Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi i have big problem with awesomehp, log combofix


  • This topic is locked This topic is locked
4 replies to this topic

#1 AmenoEra97

AmenoEra97

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 15 March 2014 - 05:48 AM

  I am new    and i register have for  help me    with this awesomehp malware.

 

All browser  with start homepage awesome hp,    superantispyware professional scan  and   fix 26 problems  but    is equal,   always awesome hp.

 

i attach files combofix.txt here  for help me.

 

Please  i don't know how to do.

 

 

I uninstall anything    recent  software.

 

 

ComboFix 14-03-13.01 - RiccardoCandido 14/03/2014  15:40:24.1.2 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.3893.1834 [GMT 1:00]
Eseguito da: c:\users\Bet_01\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\install.exe
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\Bet_01\AppData\Local\dpqs.exe
c:\users\Bet_01\AppData\Local\qs.dll
c:\users\Bet_01\AppData\Local\qs64.dll
c:\windows\SysWow64\AdbWinApi.dll
c:\windows\SysWow64\AdbWinUsbApi.dll
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-02-14 al 2014-03-14  )))))))))))))))))))))))))))))))))))
.
.
2014-03-14 14:10 . 2014-03-14 14:10 -------- d-----w- c:\users\Bet_01\AppData\Roaming\QuickScan
2014-03-14 14:09 . 2014-03-14 14:09 -------- d-----w- c:\program files (x86)\Defender Pro Quick Scanner
2014-03-14 14:04 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3777CBC-C5BB-43AB-9A8E-38E2564E7777}\mpengine.dll
2014-03-13 18:57 . 2014-03-13 18:57 -------- d-----w- c:\users\Bet_01\AppData\Local\toolbarcleaner
2014-03-13 18:57 . 2014-03-13 18:57 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2014-03-13 18:57 . 2014-03-13 18:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2014-03-13 05:40 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 05:40 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 05:40 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 05:40 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-01 17:57 . 2014-03-01 17:57 -------- d-----w- C:\MiningSoftware
2014-02-25 16:57 . 2014-02-25 16:57 -------- d-----w- c:\users\Bet_01\AppData\Local\VS Revo Group
2014-02-25 16:57 . 2014-02-25 16:57 -------- d-----w- c:\programdata\VS Revo Group
2014-02-25 16:36 . 2014-03-10 15:32 -------- d-----w- C:\LOLHT Configs v2
2014-02-25 16:03 . 2014-02-25 16:03 888536 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-02-25 16:03 . 2014-02-25 16:03 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-02-25 15:47 . 2014-02-25 15:50 -------- d-----w- C:\ffaf2cd9704dab296677600a7799f314
2014-02-24 11:46 . 2014-02-24 11:47 -------- d-----w- C:\kleaner.tmp
2014-02-22 14:12 . 2014-02-22 14:12 -------- d-----w- c:\program files (x86)\Application Updater
2014-02-22 14:12 . 2014-02-22 14:12 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar
2014-02-19 18:07 . 2014-02-19 18:07 -------- d-----w- c:\users\Bet_01\AppData\Local\SplitMediaLabs
2014-02-19 17:54 . 2014-02-24 11:11 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2014-02-19 17:54 . 2014-02-19 17:54 -------- d-----w- c:\programdata\SplitMediaLabs
2014-02-19 17:53 . 2014-02-19 18:02 -------- d-----w- c:\users\Bet_01\AppData\Roaming\SplitMediaLabs
2014-02-17 11:37 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-02-17 11:36 . 2014-02-17 11:36 -------- d-----w- c:\program files\iPod
2014-02-17 11:36 . 2014-02-17 11:37 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 11:36 . 2014-02-17 11:37 -------- d-----w- c:\program files\iTunes
2014-02-17 11:36 . 2014-02-17 11:37 -------- d-----w- c:\program files (x86)\iTunes
2014-02-17 11:36 . 2014-02-17 11:36 -------- d-----w- c:\programdata\Apple Computer
2014-02-17 11:35 . 2014-02-17 11:35 -------- d-----w- c:\users\Bet_01\AppData\Local\Apple
2014-02-17 11:35 . 2014-02-17 11:35 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-02-17 11:33 . 2014-02-17 11:33 -------- d-----w- c:\program files\Bonjour
2014-02-17 11:33 . 2014-02-17 11:33 -------- d-----w- c:\program files (x86)\Bonjour
2014-02-17 11:33 . 2014-02-17 11:34 -------- d-----w- c:\programdata\Apple
2014-02-17 11:33 . 2014-02-24 11:07 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-02-17 11:25 . 2014-02-17 11:25 -------- d-----w- c:\users\Bet_01\AppData\Roaming\iFunBox.NXGen
