Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware: istart.webssearches.com & speedial


  • This topic is locked This topic is locked
14 replies to this topic

#1 ceciliat

ceciliat

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 27 March 2014 - 03:23 PM

Some malwares are affecting my computer. This process started yesterday when it was installed on my pc a false java update. Too quickly to realize it was a fake.

 

Now. Every start page on all my pc's browsers (Chrome, Explorer and Firefox) refers to istart.webssearches.com or speedial.com, even thought I try to delete it manually. Navigation is slowly and popups/message error came with a quite high frequence

 

After an entire afternoon passing through scan my pc, read tutorial and try to modify the browser setting, the problem still remains.

 

You can find the file log I've got from DDS sUBs attached below.

I look forward to hearing from you, kind regards.

Attached File  dds.txt   20.12KB   3 downloads

 

ceciliat

 

 



BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:13 PM

Posted 28 March 2014 - 04:55 AM

:welcome:

Hello ceciliat,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 05:21 AM

Thank you Jo

I will do it immediatly! And I let you now in a bit



#4 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 05:55 AM

 Results of screen317's Security Check version 0.99.81  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
F-Secure Client Security 8.00   
Norton Internet Security        
 Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 12.0.0.77  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````
 Norton ccSvcHst.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
OTL logfile created on: 28/03/2014 11.33.54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andrea\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 52,97% Memory free
6,20 Gb Paging File | 4,75 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 49,76 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 111,46 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: PC-ANDREA | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andrea\Documents\Downloads\SecurityCheck.exe ()
PRC - C:\Users\Andrea\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Re-markit-soft\Re-markit_wd.exe ()
PRC - C:\Programmi\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Andrea\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programmi\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programmi\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programmi\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Programmi\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Programmi\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\common\FNRB32.exe (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\common\FIH32.exe (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\Anti-Virus\fsqh.exe (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programmi\F-Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Andrea\Documents\Downloads\SecurityCheck.exe ()
MOD - C:\Programmi\Re-markit-soft\Re-markit_wd.exe ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\BatchCrypto.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Utilità di pianificazione di LiveUpdate automatico) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Programmi\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TomTomHOMEService) -- C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (odserv) -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programmi\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Programmi\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (FSORSPClient) -- C:\Programmi\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programmi\F-Secure\common\FNRB32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programmi\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSAUA) -- C:\Programmi\F-Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (WinDefend) -- C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programmi\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (IAANTMON) -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ose) -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20140327.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20140319.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20140327.034\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20140327.034\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programmi\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programmi\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (F-Secure Gatekeeper) -- C:\Programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys (Symantec Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (F-Secure Filter) -- C:\Programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programmi\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (fsvista) -- C:\Programmi\F-Secure\Anti-Virus\minifilter\fsvista.sys ()
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) -- C:\Windows\System32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Andrea\Documents\Desktop\matrimonio zia teresa
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http:///?type=hp&ts=1395847687&fro [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {D6FE2BCD-65C4-490D-B6D7-F71C39C560FF}
IE - HKCU\..\SearchScopes\{002EC188-CC2D-463F-B0B3-4387A71AFA16}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{258804B2-9281-4F4D-9EE9-E57AB72D06D2}: "URL" = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7AURU_itIT500
IE - HKCU\..\SearchScopes\{D6FE2BCD-65C4-490D-B6D7-F71C39C560FF}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7AURU_itIT500
IE - HKCU\..\SearchScopes\657F9071677040398661592586E64AC8: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7AURU_itIT500
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:4.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.9.0.12585
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605a
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2011/07/24 16.02.00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn_2010_9_0_6 [2014/03/28 08.05.49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/26 11.36.03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/19 17.15.12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{10ea107a-1e21-48af-be43-9e461589fa89}: C:\Program Files\Re-markit-soft\157.xpi [2014/03/25 20.33.13 | 000,011,030 | ---- | M] ()
 
