Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continually opening advertising


  • This topic is locked This topic is locked
20 replies to this topic

#1 mrbara

mrbara

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 18 June 2014 - 11:19 AM

I have windows vista and when I surf on internet or when i work on my pc the advertising opens itself on my pc. I have McAfee but this doesn't find nothing. I think that this is a malware but i don't know how remove it. I followed the guide "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and I download DDS and i ran it.
Below there is DDS.txt while like attachment there is attach.txt
 
 
DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16555  BrowserJavaVersion: 10.11.2
Run by Matteo at 17:40:40 on 2014-06-18
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.39.1040.18.3030.1470 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\ProgramData\IePluginService\PluginService.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\ProgramData\WPM\wprotectmanager.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\dldtserv.exe
C:\Windows\system32\dldtcoms.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
C:\Program Files\Re-markit-soft\Re-markitBC170.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Re-markit-soft\Re-markitw.exe
C:\Program Files\MPlayerplus_01\MPlayerplus_01-nova.exe
C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe
C:\Windows\system32\taskeng.exe
C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe
C:\Program Files\Pl-usHD\Pl-usHD-nova.exe
C:\Windows\System32\jmdp\stij.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\fst_it_118\fst_it_118.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Matteo\AppData\Local\bVJGsga\bVJGsga.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
uDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
mStart Page = hxxp://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
mSearch Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
mDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
mDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
uProxyServer = hxxp=127.0.0.1:14247;https=127.0.0.1:14247
mSearchAssistant = hxxp://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
mCustomizeSearch = hxxp://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files\suptab\SupTab.dll
BHO: Re-markit: {4232F406-A0E7-9E2B-E39F-3E6DED20182B} - c:\program files\re-markit-soft\170.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [bvjgsga] "c:\users\matteo\appdata\local\bvjgsga\bvjgsga.exe" /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [fst_it_118] "c:\program files\fst_it_118\fst_it_118.exe"
mRunOnce: [upfst_it_118.exe] c:\users\matteo\appdata\local\fst_it_118\upfst_it_118.exe -runonce
StartupFolder: c:\users\matteo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\matteo\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\matteo\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{472709E8-76B7-4909-B776-77F04D872687} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B77076C5-E87F-4D3C-B49D-C2E0206471FB} : DHCPNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-5-20 81920]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-14 36392]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-7-9 98984]
R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-6-3 1863984]
R2 IePluginService;IePlugin Service;c:\programdata\iepluginservice\pluginservice.exe -service --> c:\programdata\iepluginservice\PluginService.exe -service [?]
R2 IePluginServices;IePlugin Services;c:\programdata\iepluginservices\pluginservice.exe -service --> c:\programdata\iepluginservices\PluginService.exe -service [?]
R2 NewPlayerUpdaterService;NewPlayer Updater Service;c:\program files\newplayer\NewPlayerUpdaterService.exe [2014-4-16 11776]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104264]
R2 Re-markit;Re-markit;c:\program files\re-markit-soft\Re-markitBC170.exe [2014-5-20 180736]
R2 Wpm;Wpm Service;c:\programdata\wpm\wprotectmanager.exe -service --> c:\programdata\wpm\wprotectmanager.exe -service [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-5-20 135936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-20 112128]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-5-20 212992]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-3-6 133632]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-5-6 274048]