2014-02-13 20:24 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 20:24 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 19:33 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-02-12 19:33 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-02-12 19:33 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 19:55 . 2012-05-22 16:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 19:55 . 2012-05-22 16:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-25 16:03 . 2012-05-22 16:01 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-02-16 19:09 . 2012-06-08 17:04 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-27 08:58 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-26 08:23 . 2013-12-26 08:23 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-26 08:23 . 2013-12-26 08:23 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-26 08:23 . 2013-12-26 08:23 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-26 08:23 . 2013-12-26 08:23 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-26 08:22 . 2013-12-26 08:22 197120 ----a-w- c:\windows\system32\credui.dll
2013-12-26 08:22 . 2013-12-26 08:22 1930752 ----a-w- c:\windows\system32\authui.dll
2013-12-26 08:22 . 2013-12-26 08:22 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-12-26 08:22 . 2013-12-26 08:22 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-12-26 08:22 . 2013-12-26 08:22 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-12-26 08:22 . 2013-12-26 08:22 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll" [2014-02-19 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2014-02-19 11:17 1398592 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll" [2014-02-19 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-12-09 2285344]
"QuickScanner"="c:\program files (x86)\Defender Pro Quick Scanner\quickscan.exe" [2013-03-21 14483800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2014-02-19 1387328]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2013-05-31 235072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64; [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys;c:\windows\SYSNATIVE\drivers\rstescu.sys [x]
R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys;c:\windows\SYSNATIVE\drivers\rstescu1.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver; [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys;c:\windows\SYSNATIVE\drivers\rstfltr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 VFPRadioSupportService;Supporto alle funzioni Bluetooth;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:43 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 19:55]
.
2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-22 16:22]
.
2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-22 16:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-03-13 18:38 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE64.dll" [2014-02-19 1997120]
.
[HKEY_CLASSES_ROOT\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-02-24 13662936]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2013-10-17 682840]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT
mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT&q={searchTerms}
mDefault_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT
mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C414D2E-69BD-4ED4-BB1F-2C668954EF5F}\4505D2C494E4B4F5835414334423: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7C414D2E-69BD-4ED4-BB1F-2C668954EF5F}\64259445A51224F68773137303: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7C414D2E-69BD-4ED4-BB1F-2C668954EF5F}\64F4E4F5743413: NameServer = 8.8.8.8,8.8.4.4
DPF: {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} - hxxp://192.168.1.2/RSVideoOcx.cab
FF - ProfilePath - c:\users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.search-guide.info/?pid=34&r=2013/11/05&hid=17597417000284351675&lg=EN&cc=IT&unqvl=40&l=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=hp_4802
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-01-14 19:13; iobitapps@mybrowserbar.com; c:\program files (x86)\IObit Apps Toolbar\FF
FF - ExtSQL: 2014-03-13 19:32; quick_start@gmail.com; c:\users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\extensions\quick_start@gmail.com
FF - ExtSQL: !HIDDEN! 2013-09-01 13:13; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2014-03-13 19:32; quick_start@gmail.com; c:\users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\extensions\quick_start@gmail.com
