Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaned (maybe) GAG32 Desktop.ini & Svchot.exe but...


  • This topic is locked This topic is locked
44 replies to this topic

#1 albyok

albyok

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 15 October 2012 - 12:48 PM

Hi! My antivirus found an infected Desktop.ini file in something/assembly/gag32/ folder. I also was infected from "svchot.exe" virus. Yeah, I didn't mispell it. Now seems that all is clean but something really bad keeps reapparing. After some minutes after the boot, my connection start to become really slow. I did some testing. I start Windows, open a "cmd" window and execute "ping www.google.it /t". The pings are really good (under 50ms) but if I open something (Google Chrome for example) after few seconds the pings start to become really slower (over 400ms) and I can't anymore use the connection. Then, all of sudden and totally random, it starts to act normal for some minutes and then again it becomes slow. My connection is pretty fine, because I have another computer by my side and it works like a charm and also I get some "mouse lag" that means that something is wrong with more than my connection. I'm pretty sure that it's still some of the viruses fault also because I used tons of applications for fix this thing (Malwarebytes, Avast, RogueKiller, TDDS, Comboxfix...) and sometimes the virus keep reappearing.

If someone could help me, it would be great.

I use Windows7 - 64bit. I attached down here all the logs that I could provide but feel free to ask me more.

Thanks in advance.

Attached File  HitmanPro_20121015_1138.log   6.78KB   2 downloadsAttached File  dds.txt   21.93KB   3 downloadsAttached File  RKreport1.txt   4.39KB   2 downloadsAttached File  TDSSReport.txt   72.04KB   3 downloads

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 PM

Posted 16 October 2012 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 albyok

albyok
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 October 2012 - 10:41 AM

Hi Nasdaq,

I'll provide the logs as soon as possible. I'd want to add to what I had already say that the connection is perfection when I'm in Safe Mode. I don't know if this can help you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 PM

Posted 16 October 2012 - 01:12 PM

In Safe Mode only the programs/drivers needed by the operating system are started.

We have to check further.

#5 albyok

albyok
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 16 October 2012 - 01:58 PM

Here are the logs. Thanks again for your help.

