downloads\Downloader (2)
2012-06-30 09:24 - 2012-06-30 09:24 - 00042200 ____A C:\Users\home\Downloads\riassunto storia.odt
2012-06-29 07:36 - 2012-06-29 07:36 - 00014601 ____A C:\Users\home\Downloads\hs_err_pid7928.log
2012-06-29 07:36 - 2012-05-09 09:28 - 00002252 ____A C:\Users\home\Downloads\umbrella.log
2012-06-29 07:36 - 2012-05-09 09:28 - 00000497 ____A C:\Users\home\umbrella0.log
2012-06-29 06:41 - 2012-06-29 06:41 - 02496935 ____A C:\Users\home\Downloads\Last_DFU_3G_Mac_R9.zip
2012-06-29 06:32 - 2012-06-29 06:32 - 01290426 ____A C:\Users\home\Downloads\RecBoot (1).zip
2012-06-29 05:38 - 2012-06-29 05:38 - 00913193 ____A C:\Users\home\Downloads\DFU.zip
2012-06-29 05:22 - 2012-06-29 05:22 - 01290426 ____A C:\Users\home\Downloads\RecBoot.zip
2012-06-28 20:55 - 2012-08-16 17:02 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-16 17:02 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-16 17:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-16 17:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-16 17:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-16 17:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-16 17:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-16 17:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-16 17:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-16 17:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-16 17:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-16 17:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-16 17:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-16 17:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-16 17:02 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-16 17:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-16 17:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-16 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-16 17:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-16 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-16 17:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-16 17:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-16 17:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-16 17:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-16 17:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-16 17:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-16 17:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-16 17:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 11:35 - 2012-08-30 13:40 - 01264247 ____A C:\Users\home\Desktop\Ted Dekker - Il Cimitero Dei Vangeli Segreti.mobi
2012-06-27 08:46 - 2012-06-27 08:46 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-27 08:46 - 2012-06-27 08:46 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-27 08:44 - 2012-06-27 08:42 - 96842240 ____A (Oracle Corporation) C:\Users\home\Downloads\jdk-7u5-windows-x64.exe
2012-06-27 08:40 - 2012-06-27 08:40 - 05210331 ____A C:\Users\home\Downloads\Esercizi Java.zip
2012-06-27 08:40 - 2012-06-27 08:29 - 231988138 ____A C:\Users\home\Downloads\eclipse-jee-juno-win32-x86_64.zip

ZeroAccess:
C:\Windows\assembly\temp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\assembly\temp\L
C:\Windows\assembly\temp\U
C:\Windows\assembly\temp\L\00000004.@
C:\Windows\assembly\temp\L\201d3dde
C:\Windows\assembly\temp\U\00000001.@
C:\Windows\assembly\temp\U\00000002.@
C:\Windows\assembly\temp\U\00000004.@
C:\Windows\assembly\temp\U\000000c0.@
C:\Windows\assembly\temp\U\000000cb.@
C:\Windows\assembly\temp\U\000000cf.@
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\assembly\temp\U\80000004.@
C:\Windows\assembly\temp\U\80000032.@
C:\Windows\assembly\temp\U\80000064.@
C:\Windows\assembly\temp\U\800000c0.@
C:\Windows\assembly\temp\U\800000cb.@
C:\Windows\assembly\temp\U\800000cf.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-20 15:14:03
Restore point made on: 2012-09-21 17:00:41

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 4078.53 MB
Available physical RAM: 3154.42 MB
Total Pagefile: 4076.73 MB
Available Pagefile: 3136 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:453.66 GB) (Free:43.93 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive l: () (Removable) (Total:7.44 GB) (Free:4.59 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.01 GB) (Free:0.01 GB) NTFS
11 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 465 Gbytes 0 byte
Disco 1 Nessun suppor 0 byte 0 byte
Disco 2 Nessun suppor 0 byte 0 byte
Disco 3 Nessun suppor 0 byte 0 byte
Disco 4 Nessun suppor 0 byte 0 byte
Disco 5 Nessun suppor 0 byte 0 byte
Disco 6 Online 7636 Mbytes 0 byte

Chiusura di DiskPart in corso...