[2010/06/04 18.57.11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions
[2008/03/31 23.07.19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010/06/04 18.57.11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2014/03/27 20.11.22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\fy1n5y3v.default\extensions
[2010/12/04 11.06.54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\fy1n5y3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/20 15.51.03 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\fy1n5y3v.default\extensions\piclens@cooliris.com
[2014/02/26 11.36.05 | 000,327,582 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\fy1n5y3v.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2014/03/27 19.42.17 | 000,002,761 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\fy1n5y3v.default\searchplugins\Speedial.xml
[2011/10/05 20.04.26 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2013/06/23 15.13.16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/23 15.13.15 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2013/06/23 15.13.16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/23 15.13.16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/26 11.36.02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/24 20.52.00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2014/02/26 11.35.57 | 000,001,393 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml
[2014/02/26 11.35.57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2014/02/26 11.35.57 | 000,000,744 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2014/02/26 11.35.57 | 000,000,817 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2014/03/25 20.35.25 | 000,000,588 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webssearches.xml
[2014/02/26 11.35.57 | 000,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2014/02/26 11.35.57 | 000,000,953 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Documenti Google = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: McAfee Security Scan+ = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_1\
CHR - Extension: Ricerca Google = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Speedial = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhdmnlahnibaaldaooffaedbebplfll\9.4.15_0\
CHR - Extension: Skype Click to Call = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Google Wallet = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2006/09/18 22.41.30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programmi\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (speedial Helper Object) - {7876223F-E036-46E1-ADCB-071CB7C9C475} - C:\Programmi\Speedial\1.8.29.15\bh\speedial.dll (Speedial)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (speedial Toolbar) - {5D6B65F4-45C4-4F65-848C-B9EB064F1CEF} - C:\Programmi\Speedial\1.8.29.15\speedialTlbr.dll (Speedial)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC3941C2-2D07-4731-9457-0EAAF704E1BA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programmi\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SupTab\SEARCH~1.DLL) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d7d4cd28-f211-11dd-95ef-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{d7d4cd28-f211-11dd-95ef-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/27 20.06.43 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Desktop\log
[2014/03/27 20.01.19 | 000,000,000 | R--D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/27 20.01.19 | 000,000,000 | R--D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/27 19.49.17 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Skype
[2014/03/27 19.48.58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/27 19.48.57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/03/27 19.25.30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/27 19.00.45 | 000,000,000 | ---D | C] -- C:\Program Files\Mega Browse
[2014/03/27 18.59.29 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Speedial
[2014/03/27 18.59.26 | 000,000,000 | ---D | C] -- C:\Program Files\Speedial
[2014/03/27 18.07.34 | 000,000,000 | ---D | C] -- C:\ProgramData\Max Secure
[2014/03/27 17.57.13 | 235,689,432 | ---- | C] (Max Secure Software                                         ) -- C:\Users\Andrea\Documents\Desktop\MaxSpywaredetector.exe
[2014/03/27 17.52.29 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Desktop\Downloads
[2014/03/27 17.52.28 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\GetRightToGo
[2014/03/26 17.07.25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/03/25 20.41.38 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\webssearches
[2014/03/25 20.33.13 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit-soft
[2014/03/15 20.01.50 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Desktop\sergio incitti
[2014/03/15 19.45.32 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Desktop\edizioni art