ComboFix 12-10-16.02 - Alberto 16/10/2012 17:50:42.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1033.18.4087.2368 [GMT 2:00]
Eseguito da: d:\users\Alberto\Desktop\Antivirus Scan\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-16 al 2012-10-16 )))))))))))))))))))))))))))))))))))
.
.
2012-10-16 16:06 . 2012-10-16 16:06 -------- d-----w- d:\users\DefaultAppPool\AppData\Local\temp
2012-10-16 16:06 . 2012-10-16 16:06 -------- d-----w- d:\users\Default\AppData\Local\temp
2012-10-16 16:06 . 2012-10-16 16:06 -------- d-----w- d:\users\Classic .NET AppPool\AppData\Local\temp
2012-10-16 12:15 . 2012-07-05 19:21 1874016 ----a-w- d:\windows\system32\drivers\netr28x.sys
2012-10-16 12:15 . 2012-07-05 19:10 327008 ----a-w- d:\windows\system32\RaCoInstx.dll
2012-10-16 09:17 . 2012-08-22 18:12 1913200 ----a-w- d:\windows\system32\drivers\tcpip.sys
2012-10-16 09:17 . 2012-08-22 18:12 376688 ----a-w- d:\windows\system32\drivers\netio.sys
2012-10-16 09:17 . 2012-08-22 18:12 288624 ----a-w- d:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-16 09:17 . 2012-08-30 18:03 5559664 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-10-16 09:17 . 2012-08-30 17:12 3914096 ----a-w- d:\windows\SysWow64\ntoskrnl.exe
2012-10-16 09:17 . 2012-08-30 17:12 3968880 ----a-w- d:\windows\SysWow64\ntkrnlpa.exe
2012-10-16 09:14 . 2012-08-22 18:12 950128 ----a-w- d:\windows\system32\drivers\ndis.sys
2012-10-16 09:14 . 2012-07-04 20:26 41472 ----a-w- d:\windows\system32\drivers\RNDISMP.sys
2012-10-16 09:14 . 2012-09-14 19:19 2048 ----a-w- d:\windows\system32\tzres.dll
2012-10-16 09:14 . 2012-09-14 18:28 2048 ----a-w- d:\windows\SysWow64\tzres.dll
2012-10-16 09:14 . 2012-08-31 18:19 1659760 ----a-w- d:\windows\system32\drivers\ntfs.sys
2012-10-16 09:14 . 2012-08-21 21:01 245760 ----a-w- d:\windows\system32\OxpsConverter.exe
2012-10-16 09:13 . 2012-08-24 18:05 220160 ----a-w- d:\windows\system32\wintrust.dll
2012-10-16 09:13 . 2012-08-24 16:57 172544 ----a-w- d:\windows\SysWow64\wintrust.dll
2012-10-16 09:13 . 2012-06-02 05:41 1464320 ----a-w- d:\windows\system32\crypt32.dll
2012-10-16 09:13 . 2012-06-02 04:36 1159680 ----a-w- d:\windows\SysWow64\crypt32.dll
2012-10-16 09:13 . 2012-06-02 05:41 184320 ----a-w- d:\windows\system32\cryptsvc.dll
2012-10-16 09:13 . 2012-06-02 05:41 140288 ----a-w- d:\windows\system32\cryptnet.dll
2012-10-16 09:13 . 2012-06-02 04:36 140288 ----a-w- d:\windows\SysWow64\cryptsvc.dll
2012-10-16 09:13 . 2012-06-02 04:36 103936 ----a-w- d:\windows\SysWow64\cryptnet.dll
2012-10-16 09:13 . 2012-08-11 00:56 715776 ----a-w- d:\windows\system32\kerberos.dll
2012-10-16 09:13 . 2012-08-10 23:56 542208 ----a-w- d:\windows\SysWow64\kerberos.dll
2012-10-15 09:38 . 2012-10-15 09:38 12872 ----a-w- d:\windows\system32\bootdelete.exe
2012-10-14 19:46 . 2012-10-14 19:46 -------- d-----w- d:\program files (x86)\Innovative Solutions
2012-10-13 12:26 . 2012-10-13 12:26 -------- d-----w- d:\windows\SysWow64\wbem\Performance
2012-10-13 12:24 . 2008-05-08 05:03 303616 ----a-w- D:\SetACL.exe
2012-10-13 12:02 . 2004-06-11 23:33 290304 ----a-w- D:\subinacl.exe
2012-10-13 12:00 . 2012-10-13 12:00 -------- d-----w- D:\RegBackup
2012-10-13 11:42 . 2012-10-16 08:59 181064 ----a-w- d:\windows\PSEXESVC.EXE
2012-10-13 11:42 . 2012-10-13 12:27 -------- d-----w- D:\Tweaking.com_Windows_Repair_Logs
2012-10-13 11:42 . 2012-10-13 11:42 -------- d-----w- d:\program files (x86)\Tweaking.com
2012-10-12 19:10 . 2012-10-15 08:33 -------- d-sh--r- d:\users\Alberto\AppData\Roaming\install
2012-10-12 16:18 . 2012-08-21 09:13 359464 ----a-w- d:\windows\system32\drivers\aswSP.sys
2012-10-12 16:18 . 2012-08-21 09:13 25232 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2012-10-12 16:18 . 2012-08-21 09:13 969200 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-10-12 16:18 . 2012-08-21 09:13 59728 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2012-10-12 16:18 . 2012-08-21 09:13 54072 ----a-w- d:\windows\system32\drivers\aswRdr2.sys
2012-10-12 16:18 . 2012-08-21 09:13 71600 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2012-10-12 16:18 . 2012-08-21 09:12 285328 ----a-w- d:\windows\system32\aswBoot.exe
2012-10-12 16:18 . 2012-08-21 09:12 41224 ----a-w- d:\windows\avastSS.scr
2012-10-12 16:18 . 2012-08-21 09:12 227648 ----a-w- d:\windows\SysWow64\aswBoot.exe
2012-10-12 16:17 . 2012-10-12 16:17 -------- d-----w- d:\programdata\AVAST Software
2012-10-12 16:17 . 2012-10-12 16:17 -------- d-----w- d:\program files\AVAST Software
2012-10-11 12:06 . 2012-10-11 12:06 -------- d-----w- d:\program files\CCleaner
2012-10-08 17:53 . 2012-10-08 17:53 -------- d-----w- d:\programdata\FaceGen
2012-10-08 17:53 . 2012-10-08 17:53 -------- d-----w- d:\users\Alberto\AppData\Roaming\FaceGen
2012-09-26 16:11 . 2012-09-26 16:11 -------- d-----w- d:\programdata\DVD Shrink
2012-09-21 19:43 . 2012-09-22 12:21 -------- d-----w- d:\users\Alberto\AppData\Roaming\To the Moon - Freebird Games
2012-09-21 12:44 . 2012-09-21 12:44 -------- d-----w- d:\users\Alberto\AppData\Roaming\runic games
2012-09-19 17:46 . 2012-08-21 11:01 33240 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-19 17:45 . 2012-09-19 17:46 -------- d-----w- d:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-19 17:45 . 2012-09-19 17:46 -------- d-----w- d:\program files\iTunes
2012-09-19 17:45 . 2012-09-19 17:45 -------- d-----w- d:\program files\iPod
2012-09-19 14:14 . 2012-09-19 14:29 -------- d-----w- d:\programdata\HitmanPro
2012-09-18 08:01 . 2012-10-15 08:06 -------- d-----w- d:\users\Alberto\AppData\Local\CrashDumps
2012-09-17 10:31 . 2012-10-15 15:37 -------- d-----w- d:\users\Alberto\AppData\Local\assembly
2012-09-17 10:29 . 2012-09-17 10:29 -------- d-----w- d:\programdata\TechSmith
2012-09-17 10:29 . 2012-09-17 10:29 -------- d-----w- d:\users\Alberto\AppData\Local\TechSmith
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 19:54 . 2012-04-13 09:36 696760 ----a-w- d:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:54 . 2011-06-08 17:22 73656 ----a-w- d:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 22:18 . 2009-11-26 19:26 65309168 ----a-w- d:\windows\system32\MRT.exe
2012-09-11 12:27 . 2012-09-11 12:27 69000 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{9E7FA49A-618E-4077-AC00-3EDAE789D18B}\offreg.dll
2012-08-28 18:24 . 2012-07-30 08:19 477168 ----a-w- d:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2010-05-17 17:19 473072 ----a-w- d:\windows\SysWow64\deployJava1.dll
2012-08-27 23:49 . 2012-09-11 12:20 9310152 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{9E7FA49A-618E-4077-AC00-3EDAE789D18B}\mpengine.dll
2012-08-21 11:01 . 2009-11-27 00:13 125872 ----a-w- d:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2009-11-27 00:13 106928 ----a-w- d:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-16 09:16 44032 ----a-w- d:\windows\apppatch\acwow64.dll
2012-07-28 04:09 . 2012-04-06 01:34 5538984 ----a-w- d:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- d:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- d:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- d:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- d:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- d:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- d:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-04-26 17:20 1100288 ----a-w- d:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- d:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- d:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- d:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- d:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- d:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- d:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- d:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- d:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2011-04-26 17:20 7052288 ----a-w- d:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- d:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- d:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- d:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- d:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- d:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- d:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-04-06 01:22 4751872 ----a-w- d:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- d:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- d:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- d:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- d:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- d:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- d:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- d:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- d:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- d:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- d:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-04-26 17:20 129536 ----a-w- d:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- d:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-02-15 02:12 103936 ----a-w- d:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2011-07-28 20:53 83456 ----a-w- d:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- d:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- d:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- d:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- d:\windows\SysWow64\amdpcom32.dll