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1394656667
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1394653187
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1394656547
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1394656787
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1394653066
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 358400
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size.use_old_max - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 358400
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.download.panel.firstSessionCompleted - true
FF - user.js: browser.download.panel.shown - true
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.migration.version - 13
FF - user.js: browser.newtabpage.storageVersion - 1
FF - user.js: browser.pagethumbnails.storage_version - 3
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultengine - Google
FF - user.js: browser.search.defaultenginename - Yahoo!
FF - user.js: browser.search.defaultenginename,S - WebSearch
FF - user.js: browser.search.defaultthis.engineName - 
FF - user.js: browser.search.defaulturl - hxxp://websearch.search-guide.info/?pid=34&r=2013/11/05&hid=17597417000284351675&lg=EN&cc=IT&unqvl=40&l=1&q=
FF - user.js: browser.search.order.1 - WebSearch
FF - user.js: browser.search.order.1,S - WebSearch
FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&ilc=12&type=198484
FF - user.js: browser.search.selectedEngine,S - WebSearch
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.slowStartup.averageTime - 10699
FF - user.js: browser.slowStartup.samples - 4
FF - user.js: browser.startup.homepage_override.buildID - 20130814063812
FF - user.js: browser.startup.homepage_override.mstone - 23.0.1
FF - user.js: browser.startup.page - 3
FF - user.js: browser.syncPromoViewsLeftMap - {\passwords\:3}
FF - user.js: browser.taskbar.lastgroupid - E7CF176E110C211B
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: coupons.cnid - 198484
FF - user.js: coupons.installed - 1
FF - user.js: coupons.isn - 14EC836E40CAC535CD621968B81D7FB1
FF - user.js: coupons.pingInterval - 604800
FF - user.js: coupons.ping_ts - 1394652835674
FF - user.js: coupons.url - //savingsslider-a.akamaihd.net/loaders/1036/l.js?aoi=1311798366&pid=1036&zoneid=157104
FF - user.js: datareporting.healthreport.lastDataSubmissionRequestedTime - 1394652896135
FF - user.js: datareporting.healthreport.lastDataSubmissionSuccessfulTime - 1394652899091
FF - user.js: datareporting.healthreport.nextDataSubmissionTime - 1394739299091
FF - user.js: datareporting.healthreport.service.firstRun - true
FF - user.js: datareporting.policy.dataSubmissionPolicyAccepted - true
FF - user.js: datareporting.policy.dataSubmissionPolicyAcceptedVersion - 1
FF - user.js: datareporting.policy.dataSubmissionPolicyNotifiedTime - 1375277915437
FF - user.js: datareporting.policy.dataSubmissionPolicyResponseTime - 1375277920630
FF - user.js: datareporting.policy.dataSubmissionPolicyResponseType - accepted-info-bar-dismissed
FF - user.js: datareporting.policy.firstRunTime - 1371582483256
FF - user.js: datareporting.sessions.current.activeTicks - 5
FF - user.js: datareporting.sessions.current.firstPaint - 4462
FF - user.js: datareporting.sessions.current.main - 301
FF - user.js: datareporting.sessions.current.sessionRestored - 4508
FF - user.js: datareporting.sessions.current.startTime - 1394735825872
FF - user.js: datareporting.sessions.current.totalTime - 29
FF - user.js: datareporting.sessions.currentIndex - 60
FF - user.js: datareporting.sessions.previous.58 - {\s\:1394652818505,\a\:123,\t\:5295,\c\:true,\m\:1953,\fp\:15988,\sr\:16881}
FF - user.js: datareporting.sessions.previous.59 - {\s\:1394735071082,\a\:6,\t\:37,\c\:false,\m\:1642,\fp\:7621,\sr\:7756}
FF - user.js: datareporting.sessions.prunedIndex - 57
FF - user.js: dom.w3c_touch_events.expose - false
FF - user.js: extensions.51912a054a3a8.epoch - 1376129213
FF - user.js: extensions.51912a054a3a8.url - hxxp://getjpi1.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getjpijs.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getjpinet.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getjpit.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getsrv1.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getjpiproxy.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getsync.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getproxy5.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1;http://getsrv.info/sync2/?ext=ctos&pid=727&country=IT&regd=130513175933&lsd=130809100653&ver=7&ind=3407358788&ssd=845422372&hid=3541697899&bs=1