S2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-5-20 68608]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-5-20 68608]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]
S3 WPFFontCache_v0400;Cache tipi di carattere Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-06-18 15:01:11 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2a7dbf71-4896-463d-91a5-f9909b4cebfc}\offreg.dll
2014-06-13 08:16:14 -------- d-----w- c:\users\matteo\appdata\roaming\337Games
2014-06-13 08:16:07 -------- d-----w- c:\programdata\IePluginServices
2014-06-07 12:42:54 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2cd83c7c-ef1c-485c-926d-0d9c6e6c0b4e}\gapaengine.dll
2014-06-07 12:40:16 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2a7dbf71-4896-463d-91a5-f9909b4cebfc}\mpengine.dll
2014-06-04 16:41:27 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-25 17:48:29 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-25 13:06:55 -------- d-----w- c:\users\matteo\appdata\local\temp
2014-05-25 11:54:53 -------- d-----w- c:\users\matteo\appdata\local\SearchProtect
2014-05-25 11:52:02 -------- d-----w- c:\users\matteo\appdata\roaming\TeamViewer
2014-05-25 11:18:21 -------- d-----w- c:\program files\CCleaner
2014-05-20 09:08:44 -------- d-----w- c:\users\matteo\appdata\local\Apps
2014-05-20 08:07:43 -------- d-----w- c:\users\matteo\appdata\local\com
2014-05-20 08:06:43 -------- d-----w- c:\users\matteo\appdata\local\newplayer
2014-05-20 08:06:33 -------- d-----w- c:\users\matteo\appdata\roaming\VOPackage
2014-05-20 08:05:30 -------- d-----w- c:\users\matteo\appdata\roaming\Optimizer Pro
2014-05-20 08:05:11 -------- d-----w- c:\users\matteo\appdata\roaming\SupTab
2014-05-20 08:05:07 -------- d-----w- c:\users\matteo\appdata\roaming\Activeris
2014-05-20 08:05:06 -------- d-----w- c:\programdata\IePluginService
2014-05-20 08:04:56 -------- d-----w- c:\program files\SupTab
2014-05-20 08:04:33 -------- d-----w- c:\program files\MPlayerplus_01
2014-05-20 08:04:30 -------- d-----w- c:\programdata\WPM
2014-05-20 08:04:20 -------- d-----w- c:\programdata\Activeris
2014-05-20 08:04:19 -------- d-----w- c:\program files\NewPlayer
2014-05-20 08:04:18 -------- d-----w- c:\users\matteo\appdata\local\globalUpdate
2014-05-20 08:04:18 -------- d-----w- c:\program files\globalUpdate
2014-05-20 08:04:01 -------- d-----w- c:\program files\MyPC Backup
2014-05-20 08:03:57 -------- d-----w- c:\users\matteo\appdata\roaming\webssearches
2014-05-20 08:03:56 16384 ----a-w- c:\windows\system32\acrisnative32.exe
2014-05-20 08:03:56 -------- d-----w- c:\program files\Activeris AntiMalware
2014-05-20 08:03:49 -------- d-----w- c:\program files\Pl-usHD
2014-05-20 08:03:14 -------- d-----w- c:\program files\Optimizer Pro
2014-05-20 08:03:03 -------- d-----w- c:\users\matteo\appdata\local\fst_it_118
2014-05-20 08:03:00 -------- d-----w- c:\program files\fst_it_118
2014-05-20 08:02:22 -------- d-----w- c:\program files\Re-markit-soft
2014-05-20 08:02:15 -------- d-----w- c:\users\matteo\appdata\local\bVJGsga
.
==================== Find3M  ====================
.
2014-06-15 12:36:53 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-15 12:36:52 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-28 16:39:36 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-05-28 16:32:59 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-05-28 16:32:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-28 16:30:53 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-05-28 16:30:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-28 16:29:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-28 16:29:27 11776 ----a-w- c:\windows\system32\mshta.exe
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
2014-04-15 00:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-13 14:40:56 1863984 ----a-w- c:\windows\system32\dmwu.exe
2014-04-13 14:37:28 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2014-04-06 10:24:56 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-04-06 10:24:56 632656 ----a-w- c:\windows\system32\msvcr80.dll
2014-04-06 10:24:56 554832 ----a-w- c:\windows\system32\msvcp80.dll
2014-04-06 10:24:56 479232 ----a-w- c:\windows\system32\msvcm80.dll
2014-04-06 10:24:56 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-04-05 03:23:10 915392 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-05 01:49:23 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 17.41.27,16 ===============
 


BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 18 June 2014 - 05:37 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 mrbara

mrbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 19 June 2014 - 12:43 PM

Hi Pystryker, thanks for your instructions. I ran FRST.exe and below there are files.
 
FRST.TXT :
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by Matteo (administrator) on PC-MATTEO on 19-06-2014 18:51:55
Running from C:\Users\Matteo\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dldtserv.exe
( ) C:\Windows\System32\dldtcoms.exe
() C:\Windows\System32\dmwu.exe
() C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
() C:\Program Files\Re-markit-soft\Re-markitBC170.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
() C:\Program Files\Re-markit-soft\Re-markitw.exe
(Activeris) C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe
() C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe
() C:\Windows\System32\jmdp\stij.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
() C:\Program Files\Dell V305\dldtmon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\fst_it_118\fst_it_118.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Matteo\AppData\Local\bVJGsga\bVJGsga.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Dell V305\dldtmsdmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1422632 2008-12-01] (Synaptics, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [dldtmon.exe] => C:\Program Files\Dell V305\dldtmon.exe [668912 2008-06-24] ()
HKLM\...\Run: [dldtamon] => C:\Program Files\Dell V305\dldtamon.exe [16624 2008-06-24] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-20] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [fst_it_118] => C:\Program Files\fst_it_118\fst_it_118.exe [3982800 2014-05-19] ()
HKLM\...\RunOnce: [upfst_it_118.exe] - C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe -runonce [3267568 2014-05-19] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-273196513-1318440332-801156109-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-273196513-1318440332-801156109-1000\...\Run: [bvjgsga] => c:\users\matteo\appdata\local\bvjgsga\bvjgsga.exe [2809856 2014-05-20] ()
Startup: C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matteo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14247;https=127.0.0.1:14247
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?type=sc&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Re-markit - {4232F406-A0E7-9E2B-E39F-3E6DED20182B} - C:\Program Files\Re-markit-soft\170.dll ()
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_126.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - c:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [{58167137-F08E-F867-44D8-3189AA654B6F}] - C:\Program Files\Re-markit-soft\170.xpi
FF Extension: Re-markit - C:\Program Files\Re-markit-soft\170.xpi [2014-05-20]
 
Chrome: 
=======
CHR HomePage: hxxp://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
CHR StartupUrls: "hxxp://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX"
CHR DefaultSearchKeyword: delta-homes
CHR DefaultSearchProvider: delta-homes
CHR DefaultNewTabURL: 
CHR Extension: (Documenti Google) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25]
CHR Extension: (Google Drive) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-22]
CHR Extension: (Ricerca Google) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-22]
CHR Extension: (MPlayerplus_01) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-22]
CHR HKLM\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx [2014-06-13]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\jmdp\SweetNT.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-06-13]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-20]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=sc&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
 
========================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-20] (Andrea Electronics Corporation)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [2900424 2014-05-20] ()
R2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [98984 2009-07-09] ()
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [595184 2008-02-25] ( )
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-20] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-20] (globalUpdate) [File not signed]
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1863984 2014-04-13] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NewPlayerUpdaterService; C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-04-16] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Re-markit; C:\Program Files\Re-markit-soft\Re-markitBC170.exe [180736 2014-05-20] () [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-20] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED)
 