[2014/03/12 20.14.00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/03/12 20.12.57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/12 20.12.52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/12 20.12.41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/12 20.12.35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/12 20.12.07 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/12 20.12.06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/03/12 20.10.45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/11 21.57.38 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/11 21.57.36 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/11 21.57.33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/11 21.57.19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/02/27 10.33.52 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andrea\AppData\Local\*.tmp files -> C:\Users\Andrea\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/28 10.58.00 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-154340735-3437925644-4082031333-1003UA.job
[2014/03/28 10.57.00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 10.50.00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/28 10.05.07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 10.05.07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 09.39.08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/28 08.11.29 | 000,774,352 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2014/03/28 08.11.29 | 000,686,362 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/28 08.11.29 | 000,167,214 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2014/03/28 08.11.29 | 000,140,260 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/28 08.05.35 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/28 08.05.12 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/28 00.51.54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/03/27 20.58.00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-154340735-3437925644-4082031333-1003Core.job
[2014/03/27 19.48.58 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/27 19.34.30 | 000,378,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/27 18.59.55 | 000,406,368 | ---- | M] () -- C:\Users\Andrea\AppData\Local\speedial.crx
[2014/03/27 17.58.13 | 235,689,432 | ---- | M] (Max Secure Software                                         ) -- C:\Users\Andrea\Documents\Desktop\MaxSpywaredetector.exe
[2014/03/25 20.41.16 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/25 20.41.15 | 000,002,283 | ---- | M] () -- C:\Users\Andrea\Documents\Desktop\Google Chrome.lnk
[2014/03/25 20.41.15 | 000,001,157 | ---- | M] () -- C:\Users\Andrea\Documents\Desktop\Launch Internet Explorer Browser.lnk
[2014/03/25 20.40.57 | 000,000,318 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\aps.uninstall.scan.results
[2014/03/25 20.33.26 | 000,000,270 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/11 22.50.18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/11 22.50.18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andrea\AppData\Local\*.tmp files -> C:\Users\Andrea\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/27 19.48.58 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/27 18.59.57 | 000,406,368 | ---- | C] () -- C:\Users\Andrea\AppData\Local\speedial.crx
[2014/03/25 20.40.07 | 000,000,318 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\aps.uninstall.scan.results
[2014/03/25 20.33.52 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/25 20.33.26 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/25 18.55.19 | 000,000,104 | ---- | C] () -- C:\Users\Andrea\Cestino - collegamento.lnk
[2009/03/06 20.21.38 | 000,024,227 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\UserTile.png
[2008/05/27 15.32.55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/04/01 13.56.21 | 000,006,144 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 21.52.32 | 000,000,680 | ---- | C] () -- C:\Users\Andrea\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 13.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/07/26 18.54.05 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\EPSON
[2009/05/08 16.17.42 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\F-Secure
[2014/03/27 17.53.02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\GetRightToGo
[2008/03/31 23.07.15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Participatory Culture Foundation
[2008/04/04 07.41.25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PCF-VLC
[2009/03/06 20.21.37 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PeerNetworking
[2014/03/27 18.59.29 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Speedial
[2012/05/10 15.58.22 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Synaptics
[2008/04/01 18.20.46 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Thunderbird
[2010/10/01 13.41.40 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Tific
[2012/08/30 11.04.00 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TomTom
[2014/03/25 20.41.39 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\webssearches
 