2012-07-20 16:42 . 2012-03-11 11:49 499712 ----a-w- d:\windows\SysWow64\msvcp71.dll
2012-07-20 16:42 . 2012-03-11 11:49 348160 ----a-w- d:\windows\SysWow64\msvcr71.dll
2012-07-18 18:15 . 2012-08-16 09:24 3148800 ----a-w- d:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax_RESTART"="d:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-09-03 11325376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="d:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"HDAudDeck"="d:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
"APSDaemon"="d:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"StartCCC"="d:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"ISUSScheduler"="d:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
"SunJavaUpdateSched"="d:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LifeCam"="d:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"DivXUpdate"="d:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Control Center"=d:\program files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe
"AdobeCS5ServiceManager"="d:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe"
"SwitchBoard"=d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"My Movies Tray"="d:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
"TkBellExe"="d:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"AdobeCS6ServiceManager"="d:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"Adobe ARM"="d:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="f:\programmi\Adobe CS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="f:\programmi\Adobe CS6\Acrobat 10.0\Acrobat\Acrotray.exe"
"amd_dc_opt"=d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
R2 ASWLCCSvc;ASUS Wireless Card Service;d:\program files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [2009-05-21 172032]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R2 Skype C2C Service;Skype C2C Service;d:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 cpuz130;cpuz130;d:\users\Alberto\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 EagleX64;EagleX64;d:\windows\system32\drivers\EagleX64.sys [x]
R3 ENTECH64;ENTECH64;d:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 gupdatem;Servizio Google Update (gupdatem);d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;d:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
R3 KMWDFilter1X;KM DRIVER;d:\windows\system32\DRIVERS\RP24GV1.sys [2009-10-28 22528]
R3 lvpepf64;Volume Adapter;d:\windows\system32\DRIVERS\lv302a64.sys [2007-05-09 16032]
R3 LVUSBS64;Logitech USB Monitor Filter;d:\windows\system32\drivers\LVUSBS64.sys [2007-05-09 50208]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;d:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 Netaapl;Apple Mobile Device Ethernet Service;d:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;d:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;d:\program files (x86)\Abrosoft\FantaMorph5\FantaUp.exe [2010-11-18 224176]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;d:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;d:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2009-12-31 834544]
R4 TeamViewer5;TeamViewer 5;d:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S0 PxHlpa64;PxHlpa64;d:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;d:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Akamai;Akamai NetSession Interface;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);d:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 Synergy;Synergy;d:\program files\Synergy\synergyd.exe [2012-07-30 422472]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;d:\windows\system32\DRIVERS\netr28x.sys [2012-07-05 1874016]
S3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-16 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 19:54]
.
2012-03-29 d:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1283017029-496180127-430514868-1000Core.job
- d:\users\Alberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 17:55]
.
2012-03-29 d:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1283017029-496180127-430514868-1000UA.job
- d:\users\Alberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 17:55]
.
2012-10-16 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 18:28]
.
2012-10-16 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-24 18:28]
.
2012-03-29 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283017029-496180127-430514868-1000Core.job
- d:\users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 19:52]
.
2012-03-29 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283017029-496180127-430514868-1000UA.job
- d:\users\Alberto\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 19:52]
.
2012-10-11 d:\windows\Tasks\ReclaimerUpdateFiles_Alberto.job
- d:\users\Alberto\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 20:45]
.
2012-10-11 d:\windows\Tasks\ReclaimerUpdateXML_Alberto.job
- d:\users\Alberto\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 20:45]
.
2012-10-11 d:\windows\Tasks\RNUpgradeHelperLogonPrompt_Alberto.job
- d:\users\Alberto\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- d:\users\Alberto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 13:51 755224 ----a-w- d:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 13:51 755224 ----a-w- d:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 13:51 755224 ----a-w- d:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 13:51 755224 ----a-w- d:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Scansione supplementare -------
.
uLocal Page = d:\windows\system32\blank.htm
mLocal Page = d:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{2592B1BC-5202-4BD9-BC51-A26839DB0A02}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{359212A5-4790-4D39-A3F2-1696A825E31F}: NameServer = 212.216.112.112,208.67.220.220
TCP: Interfaces\{FAA26851-3C33-4DF8-8A48-AF5479A97588}: NameServer = 212.216.112.112
FF - ProfilePath - d:\users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\off0cu5c.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10001&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-12 17:08; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-11 16:47; {EEE6C361-6118-11DC-9C72-001320C79847}; d:\users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\off0cu5c.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="d:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\d:\users\Alberto\AppData\Local\Temp\00576A5.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1283017029-496180127-430514868-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9d,39,3d,32,76,0b,f2,ab,bf,07,da,67,15,cf,46,ed,6c,ac,bb,72,8b,c9,29,
52,3f,5b,3a,bb,4c,c5,1a,a5,0f,33,20,46,49,09,d2,bf,fb,88,33,9b,ea,14,4e,3e,\
"??"=hex:2a,af,fa,b9,09,24,a4,dc,78,8d,85,2b,fb,ee,db,f5
.
[HKEY_USERS\S-1-5-21-1283017029-496180127-430514868-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,e3,3f,dd,10,cb,23,1b,ea,77,8b,28,21,35,13,9c,40,bf,de,5c,3a,
4c,06,53,04,cb,e4,a5,1e,01,a0,b9,eb,f3,78,82,35,8a,04,ab,5d,da,06,3e,c9,db,\
"rkeysecu"=hex:aa,a5,43,ab,d7,96,44,6c,89,e2,79,c2,e8,e1,69,67
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c1,c2,2a,de,7f,c3,93,0c,26,ab,7f,58,e9,72,00,5c,0d,86,02,60,2f,
b5,99,21,b6,47,57,94,65,73,06,51,03,92,11,b2,f6,2f,77,f2,02,fc,36,26,3d,12,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c1,c2,2a,de,7f,c3,93,0c,26,ab,7f,58,e9,72,00,5c,0d,86,02,60,2f,
b5,99,21,b6,47,57,94,65,73,06,51,03,92,11,b2,f6,2f,77,f2,02,fc,36,26,3d,12,\
.
Ora fine scansione: 2012-10-16 18:15:11
ComboFix-quarantined-files.txt 2012-10-16 16:15
ComboFix2.txt 2012-10-15 15:56
.
Pre-Run: 41.932.423.168 byte disponibili
Post-Run: 41.603.858.432 byte disponibili
.
- - End Of File - - B5A456668E2A68BA89C9D88EC159DF56