==================== Drivers (Whitelisted) ====================
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [274048 2009-05-06] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Matteo\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-19 18:51 - 2014-06-19 18:52 - 00019556 _____ () C:\Users\Matteo\Desktop\FRST.txt
2014-06-19 18:51 - 2014-06-19 18:51 - 00000000 ____D () C:\FRST
2014-06-19 18:43 - 2014-06-19 18:43 - 01072128 _____ (Farbar) C:\Users\Matteo\Desktop\FRST.exe
2014-06-18 17:41 - 2014-06-18 17:41 - 00018082 _____ () C:\Users\Matteo\Desktop\dds.txt
2014-06-18 17:41 - 2014-06-18 17:41 - 00006772 _____ () C:\Users\Matteo\Desktop\attach.txt
2014-06-18 17:34 - 2014-06-18 17:35 - 00688992 ____R (Swearware) C:\Users\Matteo\Desktop\dds.com
2014-06-15 14:44 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-15 14:44 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-15 14:44 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-15 14:44 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-15 14:44 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-15 14:44 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-15 14:44 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-15 14:44 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-15 14:44 - 2014-04-05 05:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-15 14:44 - 2014-04-05 03:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-15 14:44 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-15 14:44 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-15 14:43 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-15 14:43 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-15 14:43 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-15 14:43 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-15 14:43 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-15 14:43 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-15 14:43 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-15 14:43 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-15 14:43 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-15 14:43 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-15 14:22 - 2014-06-15 14:22 - 00000310 _____ () C:\Windows\PFRO.log
2014-06-13 10:16 - 2014-06-13 10:16 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-06-13 10:16 - 2014-06-13 10:16 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\337Games
2014-06-13 10:16 - 2014-06-13 10:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-07 14:30 - 2014-06-07 14:30 - 00998400 _____ () C:\Users\Matteo\Downloads\setup.exe
2014-05-30 17:32 - 2014-05-30 17:32 - 00499544 _____ () C:\Users\Matteo\Downloads\Player Setup (2).exe
2014-05-30 17:31 - 2014-05-30 17:31 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup (1).exe
2014-05-30 17:30 - 2014-05-30 17:31 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup.exe
2014-05-27 19:22 - 2014-05-27 19:22 - 00000000 ____D () C:\Users\Matteo\Desktop\Rimozione Malware(NON CANCELLARE)
2014-05-25 19:42 - 2014-05-25 19:44 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-25 14:40 - 2014-05-25 19:44 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 14:23 - 2014-05-25 14:23 - 06210304 _____ (TeamViewer GmbH) C:\Users\Matteo\Downloads\TeamViewer_Setup_it.exe
2014-05-25 13:54 - 2014-05-25 13:54 - 00000000 ____D () C:\Users\Matteo\AppData\Local\SearchProtect
2014-05-25 13:52 - 2014-05-25 13:52 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\TeamViewer
2014-05-25 13:18 - 2014-05-25 13:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 13:13 - 2014-05-25 13:14 - 04765152 _____ (Piriform Ltd) C:\Users\Matteo\Downloads\ccsetup411.exe
2014-05-20 11:08 - 2014-05-20 11:08 - 00000000 ____D () C:\Users\Matteo\AppData\Local\Apps\2.0
2014-05-20 10:08 - 2014-06-19 18:19 - 00001530 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.job
2014-05-20 10:08 - 2014-06-19 18:19 - 00001422 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.job
2014-05-20 10:07 - 2014-06-19 18:24 - 00001376 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7.job
2014-05-20 10:07 - 2014-06-19 18:19 - 00002248 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.job
2014-05-20 10:07 - 2014-06-19 18:19 - 00001470 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5.job
2014-05-20 10:07 - 2014-06-19 18:19 - 00001442 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6.job
2014-05-20 10:07 - 2014-06-19 18:19 - 00001434 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1.job
2014-05-20 10:07 - 2014-06-19 18:19 - 00001352 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-1.job
2014-05-20 10:07 - 2014-06-19 18:19 - 00001348 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2.job
2014-05-20 10:07 - 2014-05-20 10:07 - 00000000 ____D () C:\Users\Matteo\AppData\Local\com
2014-05-20 10:06 - 2014-06-19 18:19 - 00002328 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4.job
2014-05-20 10:06 - 2014-06-19 18:19 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\VOPackage
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Local\newplayer
2014-05-20 10:05 - 2014-06-19 18:24 - 00001290 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-7.job
2014-05-20 10:05 - 2014-06-19 18:19 - 00003792 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.job
2014-05-20 10:05 - 2014-06-19 18:18 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-20 10:05 - 2014-05-20 10:06 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\Documents\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\SupTab
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Activeris
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-20 10:04 - 2014-06-19 18:19 - 00001356 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-6.job
2014-05-20 10:04 - 2014-06-13 10:16 - 00000000 ____D () C:\Program Files\SupTab
2014-05-20 10:04 - 2014-06-13 10:15 - 00000000 ____D () C:\ProgramData\WPM
2014-05-20 10:04 - 2014-05-21 09:43 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-20 10:04 - 2014-05-20 10:08 - 00000000 ____D () C:\Program Files\MPlayerplus_01
2014-05-20 10:04 - 2014-05-20 10:06 - 00000000 ____D () C:\Program Files\NewPlayer
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\Users\Matteo\AppData\Local\globalUpdate
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\ProgramData\Activeris
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-20 10:03 - 2014-06-18 17:34 - 00000000 ____D () C:\Users\Matteo\AppData\Local\fst_it_118
2014-05-20 10:03 - 2014-05-20 10:07 - 00000000 ____D () C:\Program Files\Pl-usHD
2014-05-20 10:03 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-05-20 10:03 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\Activeris AntiMalware
2014-05-20 10:03 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\fst_it_118
2014-05-20 10:03 - 2012-09-26 19:03 - 00016384 _____ () C:\Windows\system32\acrisnative32.exe
2014-05-20 10:02 - 2014-06-19 18:43 - 00000000 ____D () C:\Users\Matteo\AppData\Local\bVJGsga
2014-05-20 10:02 - 2014-06-19 18:23 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-05-20 10:02 - 2014-06-19 18:18 - 00000364 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-05-20 10:02 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\Re-markit-soft
2014-05-20 10:02 - 2014-05-20 10:02 - 00000270 __RSH () C:\ProgramData\ntuser.pol
 