========== Purity Check ==========
 
 
 
< End of report >


#5 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 05:58 AM

OTL Extras logfile created on: 28/03/2014 11.33.54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andrea\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 52,97% Memory free
6,20 Gb Paging File | 4,75 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 49,76 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 111,46 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: PC-ANDREA | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EF7D9C-DC52-464E-A491-C715717AE099}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1CCD848A-7001-43B3-9896-6D6354A2906E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1EDDC0A3-595E-4C12-BAB6-9B89C99689D3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3A8F9E84-421E-4662-A15C-D4F816454FDB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4DF487E0-D077-4836-858A-B9B16EBACECA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{629CF1E8-65DF-4EC5-B9FF-B0BA7882F8DA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8FA8533D-BDB8-4D52-90C5-405D3F44F629}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9FD4BD93-70A2-40A8-89F8-FDE24D090154}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B3EDABF0-DD39-4610-B8F0-636C12B14D77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B8594111-876E-48D8-B210-6F6D8DE8AE87}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C5582536-3685-4A33-9397-006A9516F9A5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CD0E2418-1A54-447B-BB32-7A56127CFF83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D56C589D-75B5-4DB3-A6C4-8CEC6C699243}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D815C6FB-EC8D-4371-91E6-10B7D1CF4B8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E1CCFF44-5CE9-4612-80B0-16D46FCC5582}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C76224A-7242-4083-BD23-D59819E17FA2}" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\7zs8583.tmp\symnrt.exe | 
"{2C859476-E99F-4072-8AEA-686043079A63}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{414722DA-FCF7-412A-AE9F-A8786C583738}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5245E5F4-E79E-4B81-A9D8-860CFDF7E5E2}" = protocol=17 | dir=in | app=c:\users\andrea\downloads\pdfconvertersetup.exe | 
"{525CB327-23C3-4724-B674-C00E8AAFD8CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5D030183-943E-436A-AC4C-0FA06CF19BBE}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{7C8B2CA3-A48A-4E15-B53E-1819FFD7104A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{82E07324-6920-4B59-BF6F-7D16540CE5FB}" = protocol=6 | dir=in | app=c:\users\andrea\downloads\pdfconvertersetup.exe | 
"{A1DC64A9-E058-415A-BB3A-E36CB8ECAE5F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{AB1ACFE7-B459-4A11-A676-0FBCF3C31A64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B920E0D6-6BDD-43E8-B47C-88484FE7D766}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B9DDA481-2A23-4083-BB71-AE38FE7FE191}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C12D08D2-BC8D-428E-811F-432966781416}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{C72B5A7E-6FB4-4927-886C-FA794E3F5BC2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D21936DE-DA5D-4E56-84D9-31BBC0811A01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E3AB4B4C-B2E2-4909-A3DA-3812902355B1}" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\7zs27bb.tmp\symnrt.exe | 
"{E3F86092-CA9E-488D-9844-95A8AF7508A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E90BD9C7-6023-4E2D-A565-9306946D4DC4}" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\7zs27bb.tmp\symnrt.exe | 
"{EBE999E3-2268-4159-86C5-3D794CDF1A58}" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\7zs8583.tmp\symnrt.exe | 
"TCP Query User{3B0A4F09-9C5E-444D-91F4-98B9FF0533E1}C:\windows\lmi471d.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi471d.tmp\lmi_rescue.exe | 
"TCP Query User{B2CD1B5E-F3F3-4237-A13E-49BA3A16EDEE}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{D469E673-AE92-4CC3-8F4F-40E88BB7767F}C:\windows\lmi471d.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi471d.tmp\lmi_rescue.exe | 
"UDP Query User{02E5CE00-75D8-4A58-9627-B460C05F3750}C:\windows\lmi471d.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi471d.tmp\lmi_rescue.exe | 
"UDP Query User{BF95ED8E-2B95-47C7-AEB9-34E5B2AF0E02}C:\windows\lmi471d.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi471d.tmp\lmi_rescue.exe | 
"UDP Query User{C49192AC-375B-40CE-A28A-FB32EC7698E4}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/03/2014 12.21.20 | Computer Name = PC-Andrea | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 4  2014-03-27  17:21:20+02:00  pc-andrea  PC-Andrea\Andrea  F-Secure
 Anti-Virus   Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\RE-MARKIT-SOFT\RE-MARKIT157.INI
 was aborted due to exceeded scanning time limit. The file may be in use or reading
 it was too slow (e.g. network connection was under stress).  
 
Error - 27/03/2014 12.21.43 | Computer Name = PC-Andrea | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 5  2014-03-27  17:21:40+02:00  pc-andrea  PC-Andrea\Andrea  F-Secure
 Anti-Virus   Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\F-SECURE\FSAUA\SUBSCRIPTIONS\AVH_MLCWIN
 was aborted due to exceeded scanning time limit. The file may be in use or reading
 it was too slow (e.g. network connection was under stress).  
 
Error - 27/03/2014 12.22.00 | Computer Name = PC-Andrea | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 6  2014-03-27  17:22:00+02:00  pc-andrea  PC-Andrea\Andrea  F-Secure
 Anti-Virus   Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\F-SECURE\FSAUA\SUBSCRIPTIONS\AVH_AVMISC
 was aborted due to exceeded scanning time limit. The file may be in use or reading
 it was too slow (e.g. network connection was under stress).  
 
Error - 27/03/2014 12.22.24 | Computer Name = PC-Andrea | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 7  2014-03-27  17:22:23+02:00  pc-andrea  PC-Andrea\Andrea  F-Secure
 Anti-Virus   Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\F-SECURE\FSAUA\SUBSCRIPTIONS\AVH_AVPE
 was aborted due to exceeded scanning time limit. The file may be in use or reading
 it was too slow (e.g. network connection was under stress).  
 
Error - 27/03/2014 12.27.55 | Computer Name = PC-Andrea | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 8  2014-03-27  17:27:54+02:00  pc-andrea  PC-Andrea\Andrea  F-Secure
 Anti-Virus   Scanning of \DEVICE\HARDDISKVOLUME2\USERS\ANDREA\APPDATA\LOCALLOW\MICROSOFT\CRYPTNETURLCACHE\CONTENT\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0
 was aborted due to exceeded scanning time limit. The file may be in use or reading
 it was too slow (e.g. network connection was under stress).  
 