Attached Files


Edited by nasdaq, 17 October 2012 - 09:44 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 PM

Posted 17 October 2012 - 08:04 AM

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Sn].txt (n is a number)..
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 35


===

If still unable to run in Normal Mode run this File Checker tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted.

#7 albyok

albyok
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 17 October 2012 - 08:52 AM

Here it is the log. Attached File  AdwCleanerS1.txt   8.6KB   3 downloads

The problems are the same and now I can't even download that Java Update.

I already did the SFC and it said that all was ok.

Edited by albyok, 17 October 2012 - 08:53 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 PM

Posted 17 October 2012 - 09:53 AM

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#9 albyok

albyok
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 17 October 2012 - 10:08 AM

Here it is: Attached File  FRST.txt   63.24KB   1 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
Ran by SYSTEM at 17-10-2012 17:04:22
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [JMB36X IDE Setup] D:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [HDAudDeck] D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2245120 2009-07-23] (VIA)
HKLM-x32\...\Run: [APSDaemon] "D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "D:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [StartCCC] "D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKU\Alberto\...\Run: [DriverMax_RESTART] "D:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART [11325376 2012-09-03] (Innovative Solutions)
HKU\Classic .NET AppPool\...\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
Tcpip\..\Interfaces\{2592B1BC-5202-4BD9-BC51-A26839DB0A02}: [NameServer]208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{359212A5-4790-4D39-A3F2-1696A825E31F}: [NameServer]212.216.112.112,208.67.220.220
Tcpip\..\Interfaces\{FAA26851-3C33-4DF8-8A48-AF5479A97588}: [NameServer]212.216.112.112