==================== One Month Modified Files and Folders =======
 
2014-06-19 18:52 - 2014-06-19 18:51 - 00019556 _____ () C:\Users\Matteo\Desktop\FRST.txt
2014-06-19 18:51 - 2014-06-19 18:51 - 00000000 ____D () C:\FRST
2014-06-19 18:49 - 2009-05-20 10:50 - 01932802 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 18:49 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 18:49 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 18:43 - 2014-06-19 18:43 - 01072128 _____ (Farbar) C:\Users\Matteo\Desktop\FRST.exe
2014-06-19 18:43 - 2014-05-20 10:02 - 00000000 ____D () C:\Users\Matteo\AppData\Local\bVJGsga
2014-06-19 18:34 - 2013-01-22 20:26 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 18:32 - 2013-01-22 20:26 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 18:24 - 2014-05-20 10:07 - 00001376 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7.job
2014-06-19 18:24 - 2014-05-20 10:05 - 00001290 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-7.job
2014-06-19 18:23 - 2014-05-20 10:02 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-06-19 18:19 - 2014-05-20 10:08 - 00001530 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.job
2014-06-19 18:19 - 2014-05-20 10:08 - 00001422 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.job
2014-06-19 18:19 - 2014-05-20 10:07 - 00002248 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.job
2014-06-19 18:19 - 2014-05-20 10:07 - 00001470 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5.job
2014-06-19 18:19 - 2014-05-20 10:07 - 00001442 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6.job
2014-06-19 18:19 - 2014-05-20 10:07 - 00001434 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1.job
2014-06-19 18:19 - 2014-05-20 10:07 - 00001352 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-1.job
2014-06-19 18:19 - 2014-05-20 10:07 - 00001348 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2.job
2014-06-19 18:19 - 2014-05-20 10:06 - 00002328 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4.job
2014-06-19 18:19 - 2014-05-20 10:06 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-06-19 18:19 - 2014-05-20 10:05 - 00003792 _____ () C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.job
2014-06-19 18:19 - 2014-05-20 10:04 - 00001356 _____ () C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-6.job
2014-06-19 18:18 - 2014-05-20 10:05 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-19 18:18 - 2014-05-20 10:02 - 00000364 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-06-18 17:41 - 2014-06-18 17:41 - 00018082 _____ () C:\Users\Matteo\Desktop\dds.txt
2014-06-18 17:41 - 2014-06-18 17:41 - 00006772 _____ () C:\Users\Matteo\Desktop\attach.txt
2014-06-18 17:35 - 2014-06-18 17:34 - 00688992 ____R (Swearware) C:\Users\Matteo\Desktop\dds.com
2014-06-18 17:34 - 2014-05-20 10:03 - 00000000 ____D () C:\Users\Matteo\AppData\Local\fst_it_118
2014-06-18 17:31 - 2013-01-22 20:26 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 17:00 - 2013-01-28 23:41 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-06-18 17:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 16:56 - 2006-11-02 15:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-18 16:40 - 2009-05-20 16:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-15 14:50 - 2013-07-30 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 14:39 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-15 14:36 - 2013-01-22 20:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-15 14:36 - 2013-01-22 20:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-15 14:22 - 2014-06-15 14:22 - 00000310 _____ () C:\Windows\PFRO.log
2014-06-13 10:16 - 2014-06-13 10:16 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-06-13 10:16 - 2014-06-13 10:16 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\337Games
2014-06-13 10:16 - 2014-06-13 10:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-13 10:16 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\SupTab
2014-06-13 10:15 - 2014-05-20 10:04 - 00000000 ____D () C:\ProgramData\WPM
2014-06-07 14:30 - 2014-06-07 14:30 - 00998400 _____ () C:\Users\Matteo\Downloads\setup.exe
2014-05-30 17:32 - 2014-05-30 17:32 - 00499544 _____ () C:\Users\Matteo\Downloads\Player Setup (2).exe
2014-05-30 17:31 - 2014-05-30 17:31 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup (1).exe
2014-05-30 17:31 - 2014-05-30 17:30 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup.exe