Partitions of Disk 0:
===============

Edited by patippa, 24 September 2012 - 06:05 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 25 September 2012 - 03:26 AM

Hello patippa,

Welcome to the forum.

The log is not complete. Please post the rest of the log from here:

Partitions of Disk 0:
===============



#3 patippa

patippa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 September 2012 - 03:43 AM

so sorry... here it is

Chiusura di DiskPart in corso...

Partitions of Disk 0:
===============

Il disco attualmente selezionato Š il disco 0.

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 100 Mb 1024 Kb
Partizione 2 Primario 453 Gb 101 Mb
Partizione 3 Primario 12 Gb 453 Gb

Chiusura di DiskPart in corso...

==================================================================================

Disk: 0
Il disco attualmente selezionato Š il disco 0.

La partizione attualmente selezionata Š la partizione 1.

Partizione 1
Tipo : 07
Nascosta: No
Attiva: S

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partizione 100 Mb Integro

Chiusura di DiskPart in corso...

=========================================================

Disk: 0
Il disco attualmente selezionato Š il disco 0.

La partizione attualmente selezionata Š la partizione 2.

Partizione 2
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partizione 453 Gb Integro

Chiusura di DiskPart in corso...

=========================================================

Disk: 0
Il disco attualmente selezionato Š il disco 0.

La partizione attualmente selezionata Š la partizione 3.

Partizione 3
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partizione 12 Gb Integro

Chiusura di DiskPart in corso...

=========================================================

Partitions of Disk 6:
===============

Il disco attualmente selezionato Š il disco 6.

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 7632 Mb 4032 Kb

Chiusura di DiskPart in corso...

==================================================================================

Disk: 6
Il disco attualmente selezionato Š il disco 6.

La partizione attualmente selezionata Š la partizione 1.

Partizione 1
Tipo : 0B
Nascosta: No
Attiva: S

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L FAT32 Rimovibile 7632 Mb Integro

Chiusura di DiskPart in corso...

=========================================================

Last Boot: 2012-09-16 00:12

==================== End Of Log =============================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 25 September 2012 - 03:49 AM

Thank you for the log.

Please download Attached File  fixlist.txt   474bytes   30 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart, let it boot normally and tell me how it went.

#5 patippa

patippa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 September 2012 - 03:59 AM

yeah yeah yeahhhhhhhh oh my god you saved my life.... really!!! don't know how to explain how important is this for me!!!! have i to do something else for prevent a similar situation?
here is the log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-09-2012
Ran by SYSTEM at 2012-09-25 10:55:55 Run:2
Running from L:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Users\home\AppData\Roaming\blg moved successfully.
C:\Users\All Users\blg moved successfully.
C:\Windows\assembly\temp moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 25 September 2012 - 04:04 AM

Great. :thumbup2:

We have still some work to do. This infection tends to remove important services we need to restore.

  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#7 patippa

patippa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 September 2012 - 04:11 AM

Farbar Service Scanner Version: 19-09-2012
Ran by home (administrator) on 25-09-2012 at 11:07:40
Running from "C:\Users\home\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



MiniToolBox by Farbar Version: 23-07-2012
Ran by home (administrator) on 25-09-2012 at 11:10:29
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================









127.0.0.1 localhost
127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
127.0.0.1 uat-onlineconfigservice.ubi.com
127.0.0.1 wsuplay.ubi.com
127.0.0.1 static8.cdn.ubi.com
127.0.0.1 orbitservice.ubi.co
127.0.0.1 gconnect.ubi.com
127.0.0.1 nero.com
127.0.0.1 www.nero.com
127.0.0.1 my.nero.com
127.0.0.1 support.nero.com
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 www.nero.com/rus/index.html
127.0.0.1 www.nero.com/enu/support-nero8.html
127.0.0.1 secure.nero.com/us/secure.asp