==================== Services (Whitelisted) ===================

4 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.; C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe -PermissionManagerRun [224176 2010-11-18] ()
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-11] (Akamai Technologies, Inc.)
2 ASWLCCSvc; C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [172032 2009-05-21] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
2 MSSQL$MYMOVIES; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMYMOVIES [29293408 2010-12-10] (Microsoft Corporation)
4 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-12] ()
4 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)
2 Synergy; C:\Program Files\Synergy\synergyd.exe [422472 2012-07-30] ()
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2072896 2011-10-12] (TuneUp Software)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-02-26] ()
3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
3 KMWDFilter1X; C:\Windows\System32\DRIVERS\RP24GV1.sys [22528 2009-10-28] (Windows ® Codename Longhorn DDK provider)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-02-26] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-31] (Duplex Secure Ltd.)
3 catchme; \??\D:\ComboFix\catchme.sys [x]
3 cpuz130; \??\D:\Users\Alberto\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 EagleX64; \??\D:\Windows\system32\drivers\EagleX64.sys [x]
3 epmntdrv; \??\D:\Windows\system32\epmntdrv.sys [x]
3 EuGdiDrv; \??\D:\Windows\system32\EuGdiDrv.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 TuneUpUtilitiesDrv; \??\D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]
3 X6va005; \??\D:\Users\Alberto\AppData\Local\Temp\00576A5.tmp [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-17 17:04 - 2012-10-17 17:04 - 00000000 ____D C:\FRST
2012-10-17 05:19 - 2012-10-17 05:19 - 00008811 ____A C:\Users\Alberto\Desktop\AdwCleaner[S1].txt
2012-10-17 05:16 - 2012-10-17 05:16 - 00008811 ____A C:\AdwCleaner[S1].txt
2012-10-16 10:57 - 2012-10-16 10:57 - 00008932 ____A C:\Users\Alberto\Desktop\AdwCleaner[R1].txt
2012-10-16 10:56 - 2012-10-16 10:56 - 00008932 ____A C:\AdwCleaner[R1].txt
2012-10-16 10:55 - 2012-10-16 10:55 - 00001023 ____A C:\Users\Alberto\Desktop\checkup.txt
2012-10-16 08:15 - 2012-10-16 08:15 - 00030140 ____A C:\ComboFix.txt
2012-10-16 04:15 - 2012-10-16 04:15 - 00009484 ____A C:\Windows\DPINST.LOG
2012-10-16 04:15 - 2012-07-05 11:21 - 01874016 ____A (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr28x.sys
2012-10-16 04:15 - 2012-07-05 11:10 - 00327008 ____A (Ralink Technology, Inc.) C:\Windows\System32\RaCoInstx.dll
2012-10-16 04:15 - 2012-07-05 11:10 - 00014119 ____A C:\Windows\System32\RaCoInst.dat
2012-10-16 01:22 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-16 01:22 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-16 01:22 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-16 01:22 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-16 01:22 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-16 01:22 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-16 01:22 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-16 01:22 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-16 01:22 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-16 01:22 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-16 01:22 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-16 01:22 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-16 01:22 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-16 01:22 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-16 01:22 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-16 01:22 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-16 01:22 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-16 01:22 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-16 01:22 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-16 01:22 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-16 01:22 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-16 01:22 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-16 01:22 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-16 01:22 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-16 01:22 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-16 01:22 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-16 01:22 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-16 01:22 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-16 01:22 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-16 01:22 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-16 01:22 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-16 01:22 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-16 01:17 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-16 01:17 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-16 01:17 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-16 01:17 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-10-16 01:17 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-10-16 01:17 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-10-16 01:16 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-16 01:16 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-16 01:16 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-16 01:16 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-16 01:16 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-16 01:16 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-16 01:16 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-16 01:16 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-16 01:16 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-16 01:16 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-16 01:16 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-16 01:16 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-16 01:16 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-16 01:16 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-16 01:16 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-16 01:16 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-16 01:16 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-10-16 01:16 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-10-16 01:14 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-16 01:14 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-16 01:14 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-16 01:14 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-10-16 01:14 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-10-16 01:14 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-10-16 01:13 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-16 01:13 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-16 01:13 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-16 01:13 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-16 01:13 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-16 01:13 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-16 01:13 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-16 01:13 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-16 01:13 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-16 01:13 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-15 09:19 - 2012-10-15 09:19 - 00000020 ____A C:\Users\Alberto\defogger_reenable
2012-10-15 07:24 - 2012-10-16 08:15 - 00000000 ____D C:\Qoobox