2014-05-28 18:48 - 2014-06-15 14:43 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-15 14:43 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-15 14:43 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-15 14:44 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-15 14:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-15 14:43 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-15 14:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-15 14:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-15 14:44 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-15 14:44 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-15 14:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-15 14:43 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-15 14:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-15 14:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-15 14:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-15 14:44 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-15 14:44 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:29 - 2014-06-15 14:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-15 14:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-15 14:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:28 - 2014-06-15 14:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-27 19:22 - 2014-05-27 19:22 - 00000000 ____D () C:\Users\Matteo\Desktop\Rimozione Malware(NON CANCELLARE)
2014-05-25 19:44 - 2014-05-25 19:42 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-25 19:44 - 2014-05-25 14:40 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 15:06 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-25 15:06 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-25 15:04 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-25 14:23 - 2014-05-25 14:23 - 06210304 _____ (TeamViewer GmbH) C:\Users\Matteo\Downloads\TeamViewer_Setup_it.exe
2014-05-25 13:58 - 2013-01-22 20:27 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 13:54 - 2014-05-25 13:54 - 00000000 ____D () C:\Users\Matteo\AppData\Local\SearchProtect
2014-05-25 13:52 - 2014-05-25 13:52 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\TeamViewer
2014-05-25 13:22 - 2013-01-28 23:11 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\DAEMON Tools Pro
2014-05-25 13:22 - 2013-01-22 20:05 - 00000000 ____D () C:\Users\Matteo\Tracing
2014-05-25 13:22 - 2008-04-14 17:13 - 00000000 ____D () C:\Windows\Panther
2014-05-25 13:18 - 2014-05-25 13:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 13:14 - 2014-05-25 13:13 - 04765152 _____ (Piriform Ltd) C:\Users\Matteo\Downloads\ccsetup411.exe
2014-05-21 13:32 - 2008-01-21 08:31 - 01604736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 13:32 - 2008-01-21 08:30 - 00714702 _____ () C:\Windows\system32\perfh010.dat
2014-05-21 13:32 - 2008-01-21 08:30 - 00143050 _____ () C:\Windows\system32\perfc010.dat
2014-05-21 09:43 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-20 11:08 - 2014-05-20 11:08 - 00000000 ____D () C:\Users\Matteo\AppData\Local\Apps\2.0
2014-05-20 10:08 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\MPlayerplus_01
2014-05-20 10:07 - 2014-05-20 10:07 - 00000000 ____D () C:\Users\Matteo\AppData\Local\com
2014-05-20 10:07 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\Pl-usHD
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\VOPackage
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Local\newplayer
2014-05-20 10:06 - 2014-05-20 10:05 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-20 10:06 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\NewPlayer
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\Documents\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\SupTab
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Activeris
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\Users\Matteo\AppData\Local\globalUpdate
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\ProgramData\Activeris
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-20 10:04 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-05-20 10:04 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\Activeris AntiMalware
2014-05-20 10:03 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\fst_it_118
2014-05-20 10:03 - 2014-05-20 10:02 - 00000000 ____D () C:\Program Files\Re-markit-soft
2014-05-20 10:03 - 2013-01-22 06:06 - 00001179 _____ () C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-20 10:02 - 2014-05-20 10:02 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-05-20 10:02 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
 