There are 56 more lines starting with "127.0.0.1"

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/25/2012 11:07:12 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(7c:c5:37:4d:bd:56@fe80::7ec5:37ff:fe4d:bd56._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (09/25/2012 11:05:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2012 10:58:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2012 03:17:20 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x7522c9f1
ID processo che ha generato l'errore: 0x1cb8
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3

Error: (09/22/2012 03:16:20 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x7522c9f1
ID processo che ha generato l'errore: 0x80c
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3

Error: (09/22/2012 03:15:20 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x7522c9f1
ID processo che ha generato l'errore: 0x1c24
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3

Error: (09/22/2012 03:14:20 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x7522c9f1
ID processo che ha generato l'errore: 0x1470
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3

Error: (09/22/2012 03:13:20 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x7522c9f1
ID processo che ha generato l'errore: 0x1b9c
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3

Error: (09/22/2012 03:12:19 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x7522c9f1
ID processo che ha generato l'errore: 0xd3c
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3

Error: (09/22/2012 03:11:19 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x7522c9f1
ID processo che ha generato l'errore: 0x14d0
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3


System errors:
=============
Error: (09/25/2012 11:04:12 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Agente criteri IPsec dipende dal servizio BFE, che potrebbe non essere installato.

Error: (09/25/2012 11:04:12 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Moduli di impostazione chiavi IPSec IKE e Auth-IP dipende dal servizio BFE, che potrebbe non essere installato.

Error: (09/25/2012 11:04:10 AM) (Source: Service Control Manager) (User: )
Description: Servizio Browser di computer terminato con l'errore:
%%1060

Error: (09/25/2012 11:04:09 AM) (Source: Service Control Manager) (User: )
Description: Il servizio AVG WatchDog non stato avviato per il seguente errore:
%%2

Error: (09/25/2012 11:04:09 AM) (Source: Service Control Manager) (User: )
Description: Il servizio AVGIDSAgent non stato avviato per il seguente errore:
%%2

Error: (09/25/2012 11:00:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Errore di installazione. Non stato possibile installare il seguente aggiornamento, errore 0x80242016: Pacchetto cumulativo di aggiornamento della protezione per Internet Explorer 9 per Windows 7 per sistemi basati su x64 (KB2744842).

Error: (09/25/2012 10:59:51 AM) (Source: Service Control Manager) (User: )
Description: Il servizio HP Health Check Service non stato avviato per il seguente errore:
%%1053

Error: (09/25/2012 10:59:51 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio HP Health Check Service.

Error: (09/25/2012 10:57:10 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Agente criteri IPsec dipende dal servizio BFE, che potrebbe non essere installato.