FF - user.js: extensions.blocklist.pingCountTotal - 29
FF - user.js: extensions.blocklist.pingCountVersion - 5
FF - user.js: extensions.bootstrappedAddons - {\adsremoval@adsremoval.net\:{\version\:\1.0.0\,\type\:\extension\,\descriptor\:\c:\\\\Users\\\\Bet_01\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qn7h78vd.default\\\\extensions\\\\adsremoval@adsremoval.net\}}
FF - user.js: extensions.databaseSchema - 14
FF - user.js: extensions.dealply.channel - _elex1
FF - user.js: extensions.dealply.installId - _v24863210435463007673352013052912235233
FF - user.js: extensions.dealply.installIdSource - _inst
FF - user.js: extensions.dealply.lastHeartBitDate - 2013_7_9
FF - user.js: extensions.dealply.partner - _elex
FF - user.js: extensions.dealply.sampleGroup - 3
FF - user.js: extensions.enabledAddons - %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,savingsslider%40mybrowserbar.com:2.8,%7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js: extensions.hotfix.certs.1.sha1Fingerprint - 91:53:0C:C1:86:47:8F:22:9E:C9:A7:31:49:A1:AA
FF - user.js: extensions.hotfix.lastVersion - 20130826.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files (x86)\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1378034021240,\rdfTime\:1242935658000},\{ABDE892B-13A8-4d1b-88E6-365A6E755758}\:{\descriptor\:\c:\\\\ProgramData\\\\RealNetworks\\\\RealDownloader\\\\BrowserPlugins\\\\Firefox\\\\Ext\,\mtime\:1378300658915,\rdfTime\:1376486342000},\quick_start@gmail.com\:{\descriptor\:\c:\\\\Users\\\\Bet_01\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qn7h78vd.default\\\\extensions\\\\quick_start@gmail.com\,\mtime\:1394735545989,\rdfTime\:1394125506000}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1377157540664,\rdfTime\:1377157540598}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files (x86)\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1378034021240,\rdfTime\:1242935658000}}},{\name\:\app-profile\,\addons\:{\adsremoval@adsremoval.net\:{\descriptor\:\c:\\\\Users\\\\Bet_01\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qn7h78vd.default\\\\extensions\\\\adsremoval@adsremoval.net\,\mtime\:1394735548470,\rdfTime\:1384360214000},\iobitapps@mybrowserbar.com\:{\descriptor\:\c:\\\\Program Files (x86)\\\\IObit Apps Toolbar\\\\FF\,\mtime\:1393078369295,\rdfTime\:1392808684000},\quick_start@gmail.com\:{\descriptor\:\c:\\\\Users\\\\Bet_01\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qn7h78vd.default\\\\extensions\\\\quick_start@gmail.com\,\mtime\:1394735545989,\rdfTime\:1394125506000},\savingsslider@mybrowserbar.com\:{\descriptor\:\c:\\\\Users\\\\Bet_01\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qn7h78vd.default\\\\extensions\\\\savingsslider@mybrowserbar.com\,\mtime\:1388676138287,\rdfTime\:1388676138286},\{58d2a791-6199-482f-a9aa-9b725ec61362}\:{\descriptor\:\c:\\\\Users\\\\Bet_01\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qn7h78vd.default\\\\extensions\\\\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi\,\mtime\:1394735073009},\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\:{\descriptor\:\c:\\\\Users\\\\Bet_01\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qn7h78vd.default\\\\extensions\\\\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\,\mtime\:1385826174089,\rdfTime\:1380799558000}}}]
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
FF - user.js: extensions.irmysearch.cr - 955374372
FF - user.js: extensions.irmysearch.instlRef - 
FF - user.js: extensions.lastAppVersion - 23.0.1
FF - user.js: extensions.lastPlatformVersion - 23.0.1
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
FF - user.js: extensions.mysearchdial.cr - 955374372
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=955374372&ir=
FF - user.js: extensions.mysearchdial.id - E4D53DBFC5E8050E
FF - user.js: extensions.mysearchdial.instlDay - 16014
FF - user.js: extensions.mysearchdial.instlRef - 
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=955374372&ir=
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=955374372&ir=&q=
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:42:2