2012-10-15 07:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-15 07:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-15 07:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-15 07:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-15 07:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-15 07:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-15 07:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-15 07:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-15 07:23 - 2012-10-15 07:52 - 00000000 ____D C:\Windows\erdnt
2012-10-15 01:39 - 2012-10-15 01:39 - 00000000 ____D C:\Users\Alberto\Desktop\RK_Quarantine
2012-10-15 01:38 - 2012-10-15 01:38 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-10-15 01:13 - 2012-10-16 07:47 - 00000000 ____D C:\Users\Alberto\Desktop\Antivirus Scan
2012-10-15 00:57 - 2012-10-15 01:03 - 00000000 ____D C:\Users\Alberto\Downloads\Dexter.S07E03.720p.HDTV.x264-IMMERSE
2012-10-14 11:46 - 2012-10-14 11:46 - 00001234 ____A C:\Users\Alberto\Desktop\DriverMax.lnk
2012-10-14 11:46 - 2012-10-14 11:46 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2012-10-13 04:24 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-10-13 04:02 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-10-13 04:01 - 2012-10-13 04:01 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ALBERTO-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2012-10-13 04:00 - 2012-10-13 04:00 - 00000000 ____D C:\RegBackup
2012-10-13 03:42 - 2012-10-16 00:59 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-13 03:42 - 2012-10-13 03:42 - 00002287 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-10-13 03:42 - 2012-10-13 03:42 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2012-10-13 02:54 - 2012-10-13 02:58 - 00000000 ____D C:\Users\Alberto\Documents\Security
2012-10-12 11:10 - 2012-10-15 00:33 - 00000000 _RSHD C:\Users\Alberto\AppData\Roaming\install
2012-10-12 08:18 - 2012-10-12 11:22 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-10-12 08:18 - 2012-10-12 08:18 - 00001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-12 08:18 - 2012-08-21 01:13 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-12 08:18 - 2012-08-21 01:13 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-10-12 08:18 - 2012-08-21 01:13 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-12 08:18 - 2012-08-21 01:13 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-12 08:18 - 2012-08-21 01:13 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-10-12 08:18 - 2012-08-21 01:13 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-10-12 08:18 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-12 08:18 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-12 08:18 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-12 08:17 - 2012-10-12 08:17 - 00000000 ____D C:\Program Files\AVAST Software
2012-10-12 07:45 - 2012-10-12 08:17 - 00000000 ____D C:\Users\Alberto\Downloads\Avast 7 Internet Security Pro [2012 Final] + Serial Frorever
2012-10-12 07:21 - 2012-10-12 07:24 - 00000000 ____D C:\Users\Alberto\Downloads\Avast 7 Pro Antivirus +Licence Key
2012-10-11 09:40 - 2012-10-17 05:18 - 00080932 ____A C:\Windows\PFRO.log
2012-10-11 06:04 - 2012-10-17 07:00 - 00366893 ____A C:\Windows\WindowsUpdate.log
2012-10-11 06:03 - 2012-10-17 05:18 - 00002709 ____A C:\Windows\setupact.log
2012-10-11 06:03 - 2012-10-11 06:05 - 00002562 ____A C:\Windows\diagwrn.xml
2012-10-11 06:03 - 2012-10-11 06:05 - 00001908 ____A C:\Windows\diagerr.xml
2012-10-11 06:03 - 2012-10-11 06:03 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 04:19 - 2012-10-11 04:19 - 00136578 ____A C:\Users\Alberto\Documents\cc_20121011_141918.reg
2012-10-11 04:06 - 2012-10-11 04:06 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-11 04:06 - 2012-10-11 04:06 - 00000000 ____D C:\Program Files\CCleaner
2012-10-11 03:25 - 2012-10-11 03:25 - 00000000 ____D C:\Users\Alberto\Downloads\Dishonored (2012) [Multi5.Eng.Ita.Ger.Spa.Fre][PC Game][PostMortem]
2012-10-10 01:22 - 2012-10-10 01:22 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-10-08 10:35 - 2012-10-10 00:11 - 00000000 ____D C:\Users\Alberto\Downloads\The.Walking.Dead.Episode.2.Starved.for.Help-TiNYiSO [PublicHD]
2012-10-08 09:53 - 2012-10-08 09:53 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\FaceGen
2012-10-07 05:16 - 2012-10-08 10:02 - 00000000 ____D C:\Program Files (x86)\Free mp3 Wma Converter
2012-10-07 05:16 - 2012-10-07 05:16 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\FreeAudioPack
2012-10-07 05:16 - 2011-09-29 04:20 - 02084864 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\AudDesign.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 01986560 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\AudFile.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 01212416 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\AudioInfos.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 00479232 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\AudioVisu.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 00458752 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\AudPlayer.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 00454656 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\AudioRecord.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 00417792 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\AudDisplay.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 00348160 ____A (NCT Company Ltd.) C:\Windows\SysWOW64\WMAFile.dll
2012-10-07 05:16 - 2011-09-29 04:20 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX
2012-10-07 05:16 - 2011-09-29 04:20 - 00116296 ____A C:\Windows\SysWOW64\NCTWMAProfiles.prx
2012-10-07 05:16 - 2011-09-29 04:19 - 00224016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2012-10-07 05:16 - 2011-09-29 04:19 - 00141312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2012-10-07 05:16 - 2011-09-29 04:19 - 00119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2012-10-07 05:16 - 2011-09-29 04:19 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2012-10-07 05:16 - 2011-09-29 04:19 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mscc2fr.dll
2012-10-07 05:16 - 2011-09-29 04:19 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2012-10-07 05:16 - 2011-09-29 04:19 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TABCTFR.DLL
2012-10-07 05:16 - 2011-09-29 04:19 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL
2012-09-28 00:14 - 2012-09-28 00:14 - 00000857 ____A C:\Users\Public\Desktop\FIFA 13.lnk
2012-09-26 23:37 - 2012-10-11 09:40 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Alberto.job
2012-09-26 23:34 - 2012-10-11 09:40 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Alberto.job
2012-09-26 23:34 - 2012-10-11 09:40 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Alberto.job
2012-09-25 01:46 - 2012-09-25 01:58 - 00000000 ____D C:\Users\Alberto\Downloads\BlackMesa
2012-09-21 11:43 - 2012-09-22 04:21 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\To the Moon - Freebird Games
2012-09-21 04:44 - 2012-09-21 04:44 - 00000000 ____D C:\Users\Alberto\AppData\Roaming\runic games
2012-09-19 09:46 - 2012-09-19 09:46 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-19 09:46 - 2012-08-21 03:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-19 09:45 - 2012-09-19 09:46 - 00000000 ____D C:\Program Files\iTunes
2012-09-19 09:45 - 2012-09-19 09:45 - 00000000 ____D C:\Program Files\iPod
2012-09-19 06:29 - 2012-10-12 07:22 - 00000852 ____A C:\Windows\System32\.crusader
2012-09-18 00:01 - 2012-10-15 00:06 - 00000000 ____D C:\Users\Alberto\AppData\Local\CrashDumps
2012-09-17 02:31 - 2012-09-17 02:31 - 00000000 ____D C:\Users\Alberto\Documents\Snagit
2012-09-17 02:29 - 2012-09-17 02:29 - 00000705 ____A C:\Users\Public\Desktop\Snagit 11.lnk
2012-09-17 02:29 - 2012-09-17 02:29 - 00000000 ____D C:\Users\Alberto\AppData\Local\TechSmith