Some content of TEMP:
====================
C:\Users\Matteo\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxyofr7.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 17:06
 
==================== End Of Log ============================
 
ADDITION.TXT : 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-06-2014
Ran by Matteo at 2014-06-19 18:52:38
Running from C:\Users\Matteo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
337 GAMES (HKCU\...\337Games) (Version: 1.1.1.0 - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Activeris AntiMalware (HKLM\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris) <==== ATTENTION
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.126 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AA1000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assistente per l'accesso a Windows Live (HKLM\...\{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}) (Version: 5.000.818.6 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Software di supporto) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 12.0.1.0 - Synaptics)
Dell V305 (HKLM\...\Dell V305) (Version:  - Dell, Inc.)
Dell Video Chat (HKLM\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.02.06 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Dropbox (HKCU\...\Dropbox) (Version: 2.7.54 - Dropbox, Inc.)
eMule (HKLM\...\eMule) (Version:  - )
fst_it_118 (HKLM\...\fst_it_118_is1) (Version:  - FreeSoftToday) <==== ATTENTION
Genesis (HKCU\...\bvjgsga) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.25.0 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
IB Updater Service (HKLM\...\WNLT) (Version: 5.0.8.9 - ) <==== ATTENTION
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Integrated Webcam Driver (1.04.01.0601)   (HKLM\...\Creative OA008) (Version: 1.04.01.0601 - Creative Technology Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM\...\{0110EF3B-85D7-4365-B585-4C521CFA9064}) (Version: 4.7.0002 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 38 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216038FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.2303.1 - Creative Technology Ltd)
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano) (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ita) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{34A08914-7A33-4040-A959-1577BF5AFF8A}) (Version: 9.7.0621 - Microsoft Corporation)
MPlayerplus_01 (HKLM\...\MPlayerplus_01) (Version: 1.34.5.12 - Freeven) <==== ATTENTION
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.7 - ) <==== ATTENTION
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Pl-usHD (HKLM\...\Pl-usHD) (Version: 1.34.5.12 - P-lusyHDc1)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.13 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Re-markit (HKLM\...\54151819-959C-CF37-56D1-E5FCB816F2FC) (Version:  - Re-markit-software) <==== ATTENTION
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Strumento di caricamento di Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Supporto applicazioni Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
Sweetpacks Bundle Uninstaller (HKLM\...\Sweetpacks Bundle Uninstaller) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0410-0000-0000000FF1CE}_Office14.PROPLUS_{BC402055-F185-4D14-A664-12ED2EF8B5B6}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0410-0000-0000000FF1CE}_Office14.PROPLUS_{9FD4ABF7-0359-4953-BAC8-0F99C873797E}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{290F0D57-2D8C-4A17-8230-F12263173812}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
25-05-2014 17:44:44 ComboFix created restore point
29-05-2014 08:13:36 Windows Update
01-06-2014 14:49:57 Windows Update
04-06-2014 16:36:43 Windows Update
15-06-2014 12:28:44 Windows Update
18-06-2014 14:36:30 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 12:23 - 2014-05-25 15:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01FE0473-E102-490A-8331-0AD1AA1499E8} - System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5 => C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5.exe [2014-05-20] (P-lusyHDc1)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25A58EDF-889E-46B4-8640-8FDACDB5033C} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.exe [2014-05-20] (Freeven)
Task: {2CA7C371-D69D-45C4-952E-4E1EB96766A8} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-20] (globalUpdate) <==== ATTENTION
Task: {31360122-D4C6-49C1-8A98-6EB06B3FCD76} - System32\Tasks\Re-markit Update => C:\Program Files\Re-markit-soft\Re-markitV37.exe [2014-05-20] () <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {333EA61F-EAB7-44E7-A6C7-22E015A2CC70} - System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2 => C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2.exe [2014-05-20] (P-lusyHDc1)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F3A8FD0-0F8B-4AD6-962D-EAAA15C9C5CE} - System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-1 => C:\Program Files\Pl-usHD\Pl-usHD-codedownloader.exe [2014-05-20] (P-lusyHDc1)
Task: {401E4408-63D6-427D-8010-F9D1B25F9259} - System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-7 => C:\Program Files\Pl-usHD\Pl-usHD-nova.exe [2014-05-20] (P-lusyHDc1)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {50C10081-677F-400E-900E-8AAD6B6441F6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-28] ()
Task: {5ABC494F-A6C6-42AA-BD7C-DB9E2C67DDB2} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)