FF - user.js: extensions.nspdl.aflt - irmsd103
FF - user.js: extensions.nspdl.cd - 2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
FF - user.js: extensions.nspdl.cr - 955374372
FF - user.js: extensions.nspdl.data.activeDate - 20140228
FF - user.js: extensions.nspdl.data.aliveDate - 20140228
FF - user.js: extensions.nspdl.data.cc - it
FF - user.js: extensions.nspdl.data.configDate - 20140228
FF - user.js: extensions.nspdl.data.instlDate - 20131130
FF - user.js: extensions.nspdl.data.ra-44e7a62cdd62070dd44923071bd3bbd7 - deda869d6e8f662f3b035409a28a1f16
FF - user.js: extensions.nspdl.data.ra-94ca1749a7def8c8d0d9fa800563d78d - feeef2aebb0b2cbd902e29a53ef67bb7
FF - user.js: extensions.nspdl.data.ra-abc402c70e46e8cc70f0532c455a3c97 - 284c290faff5be0a837279d92b097d77
FF - user.js: extensions.nspdl.general.content - favorites-36ff6e6a100bfb093f18aff0c412be51
FF - user.js: extensions.nspdl.general.firstRun - false
FF - user.js: extensions.nspdl.general.guid - 84f2f0c7-452a-4ecf-ad86-8e944166115a
FF - user.js: extensions.nspdl.general.version - 9.5.3
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.pluswinks@PlusWinks.mzID - 63
FF - user.js: extensions.searchads.currentVersion - 1.0.0
FF - user.js: extensions.searchads.insertFlag - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.visualbee.admin - false
FF - user.js: extensions.visualbee.aflt - babsst
FF - user.js: extensions.visualbee.appId - {9C69AD01-2505-4FA3-BF08-38DCFB0BF6B3}
FF - user.js: extensions.visualbee.autoRvrt - false
FF - user.js: extensions.visualbee.dfltLng - en
FF - user.js: extensions.visualbee.excTlbr - false
FF - user.js: extensions.visualbee.id - de48050e000000000000e0ca9494e792
FF - user.js: extensions.visualbee.instlDay - 15837
FF - user.js: extensions.visualbee.instlRef - sst
FF - user.js: extensions.visualbee.newTab - false
FF - user.js: extensions.visualbee.prdct - visualbee
FF - user.js: extensions.visualbee.prtnrId - visualbee
FF - user.js: extensions.visualbee.rvrt - false
FF - user.js: extensions.visualbee.smplGrp - none
FF - user.js: extensions.visualbee.tlbrId - base
FF - user.js: extensions.visualbee.tlbrSrchUrl - 
FF - user.js: extensions.visualbee.vrsn - 1.8.9.1
FF - user.js: extensions.visualbee.vrsnTs - 1.8.9.111:01
FF - user.js: extensions.visualbee.vrsni - 1.8.9.1
FF - user.js: extensions.widdit9580.installDate - 2013-11-4
FF - user.js: extensions.widdit9580.isTrackedInstall - true
FF - user.js: extensions.widdit9580.isUninstallPageShown - false
FF - user.js: gecko.buildID - 20130814063812
FF - user.js: gecko.mstone - 23.0.1
FF - user.js: general.useragent.extra.btrs - BTRS102261
FF - user.js: idle.lastDailyNotification - 1394653307
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-15, windows-1252, ISO-8859-1, UTF-8
FF - user.js: layout.spellcheckDefault - 0
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.proxy.gopher - 
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.share_proxy_settings - true
FF - user.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: pdfjs.migrationVersion - 1
FF - user.js: pdfjs.previousHandler.alwaysAskBeforeHandling - true
FF - user.js: pdfjs.previousHandler.preferredAction - 4
FF - user.js: places.database.lastMaintenance - 1394652896
FF - user.js: places.history.expiration.transient_current_max_pages - 102041
FF - user.js: plugin.disable_full_page_plugin_for_types - application/pdf
FF - user.js: plugin.expose_full_path - true
FF - user.js: plugin.importedState - true
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: print_printer - \\\\BET_01P-MSI\\Meteor SPRINT_b1
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_bgcolor - false
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_bgimages - false
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_colorspace - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_command - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_downloadfonts - false
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_edge_bottom - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_edge_left - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_edge_right - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_edge_top - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_evenpages - true
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_footercenter - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_footerleft - &U