Error - 27/03/2014 12.31.28 | Computer Name = PC-Andrea | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 9  2014-03-27  17:31:27+02:00  pc-andrea  PC-Andrea\Andrea  F-Secure
 Anti-Virus   Scanning of \DEVICE\HARDDISKVOLUME2\USERS\ANDREA\APPDATA\LOCAL\GOOGLE\CHROME\USER
 DATA\DEFAULT\INDEXEDDB\HTTPS_WWW.GOOGLE.IT_0.INDEXEDDB.LEVELDB\CURRENT was aborted
 due to exceeded scanning time limit. The file may be in use or reading it was too
 slow (e.g. network connection was under stress).  
 
Error - 27/03/2014 12.51.55 | Computer Name = PC-Andrea | Source = Application Hang | ID = 1002
Description = Il programma adwcleaner-3-012-52716-it-setup.exe versione 0.0.0.0 
non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili
 ulteriori informazioni sul problema, verificare la cronologia del problema in Segnalazioni
 di problemi e soluzioni nel Pannello di controllo.  ID processo: 2928  Ora di avvio:
 01cf49d986f8aa00  Ora di chiusura: 4
 
Error - 27/03/2014 13.15.07 | Computer Name = PC-Andrea | Source = VSS | ID = 8194
Description = 
 
Error - 27/03/2014 13.59.56 | Computer Name = PC-Andrea | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore PluginService.exe, versione 
13.27.0.81, timestamp 0x532696c6, modulo che ha generato l'errore DpInterface32.dll,
 versione 3.0.2.3417, timestamp 0x5315b066, codice eccezione 0xc0000005, offset 
errore 0x00098dae,  ID processo 0x7d0, data e ora di avvio dell'applicazione 0x01cf49d590196408.
 
Error - 27/03/2014 19.51.42 | Computer Name = PC-Andrea | Source = EventSystem | ID = 4621
Description = 
 
[ OSession Events ]
Error - 05/10/2010 12.10.49 | Computer Name = PC-Andrea | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 583
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 16/08/2008 3.24.35 | Computer Name = PC-Andrea | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 16/08/2008 3.25.40 | Computer Name = PC-Andrea | Source = DCOM | ID = 10010
Description = 
 
Error - 18/08/2008 13.23.06 | Computer Name = PC-Andrea | Source = HTTP | ID = 15016
Description = 
 
Error - 18/08/2008 13.23.41 | Computer Name = PC-Andrea | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18/08/2008 13.23.41 | Computer Name = PC-Andrea | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 18/08/2008 13.28.47 | Computer Name = PC-Andrea | Source = DCOM | ID = 10005
Description = 
 
Error - 18/08/2008 13.28.47 | Computer Name = PC-Andrea | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 18/08/2008 13.28.47 | Computer Name = PC-Andrea | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18/08/2008 13.28.47 | Computer Name = PC-Andrea | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 18/08/2008 13.28.47 | Computer Name = PC-Andrea | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >


#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:13 PM

Posted 28 March 2014 - 06:27 AM

Hello ceciliat,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 09:56 AM

Dear Jo,

I've scanned my pc with the tools you told me before.

No results appears!

 

Nor Malwarebytes Anti-Rootkit neither Adwcleaner come to realize what happen to my pc.

 

The only logs in which I've found the voice I was searching for  are OTL and the first report I sent you by DDS sUBs.

Thus istart.webssearch and speedial were scanned by the tools and recorded in those files.

 

For example in OTL report I've seen them here:

 

========== Internet Explorer ==========
 

 

This may not necessary identify what I'm trying to kill

Could you please tell me what this means ?

I really wish to uproot it from my system!

Thanks in advance



#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:13 PM

Posted 28 March 2014 - 10:10 AM

Please post the AdwCleaner log.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 10:18 AM

# AdwCleaner v3.022 - Report created 28/03/2014 at 16:09:16
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Andrea - PC-ANDREA
# Running from : C:\Users\Andrea\Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16540
 
 
-\\ Mozilla Firefox v12.0 (it)
 
[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6728 octets] - [27/03/2014 19:25:34]
AdwCleaner[R1].txt - [1203 octets] - [28/03/2014 15:35:27]
AdwCleaner[S0].txt - [7021 octets] - [27/03/2014 19:26:45]
AdwCleaner[S1].txt - [1128 octets] - [28/03/2014 16:09:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1188 octets] ##########


#10 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:13 PM

Posted 28 March 2014 - 10:21 AM

Hello ceciliat,

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 10:24 AM

Just a question

Why it need to repeat the operation on and on 

Isn't possible to pick them manually?