Error: (09/25/2012 10:57:09 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Moduli di impostazione chiavi IPSec IKE e Auth-IP dipende dal servizio BFE, che potrebbe non essere installato.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Activision® (Version: 1.00.0000)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.4) - Italiano (Version: 10.1.4)
Aggiornamenti NVIDIA 1.10.8 (Version: 1.10.8)
Amazing Adventures Around the World
Any DVD Converter Professional 4.3.7
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AutoHotkey 1.1.05.06 (Version: 1.1.05.06)
AVG 2013 (Version: 13.0.2591)
AVG 2013 (Version: 13.0.2667)
Awesomenauts
Bing Bar (Version: 7.1.361.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Borderlands 2
Braid (Version 1.015)
calibre (Version: 0.8.65)
CCleaner (Version: 3.22)
Comical 0.8
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0316)
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Setup (Version: 2.6.1.8)
Dropbox (Version: 1.4.7)
Drum Controller Standard Tuning Kit (Version: 1.00.0000)
Fable III (Version: 1.0.0001.131)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Free Video to AppleTV Converter version 5.0.10.423 (Version: 5.0.10.423)
GeoGebra 4
Google Chrome (Version: 21.0.1180.89)
Google Earth (Version: 6.2.2.6613)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.123)
High-Definition Video Playback (Version: 7.1.13400.42.0)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP LinkUp (Version: 2.01.026)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13253.3682)
HP Support Assistant (Version: 5.2.9.2)
HP Support Information (Version: 10.1.1000)
HP Update (Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.5.0.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
I Am Alive (Version: 1.00.0)
IDT Audio (Version: 1.0.6325.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java SE Development Kit 7 Update 5 (64-bit) (Version: 1.7.0.50)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
JavaFX 2.1.1 (64-bit) (Version: 2.1.1)
JavaFX 2.1.1 SDK (64-bit) (Version: 2.1.1)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
La citt perduta di Zerzura
LabelPrint (Version: 2.5.3609)
Lanzador de juegos de FX Interactive
LightScribe System Software (Version: 1.18.6.1)
Love Chronicles 2 La spada e la rosa 1.00
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Compact Framework 2.0 SP1 (Version: 2.0.6129)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mobiola WebCamera for iPhone 2.2.0 (Version: 2.2.0.0)
Mobipocket Creator 4.2 (Version: 4.2.41)
Mozilla Firefox 15.0.1 (x86 it) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Manager
MusicStation (Version: 1.0.1.5)
Nero 10 Menu TemplatePack Basic (Version: 10.2.10000.0.0)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0)
Nero BackItUp 10 Help (CHM) (Version: 10.5.10000)
Nero Burning ROM 10 (Version: 10.2.11000.12.100)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
Nero CoverDesigner 10 (Version: 5.2.10700.7.100)
Nero CoverDesigner 10 Help (CHM) (Version: 10.5.10000)
Nero DiscSpeed 10 (Version: 6.2.10300.1.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Dolby Files 10 (Version: 2.0.12100.0.10)
Nero Express 10 (Version: 10.2.11100.12.100)
Nero Express 10 Help (CHM) (Version: 10.5.10100)
Nero InfoTool 10 (Version: 7.2.10300.5.100)
Nero InfoTool 10 Help (CHM) (Version: 10.5.10000)
Nero MediaHub 10 (Version: 1.2.12300.27.100)
Nero MediaHub 10 Help (CHM) (Version: 10.5.10000)
Nero Multimedia Suite 10 (Version: 10.5.10500)
Nero Recode 10 (Version: 4.8.10400.3.100)
Nero Recode 10 Help (CHM) (Version: 10.5.10000)
Nero RescueAgent 10 (Version: 3.2.10600.7.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.5.10000)
Nero SoundTrax 10 (Version: 4.8.10200.1.100)
Nero SoundTrax 10 Help (CHM) (Version: 10.5.10000)
Nero StartSmart 10 (Version: 10.2.11100.10.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 1.0.0018)
Nero Vision 10 (Version: 7.2.14700.9.100)
Nero Vision 10 Help (CHM) (Version: 10.5.10000)
Nero WaveEditor 10 (Version: 5.8.10400.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 10.5.10000)
NoLimits Coasters 1.8 (remove only)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA Driver 3D Vision 306.23 (Version: 306.23)
NVIDIA Driver audio HD 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Driver del controller 3D Vision 306.23 (Version: 306.23)
NVIDIA Driver grafico 306.23 (Version: 306.23)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0623)
NVIDIA Update Components (Version: 1.10.8)
OpenAL
Pannello di controllo NVIDIA 306.23 (Version: 306.23)
PDF Complete Special Edition (Version: 4.0.35)
Pdf Editor
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (Version: 6.1.4817)
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.71.80.42)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Recovery Manager (Version: 5.5.3621)
Remote Graphics Receiver (Version: 5.4.5)
Rockstar Games Social Club (Version: 1.0.9.5)
Roller Coaster Rampage
Samsung Kies (Version: 2.1.0.11095_121)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0)
Searchqu Toolbar (Version: 3.0.0.122375)
skidrow
Skype 5.10 (Version: 5.10.116)
Surface Mistero dell`Altro Mondo 1.00 (Version: 1.00)
System.Data.SQLite v1.0.81.0 (Version: 1.0.81.0)
TeamViewer 7 (Version: 7.0.12541)
Text-To-Speech-Runtime (Version: 1.0.0.0)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.1 (Version: 2.0.1)
WBFS Manager 3.0 (Version: 3.0)
Who Wants To Be A Millionaire? Special Editions
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WinZip 16.0 (Version: 16.0.9715)
XBMC
Zinio Reader 4 (Version: 4.0.3184)