==================== 3 Months Modified Files ==================

2012-10-17 07:00 - 2012-10-11 06:04 - 00366893 ____A C:\Windows\WindowsUpdate.log
2012-10-17 06:59 - 2012-04-13 01:36 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-17 06:59 - 2010-05-24 13:22 - 00001152 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 05:43 - 2009-11-26 12:13 - 00937930 ____A C:\Windows\System32\perfh010.dat
2012-10-17 05:43 - 2009-11-26 12:13 - 00222546 ____A C:\Windows\System32\perfc010.dat
2012-10-17 05:43 - 2009-07-13 21:13 - 02202044 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-17 05:27 - 2009-07-13 20:45 - 00021024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-17 05:27 - 2009-07-13 20:45 - 00021024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-17 05:19 - 2012-10-17 05:19 - 00008811 ____A C:\Users\Alberto\Desktop\AdwCleaner[S1].txt
2012-10-17 05:19 - 2010-05-24 13:22 - 00001148 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-17 05:18 - 2012-10-11 09:40 - 00080932 ____A C:\Windows\PFRO.log
2012-10-17 05:18 - 2012-10-11 06:03 - 00002709 ____A C:\Windows\setupact.log
2012-10-17 05:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-17 05:16 - 2012-10-17 05:16 - 00008811 ____A C:\AdwCleaner[S1].txt
2012-10-16 10:57 - 2012-10-16 10:57 - 00008932 ____A C:\Users\Alberto\Desktop\AdwCleaner[R1].txt
2012-10-16 10:56 - 2012-10-16 10:56 - 00008932 ____A C:\AdwCleaner[R1].txt
2012-10-16 10:55 - 2012-10-16 10:55 - 00001023 ____A C:\Users\Alberto\Desktop\checkup.txt
2012-10-16 08:15 - 2012-10-16 08:15 - 00030140 ____A C:\ComboFix.txt
2012-10-16 08:06 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-10-16 08:06 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_old
2012-10-16 04:48 - 2009-11-29 13:52 - 00007632 ____A C:\Users\Alberto\AppData\Local\Resmon.ResmonCfg
2012-10-16 04:21 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-16 04:15 - 2012-10-16 04:15 - 00009484 ____A C:\Windows\DPINST.LOG
2012-10-16 00:59 - 2012-10-13 03:42 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-15 09:19 - 2012-10-15 09:19 - 00000020 ____A C:\Users\Alberto\defogger_reenable
2012-10-15 01:38 - 2012-10-15 01:38 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-10-14 11:46 - 2012-10-14 11:46 - 00001234 ____A C:\Users\Alberto\Desktop\DriverMax.lnk
2012-10-13 05:03 - 2010-05-08 05:01 - 00001456 ____A C:\Users\Alberto\AppData\Local\Adobe Salva per Web e dispositivi 12.0 Prefs
2012-10-13 04:31 - 2009-11-25 00:33 - 00076512 ____A C:\Users\Alberto\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-13 04:29 - 2009-07-13 20:45 - 04946064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-13 04:01 - 2012-10-13 04:01 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ALBERTO-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2012-10-13 03:42 - 2012-10-13 03:42 - 00002287 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-10-12 11:22 - 2012-10-12 08:18 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-10-12 08:18 - 2012-10-12 08:18 - 00001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-12 07:22 - 2012-09-19 06:29 - 00000852 ____A C:\Windows\System32\.crusader
2012-10-11 09:40 - 2012-09-26 23:37 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Alberto.job
2012-10-11 09:40 - 2012-09-26 23:34 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Alberto.job
2012-10-11 09:40 - 2012-09-26 23:34 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Alberto.job
2012-10-11 06:05 - 2012-10-11 06:03 - 00002562 ____A C:\Windows\diagwrn.xml
2012-10-11 06:05 - 2012-10-11 06:03 - 00001908 ____A C:\Windows\diagerr.xml
2012-10-11 06:03 - 2012-10-11 06:03 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 04:19 - 2012-10-11 04:19 - 00136578 ____A C:\Users\Alberto\Documents\cc_20121011_141918.reg
2012-10-11 04:06 - 2012-10-11 04:06 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-11 01:04 - 2012-07-06 00:46 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-10-10 01:22 - 2012-10-10 01:22 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-10-08 11:54 - 2012-04-13 01:36 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 11:54 - 2011-06-08 09:22 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-28 00:14 - 2012-09-28 00:14 - 00000857 ____A C:\Users\Public\Desktop\FIFA 13.lnk
2012-09-27 14:18 - 2009-11-26 11:26 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-19 09:46 - 2012-09-19 09:46 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-17 02:29 - 2012-09-17 02:29 - 00000705 ____A C:\Users\Public\Desktop\Snagit 11.lnk
2012-09-14 11:19 - 2012-10-16 01:14 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-16 01:14 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 01:13 - 2012-09-14 01:13 - 00000786 ____A C:\Users\Public\Desktop\Duel of Champions Launcher.lnk
2012-09-12 07:08 - 2012-09-12 07:08 - 00002948 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log
2012-09-10 07:00 - 2012-09-10 07:00 - 00000529 ____A C:\Users\Public\Desktop\The Walking Dead.lnk
2012-09-06 04:15 - 2012-09-06 04:15 - 00000719 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-09-03 01:12 - 2012-04-02 00:34 - 00001320 ____A C:\Users\Alberto\Desktop\Voti Fantacalcio.lnk
2012-08-31 10:19 - 2012-10-16 01:14 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:03 - 2012-10-16 01:17 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-16 01:17 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-16 01:17 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-28 10:24 - 2012-07-30 00:19 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-28 10:24 - 2010-05-17 09:19 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-08-28 10:10 - 2012-09-12 07:08 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-08-28 10:10 - 2012-09-12 07:08 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-08-28 10:09 - 2012-09-12 07:08 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-08-24 10:05 - 2012-10-16 01:13 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-16 01:13 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-10-16 01:22 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-10-16 01:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-10-16 01:22 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-10-16 01:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-10-16 01:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-10-16 01:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-10-16 01:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-10-16 01:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-10-16 01:22 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-10-16 01:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-10-16 01:22 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-10-16 01:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-10-16 01:22 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-10-16 01:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-10-16 01:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-10-16 01:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-10-16 01:22 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-10-16 01:22 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-10-16 01:22 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-10-16 01:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-10-16 01:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-10-16 01:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-10-16 01:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-10-16 01:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-10-16 01:22 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-10-16 01:22 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-10-16 01:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-10-16 01:22 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-10-16 01:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-10-16 01:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-10-16 01:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-10-16 01:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 05:35 - 2012-08-23 05:35 - 00001597 ____A C:\Users\Public\Desktop\Dark Souls Prepare to Die Edition.lnk
2012-08-22 10:12 - 2012-10-16 01:17 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-10-16 01:17 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-10-16 01:17 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-22 10:12 - 2012-10-16 01:14 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-21 13:01 - 2012-10-16 01:14 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 04:14 - 2009-12-10 10:27 - 02177618 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-21 04:01 - 2012-08-21 04:01 - 00000705 ____A C:\Users\Public\Desktop\Final Fantasy VII.lnk
2012-08-21 03:57 - 2012-08-21 03:56 - 00006423 ____A C:\Users\Alberto\Documents\Uninstall Mass Effect 2.log
2012-08-21 03:01 - 2012-09-19 09:46 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 03:01 - 2009-11-26 16:13 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 03:01 - 2009-11-26 16:13 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-21 01:13 - 2012-10-12 08:18 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2012-10-12 08:18 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2012-10-12 08:18 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2012-10-12 08:18 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2012-10-12 08:18 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2012-10-12 08:18 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2012-10-12 08:18 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 01:12 - 2012-10-12 08:18 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2012-10-12 08:18 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-20 10:48 - 2012-10-16 01:16 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-16 01:16 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-16 01:16 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-16 01:16 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-16 01:16 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-16 01:16 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-16 01:16 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-16 01:16 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-16 01:16 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-16 01:16 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-16 01:16 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-16 01:16 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-16 01:16 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-16 01:16 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-16 01:16 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-16 01:16 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-16 01:16 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-16 01:16 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-16 01:16 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-16 01:16 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-16 01:13 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-16 01:13 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-08 09:26 - 2012-08-08 09:25 - 00000240 ____A C:\Users\Alberto\Documents\LegaEsateam.dat
2012-08-07 09:17 - 2010-11-07 10:31 - 00000021 ____A C:\Windows\SurCode.INI
2012-08-02 09:58 - 2012-10-16 01:16 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-10-16 01:16 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-27 20:09 - 2012-04-05 17:34 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-07-27 20:07 - 2012-07-27 20:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-07-27 19:43 - 2012-07-27 19:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll
2012-07-27 19:19 - 2012-07-27 19:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-07-27 18:50 - 2012-07-27 18:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb
2012-07-27 18:15 - 2012-07-27 18:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-07-27 18:15 - 2012-04-05 18:21 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-07-27 18:13 - 2011-04-26 09:20 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-07-27 18:10 - 2012-07-27 18:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-07-27 18:10 - 2012-07-27 18:10 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-07-27 18:09 - 2012-07-27 18:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-07-27 18:08 - 2012-07-27 18:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-07-27 18:08 - 2012-07-27 18:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-07-27 18:07 - 2012-07-27 18:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-07-27 17:51 - 2011-04-26 09:20 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-07-27 17:41 - 2012-07-27 17:41 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-07-27 17:39 - 2012-07-27 17:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap
2012-07-27 17:35 - 2012-07-27 17:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-07-27 17:35 - 2012-07-27 17:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-07-27 17:34 - 2012-07-27 17:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-07-27 17:32 - 2012-04-05 17:22 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-07-27 17:30 - 2012-07-27 17:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-07-27 17:25 - 2012-07-27 17:25 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-07-27 17:14 - 2012-07-27 17:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-07-27 17:14 - 2012-07-27 17:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-07-27 17:13 - 2012-07-27 17:13 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-07-27 17:13 - 2012-02-14 18:12 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-07-27 17:13 - 2011-07-28 12:53 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-07-27 17:13 - 2011-04-26 09:20 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-07-27 17:12 - 2012-07-27 17:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-07-25 11:22 - 2012-07-25 11:22 - 00000999 ____A C:\Users\Alberto\Desktop\L.A. Noire.lnk
2012-07-20 08:43 - 2012-03-11 03:49 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-07-20 08:42 - 2012-03-11 03:49 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-07-20 08:42 - 2012-03-11 03:49 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-07-20 08:42 - 2012-03-11 03:49 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-07-20 08:42 - 2012-03-11 03:49 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-07-20 08:42 - 2012-03-11 03:49 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-15 07:24:52
Restore point made on: 2012-10-15 12:17:25
Restore point made on: 2012-10-16 00:54:27
Restore point made on: 2012-10-16 00:54:56
Restore point made on: 2012-10-16 01:19:08
Restore point made on: 2012-10-16 04:14:47