#12 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 10:35 AM

JRT report
 
 
 
 
# AdwCleaner v3.022 - Report created 27/03/2014 at 19:26:45
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Andrea - PC-ANDREA
# Running from : C:\Users\Andrea\Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : IePluginService
Service Deleted : Re-markit
Service Deleted : Wpm
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\IePluginService
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\MediaPlayerplus
Folder Deleted : C:\Program Files\Plus-HD-9.5
Folder Deleted : C:\Users\Andrea\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Andrea\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\Extensions\quick_start@gmail.com
File Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\searchplugins\bingp.xml
File Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\user.js
File Deleted : C:\Windows\Tasks\Re-markit Update.job
File Deleted : C:\Windows\System32\Tasks\Re-markit Update
File Deleted : C:\Windows\Tasks\MediaPlayerplus-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\MediaPlayerplus-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-9.5-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-9.5-chromeinstaller
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A022A5A-0A2C-40AA-9445-88236A98808F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A022A5A-0A2C-40AA-9445-88236A98808F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C87EA17-C993-4C4C-AB3A-07CC8002418E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C87EA17-C993-4C4C-AB3A-07CC8002418E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4AB246C-DFD3-41A6-B5A7-5F3D9FB716ED}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AB246C-DFD3-41A6-B5A7-5F3D9FB716ED}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\Software\MediaPlayerplus
Key Deleted : HKLM\Software\Plus-HD-9.5
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MediaPlayerplus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-9.5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16540
 
 
-\\ Mozilla Firefox v12.0 (it)
 
[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6728 octets] - [27/03/2014 19:25:34]
AdwCleaner[S0].txt - [6881 octets] - [27/03/2014 19:26:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6941 octets] ##########


#13 ceciliat

ceciliat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 28 March 2014 - 10:51 AM

OTL REPORT
 
 
 
 
 
# AdwCleaner v3.022 - Report created 27/03/2014 at 19:26:45
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Andrea - PC-ANDREA
# Running from : C:\Users\Andrea\Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : IePluginService
Service Deleted : Re-markit
Service Deleted : Wpm
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\IePluginService
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\MediaPlayerplus
Folder Deleted : C:\Program Files\Plus-HD-9.5
Folder Deleted : C:\Users\Andrea\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Andrea\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\Extensions\quick_start@gmail.com
File Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\searchplugins\bingp.xml
File Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\user.js
File Deleted : C:\Windows\Tasks\Re-markit Update.job
File Deleted : C:\Windows\System32\Tasks\Re-markit Update
File Deleted : C:\Windows\Tasks\MediaPlayerplus-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\MediaPlayerplus-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-9.5-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-9.5-chromeinstaller
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A022A5A-0A2C-40AA-9445-88236A98808F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A022A5A-0A2C-40AA-9445-88236A98808F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C87EA17-C993-4C4C-AB3A-07CC8002418E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C87EA17-C993-4C4C-AB3A-07CC8002418E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4AB246C-DFD3-41A6-B5A7-5F3D9FB716ED}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AB246C-DFD3-41A6-B5A7-5F3D9FB716ED}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\Software\MediaPlayerplus
Key Deleted : HKLM\Software\Plus-HD-9.5
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MediaPlayerplus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-9.5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16540
 
 
-\\ Mozilla Firefox v12.0 (it)
 
[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\fy1n5y3v.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6728 octets] - [27/03/2014 19:25:34]
AdwCleaner[S0].txt - [6881 octets] - [27/03/2014 19:26:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6941 octets] ##########


#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:13 PM

Posted 28 March 2014 - 11:07 AM

What you posted in your last 2 messages is a one day old AdwCleaner report.

Now please post the JRT and OTL logs.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:13 PM

Posted 03 April 2014 - 02:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users