========================= Devices: ================================


**** End of log ****

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 25 September 2012 - 04:16 AM

Let's try to restore all those services. In case running the fix made the system unbootable or gave you any error don't be alarmed. We will fix it.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please download Attached File  fixlist.txt   41bytes   10 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart, let it boot normally and tell me how it went.

#9 patippa

patippa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 September 2012 - 04:29 AM

uhm same problem at startup c0000135 %hs is missing
here is the log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-09-2012
Ran by SYSTEM at 2012-09-25 11:24:23 Run:3
Running from I:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 25 September 2012 - 04:37 AM

It means the system was infected days before. Please redo the step in Post #4 once more and tell me how it went.

Edited by Farbar, 25 September 2012 - 04:37 AM.
Typo


#11 patippa

patippa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 September 2012 - 04:43 AM

it works again (thanks again for patience)
log file
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-09-2012
Ran by SYSTEM at 2012-09-25 11:41:30 Run:4
Running from L:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Users\home\AppData\Roaming\blg not found.
C:\Users\All Users\blg not found.
C:\Windows\assembly\temp not found.
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.

==== End of Fixlog ====

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 25 September 2012 - 04:54 AM

Now we restore winsock entries. The next round we restore the missing services.

  • Please download Attached File  fix1.reg   3.67KB   5 downloads
    Double-click it and confirm the prompt to allow to merge.
  • Important: Restart.
  • Please download Attached File  System64.bat   597bytes   4 downloads
    Important: right-click and select "Run as administrator".
    A command window and then a log file (log00.txt) will open.
    Please post the content to your reply.
  • Important: Restart.
  • Please run MiniToolBox.

    Checkmark only the following checkboxes:

  • List Winsock Entries
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

#13 patippa

patippa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 September 2012 - 05:03 AM

Start

Reimpostazione catalogo Winsock completata.
necessario riavviare il computer per completare l'operazione.

C:\Windows\system64 found.
Il volume nell'unit C OS
Numero di serie del volume: 8C29-3839

Directory di C:\Windows\system64

14/09/2012 13:50 <DIR> .
14/09/2012 13:50 <DIR> ..
0 File 0 byte

Totale file elencati:
0 File 0 byte
2 Directory 50.697.072.640 byte disponibili
C:\Windows\system64 deleted successfully.
End

MiniToolBox by Farbar Version: 23-07-2012
Ran by home (administrator) on 25-09-2012 at 12:02:26
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 25 September 2012 - 05:13 AM

Well done.

  • Please download Attached File  Regfix2.reg   191.34KB   6 downloads
    Double-click it and confirm the prompt to allow to merge.
  • Important: Restart.
  • Please go to start => Search and type regedit in the search box.
    • Right-click on regedit.exe and select "Run as administrator".
    • Navigate to the following key:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
    • Right-click Policy and select Permissions...
    • Click Advanced
    • Under Permissions tab click Add...
    • A window pops up, copy and paste the following in the Enter the object box: NT SERVICE\BFE
    • Click OK.
    • A new window pops up, check the following boxes under Allow and click OK:

      • Query Value
      • Set Value
      • Create Subkey
      • Enumerate Subkeys
      • Notify
      • Read control
    • Click OK to all the open windows.
  • Important: Restart.
  • After restart please run a scan with Farbar Service Scanner with all the options checked and post the log.


#15 patippa

patippa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 25 September 2012 - 05:21 AM

done!!!
here is the log
Farbar Service Scanner Version: 19-09-2012
Ran by home (administrator) on 25-09-2012 at 12:21:10
Running from "C:\Users\home\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users