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4087.05 MB
Available physical RAM: 3428.14 MB
Total Pagefile: 4085.2 MB
Available Pagefile: 3422.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:124.11 GB) (Free:38.54 GB) NTFS
2 Drive d: () (Fixed) (Total:149.05 GB) (Free:112.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Sistema) (Fixed) (Total:24.93 GB) (Free:24.67 GB) NTFS
5 Drive h: () (Removable) (Total:7.48 GB) (Free:7.41 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (1TB) (Fixed) (Total:931.51 GB) (Free:332.89 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 149 GB 6144 KB
Disk 2 Online 149 GB 0 B
Disk 3 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y 1TB NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 149 GB 8032 KB
Partition 1 Logical 24 GB 8064 KB
Partition 2 Logical 124 GB 24 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Sistema NTFS Partition 24 GB Healthy

=========================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 124 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 149 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7663 MB 0 B

==================================================================================

Disk: 3
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-10-16 03:17

==================== End Of Log =============================

Edited by nasdaq, 18 October 2012 - 06:58 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 PM

Posted 18 October 2012 - 07:16 AM

No suspicious malware found.

Please execute this File Checker tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted.

#11 albyok

albyok
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 18 October 2012 - 07:58 AM

No suspicious malware found.

Please execute this File Checker tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted.


I ran sfc /scannow but it said that everything is fine. If it can helps, the browser navigation now seems fine (for now) but for example, if I play any online game, it starts lag as hell. I tried the same games on the same network and they are fine.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 PM

Posted 18 October 2012 - 08:37 AM

Check the Virtual Memory on this computer.

Increase it if it is recommended.

Search for Virtual Memory and follow the instructions.

Keep me posted.

#13 albyok

albyok
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 18 October 2012 - 08:59 AM

Check the Virtual Memory on this computer.

Increase it if it is recommended.

Search for Virtual Memory and follow the instructions.

Keep me posted.


No improvements. There is something else we could do?

#14 albyok

albyok
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 18 October 2012 - 10:10 AM

More info:

For example, in games where I can see my ping, that is something around 400-500 (unplayable). In other games where I can't see my statistic, it freezes but I know it is the connection because my FPS are stuck at 60, so it's not something GPU or Memory related.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 PM

Posted 18 October 2012 - 12:47 PM

Run this MiniToolbox.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users