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_footerright - &D
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_headercenter - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_headerleft - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_headerright - &U
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_in_color - true
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_margin_bottom - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_margin_left - 0.100000001490116
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_margin_right - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_margin_top - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_oddpages - true
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_orientation - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_page_delay - 50
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_paper_data - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_paper_height -  11,00
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_paper_name - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_paper_size_type - 1
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_paper_size_unit - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_paper_width -   8,50
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_plex_name - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_resolution_name - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_reversed - false
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_scaling -   1,00
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_shrink_to_fit - false
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_to_file - false
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_to_filename - 
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_unwriteable_margin_bottom - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_unwriteable_margin_left - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_unwriteable_margin_right - 0
FF - user.js: printer_\\\\BET_01P-MSI\\Meteor_SPRINT_b1.print_unwriteable_margin_top - 0
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: startpage.cnid - 198484
FF - user.js: startpage.installed - 1
FF - user.js: startpage.isn - FA544215D2A71C15BB9E98F56FAE2CF4
FF - user.js: startpage.ntsearch_url - hxxp://it.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=198484&p={searchTerms}
FF - user.js: startpage.pingInterval - 604800
FF - user.js: startpage.ping_ts - 1394652835674
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1393605223
FF - user.js: toolkit.startup.last_success - 1394735826
FF - user.js: toolkit.telemetry.previousBuildID - 20130814063812
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: ui.submenuDelay - 0
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1397244837
FF - user.js: xpinstall.whitelist.add - 
FF - user.js: xpinstall.whitelist.add.180 - 
FF - user.js: xpinstall.whitelist.add.36 - 
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.sessionstore.resume_session_once - false
FF - user.js: browser.sessionstore.max_tabs_undo - 0
FF - user.js: browser.sessionstore.max_windows_undo - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
FF - user.js: extensions.irmysearch.cr - 955374372
FF - user.js: extensions.irmysearch.instlRef - 
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
FF - user.js: extensions.mysearchdial.cr - 955374372
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=955374372&ir=
FF - user.js: extensions.mysearchdial.id - E4D53DBFC5E8050E
FF - user.js: extensions.mysearchdial.instlDay - 16014
FF - user.js: extensions.mysearchdial.instlRef - 
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=955374372&ir=
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=955374372&ir=&q=
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:42:2
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1421942400-503860325-3755158669-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1421942400-503860325-3755158669-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Ora fine scansione: 2014-03-14  16:33:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2014-03-14 15:33
.
Pre-Run: 219.581.865.984 bytes free
Post-Run: 219.460.022.272 bytes free
.
- - End Of File - - C1A3D939A894E74309B999171E72E5DF
A36C5E4F47E84449FF07ED3517B43A31
 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:45 PM

Posted 15 March 2014 - 01:50 PM

Hello AmenoEra97,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

  • Once scan has finished click the Clean button
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

3.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

Things to include in your next reply::

AdwCleaner log

JRT.txt

Roguekiller log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 AmenoEra97

AmenoEra97
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 16 March 2014 - 03:35 AM

ok, thank you for having responded to me now I try to do what I've written.
 
For one thing, I had already downloaded adwcleaner But the strange thing is that it stops when it gets control of the browser. There are more than 10 minutes and as a result I'm going to close. Should I wait? it is strange that it takes a long time.
 
I close  but  equal have report.   But    google crhome no report.
 
Adwcleaner:

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 09:44:43
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : RiccardoCandido - RICCARDO
# Running from : C:\Users\Bet_01\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Application Updater

***** [ Files / Folders ] *****

File Found : C:\Users\Bet_01\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Bet_01\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\searchplugins\WebSearch.xml
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\searchplugins\WebSearch.xml
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\searchplugins\WebSearch.xml
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\user.js
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\user.js
File Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\user.js
Folder Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\Extensions\quick_start@gmail.com
Folder Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\Extensions\quick_start@gmail.com
Folder Found : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\Extensions\quick_start@gmail.com
Folder Found C:\Program Files (x86)\Application Updater
Folder Found C:\Program Files (x86)\Common Files\Spigot
Folder Found C:\Program Files (x86)\IObit Apps Toolbar
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\ProgramData\Anti-phishing Domain Advisor
Folder Found C:\ProgramData\SafetyNut
Folder Found C:\ProgramData\wincert
Folder Found C:\Users\Bet_01\AppData\Local\Slick Savings
Folder Found C:\Users\Bet_01\AppData\Local\Slick Savings
Folder Found C:\Users\Bet_01\AppData\Local\somotomoviestoolbar1
Folder Found C:\Users\Bet_01\AppData\Local\somotomoviestoolbar1
Folder Found C:\Users\Bet_01\AppData\Local\toolbarcleaner
Folder Found C:\Users\Bet_01\AppData\Local\toolbarcleaner
Folder Found C:\Users\Bet_01\AppData\LocalLow\Search Settings
Folder Found C:\Users\Bet_01\AppData\LocalLow\Search Settings
Folder Found C:\Users\Bet_01\AppData\LocalLow\somotomoviestoolbar1
Folder Found C:\Users\Bet_01\AppData\LocalLow\somotomoviestoolbar1
Folder Found C:\Users\Bet_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
Folder Found C:\Users\Bet_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
Folder Found C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\somotomoviestoolbar1
Folder Found C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\somotomoviestoolbar1
Folder Found C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\somotomoviestoolbar1
Folder Found C:\Users\Bet_01\AppData\Roaming\pluswinks
Folder Found C:\Users\Bet_01\AppData\Roaming\pluswinks
Folder Found C:\Users\Bet_01\AppData\Roaming\SendSpace
Folder Found C:\Users\Bet_01\AppData\Roaming\SendSpace
Folder Found C:\Windows\SysWOW64\AI_RecycleBin
Folder Found C:\Windows\SysWOW64\hotspot shield

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet & Sicurezza\Mozilla Firefox.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\Users\Bet_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\Users\Bet_01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\Users\Bet_01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\Users\Bet_01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\Users\Bet_01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\Users\Bet_01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )
Shortcut Found : C:\Users\Bet_01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( http://www.awesomehp.com/?type=sc&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT )

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SafetyNut
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\somotomoviestoolbar1
Key Found : HKCU64\Software\1ClickDownload
Key Found : HKCU64\Software\anchorfree
Key Found : HKCU64\Software\InstallCore
Key Found : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU64\Software\Myfree Codec
Key Found : HKCU64\Software\SafetyNut
Key Found : HKCU64\Software\Search Settings
Key Found : HKCU64\Software\Softonic
Key Found : HKCU64\Software\somotomoviestoolbar1
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\Software\hdcode
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\winzipersvc
Key Found : HKLM64\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM64\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM64\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Key Found : HKLM64\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM64\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Value Found : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - http://www.awesomehp.com/?type=hp&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - http://www.awesomehp.com/web/?type=ds&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - http://www.awesomehp.com/?type=hp&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - http://www.awesomehp.com/?type=hp&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - http://www.awesomehp.com/web/?type=ds&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - http://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=955374372&ir=
Setting Found : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - http://www.awesomehp.com/?type=hp&ts=1394735456&from=ild&uid=TOSHIBAXMK3276GSX_Z1HRC10TTXXZ1HRC10TT

-\\ Mozilla Firefox v27.0.1 (it)

[ File : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "http://websearch.search-guide.info/?pid=34&r=2013/11/05&hid=17597417000284351675&lg=EN&cc=IT&unqvl=40&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Line Found : user_pref("extensions.mysearchdial.cr", "955374372");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Line Found : user_pref("extensions.mysearchdial.id", "E4D53DBFC5E8050E");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16014");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:42:2");

[ File : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "http://websearch.search-guide.info/?pid=34&r=2013/11/05&hid=17597417000284351675&lg=EN&cc=IT&unqvl=40&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Line Found : user_pref("extensions.mysearchdial.cr", "955374372");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Line Found : user_pref("extensions.mysearchdial.id", "E4D53DBFC5E8050E");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16014");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:42:2");

[ File : C:\Users\Bet_01\AppData\Roaming\Mozilla\Firefox\Profiles\qn7h78vd.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "http://websearch.search-guide.info/?pid=34&r=2013/11/05&hid=17597417000284351675&lg=EN&cc=IT&unqvl=40&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Line Found : user_pref("extensions.mysearchdial.cr", "955374372");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Line Found : user_pref("extensions.mysearchdial.id", "E4D53DBFC5E8050E");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16014");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:42:2");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Bet_01\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

 

Junkware removal tool :

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by RiccardoCandido on 16/03/2014 at 10:05:28,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\anti-phishing domain advisor
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (6)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (6)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (6)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (6)_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{430C774C-BE53-B081-F314-4D98FF4A73EE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{546FE855-9957-425A-CFD1-204046432F38}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\anti-phishing domain advisor"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Bet_01\AppData\Roaming\pluswinks"
Successfully deleted: [Folder] "C:\Users\Bet_01\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Bet_01\appdata\local\slick savings"
Successfully deleted: [Folder] "C:\Users\Bet_01\appdata\local\thinstall"
Successfully deleted: [Folder] "C:\Users\Bet_01\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Bet_01\appdata\local\{17194A88-EF0B-4B01-A1A0-BB2607C8161F}
Successfully deleted: [Empty Folder] C:\Users\Bet_01\appdata\local\{28464C81-AA6B-4F68-B584-2BCE884DC7C6}
Successfully deleted: [Empty Folder] C:\Users\Bet_01\appdata\local\{A49E73F0-B7F9-4B81-A94A-3FDEED73F5EC}
Successfully deleted: [Empty Folder] C:\Users\Bet_01\appdata\local\{A7A3E23D-8137-4F9C-9971-3BB3CA99BE6E}
Successfully deleted: [Empty Folder] C:\Users\Bet_01\appdata\local\{EA02BE20-9A72-4521-9D44-72109950CC8D}



~~~ FireFox

Successfully deleted: [File] C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\user.js
Successfully deleted: [File] C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\searchplugins\mysearchdial.xml
Successfully deleted: [File] C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\searchplugins\websearch.xml
Successfully deleted: [Folder] C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\extensions\savingsslider@mybrowserbar.com
Successfully deleted: [Folder] C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted the following from C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\prefs.js

user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.search-guide.info/?pid=34&r=2013/11/05&hid=17597417000284351675&lg=EN&cc=IT&unqvl=40&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.mysearchdial.aflt", "irmsd103");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
user_pref("extensions.mysearchdial.cr", "955374372");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtF
user_pref("extensions.mysearchdial.id", "E4D53DBFC5E8050E");
user_pref("extensions.mysearchdial.instlDay", "16014");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtFtB
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0B0F0CyD0EzztDyDtD0EtN0D0Tzu0CyCyByDtN1L2XzutBtF
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:42:2");
Emptied folder: C:\Users\Bet_01\AppData\Roaming\mozilla\firefox\profiles\qn7h78vd.default\minidumps [18 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/03/2014 at 10:12:25,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

RogueKiller,  i no fix shotchuts or host or services,   appear  keys registry   i have always open, no close.

 

 

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : RiccardoCandido [Admin rights]
Mode : Scan -- Date : 03/16/2014 10:17:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 20 ¤¤¤
[IFEO] HKLM\[...]\quickscan.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\RUNSAS.EXE : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\SASCore64.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\SASTask.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\sas_enum_cookies.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\SSUpdate64.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\SUPERAntiSpyware.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\SUPERDelete.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\visicom_antiphishing.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] qn7h78vd.default : Quick Start

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3276GSX SCSI Disk Device +++++
--- User ---
[MBR] f3c7f8356230ce21a972436a1e11bc5f
[BSP] 10156bb398fe4131e44b5c8112c00ded : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 4198400 | Size: 303194 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03162014_101742.txt >>



 


Edited by AmenoEra97, 16 March 2014 - 04:27 AM.


#4 AmenoEra97

AmenoEra97
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 16 March 2014 - 08:25 AM

I solved it by just using hijackthis and HitmanPro         Mozilla firefox and google crhome ok   but IE nothing. 

 

I don't need IE   for me is equal.



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:45 PM

Posted 16 March 2014 - 11:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users