Task: {67CE7669-6C23-4FFB-BC53-A8642C6A4840} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris) <==== ATTENTION
Task: {6A6E5C5E-C6CD-4D0A-9453-7E2911C31347} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-nova.exe [2014-05-20] (Freeven)
Task: {6CD0822F-3353-433D-AAFF-3122DA90F702} - System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4 => C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4.exe [2014-05-20] (P-lusyHDc1)
Task: {6D5C0221-CE77-443D-BA51-4D407B0DB4E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {6E32F86E-F673-4364-81BE-8E08066E5746} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-15] (Adobe Systems Incorporated)
Task: {7124BB3F-4CBF-4FA8-8BE4-1ECC6DA1A730} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7E446199-DDF8-4075-A34C-BB9CBA9D01EF} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe [2014-05-20] (Freeven)
Task: {8B56ED12-C53B-4324-9503-BCE2CA808604} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {8E0A0BAA-A181-4156-B45D-199103B85E68} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.exe [2014-05-20] (Freeven)
Task: {966379B8-1964-400D-82C5-A54476FEE62E} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.exe [2014-05-20] (Freeven)
Task: {A2870D40-698C-40DD-A045-68080F43C0F2} - System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-6 => C:\Program Files\Pl-usHD\Pl-usHD-novainstaller.exe [2014-05-20] (P-lusyHDc1)
Task: {B3F95023-A953-43FF-BD12-29CABB61D998} - System32\Tasks\Re-markit_wd => C:\Program Files\Re-markit-soft\Re-markitw.exe [2014-05-20] () <==== ATTENTION
Task: {C93A2131-1E23-4696-BD4D-6AB614919407} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.exe [2014-05-20] (Freeven)
Task: {CED86862-8BAA-46E6-96E9-65412495689D} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-20] (globalUpdate) <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E5DE9370-45E7-4BBC-A137-2B1EBA5CC2D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {EC9F5B5D-C4EC-4868-A239-9D9740F147C5} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-novainstaller.exe [2014-05-20] (Freeven)
Task: {F0951A02-29DC-407E-AD18-1B859E99EA3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-novainstaller.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-nova.exe
Task: C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-1.job => C:\Program Files\Pl-usHD\Pl-usHD-codedownloader.exe
Task: C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2.job => C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2.exe
Task: C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4.job => C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4.exe
Task: C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5.job => C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5.exe
Task: C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-6.job => C:\Program Files\Pl-usHD\Pl-usHD-novainstaller.exe
Task: C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-7.job => C:\Program Files\Pl-usHD\Pl-usHD-nova.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files\Re-markit-soft\Re-markitV37.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files\Re-markit-soft\Re-markitw.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2009-05-20 16:09 - 2008-12-22 12:34 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-05-20 16:09 - 2008-12-22 12:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2013-01-31 19:38 - 2008-02-13 13:49 - 00115200 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-14 16:00 - 2014-03-14 16:00 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2009-07-09 19:48 - 2009-07-09 19:48 - 00098984 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dldtserv.exe
2013-06-03 09:18 - 2014-04-13 16:40 - 01863984 _____ () C:\Windows\system32\dmwu.exe
2014-04-16 17:14 - 2014-04-16 17:14 - 00011776 _____ () C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
2014-05-20 10:02 - 2014-05-20 10:02 - 00180736 _____ () C:\Program Files\Re-markit-soft\Re-markitBC170.exe
2014-05-20 10:02 - 2014-05-20 10:02 - 00171008 _____ () C:\Program Files\Re-markit-soft\Re-markitBC170.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-20 10:02 - 2014-05-20 10:02 - 00104960 _____ () C:\Program Files\Re-markit-soft\Re-markitw.exe
2014-05-20 10:04 - 2012-09-26 15:31 - 00886272 _____ () C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll
2014-05-20 10:04 - 2014-01-23 19:04 - 01718264 _____ () C:\Program Files\Activeris AntiMalware\acrissys.dll
2014-05-20 10:03 - 2014-05-19 10:56 - 03267568 _____ () C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe
2014-04-13 16:40 - 2014-04-13 16:40 - 01100592 _____ () C:\Windows\System32\jmdp\stij.exe
2014-04-13 16:40 - 2014-04-13 16:40 - 01266992 _____ () C:\Windows\System32\jmdp\lmrn.dll
2013-01-31 19:35 - 2008-06-24 08:26 - 00668912 _____ () C:\Program Files\Dell V305\dldtmon.exe
2013-01-31 19:35 - 2008-03-19 00:04 - 00380928 _____ () C:\Program Files\Dell V305\dldtscw.dll
2013-01-31 19:34 - 2008-01-22 04:05 - 00077906 _____ () C:\Program Files\Dell V305\dldtcfg.dll
2007-05-29 08:39 - 2007-05-29 09:39 - 00589824 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtdatr.dll
2007-03-26 08:39 - 2007-03-26 09:39 - 00073728 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldtcats.dll
2013-01-31 19:35 - 2008-03-19 00:05 - 00782336 _____ () C:\Program Files\Dell V305\dldtDRS.dll
2013-01-31 19:35 - 2008-02-20 00:25 - 00081920 _____ () C:\Program Files\Dell V305\dldtcaps.dll
2013-01-31 19:35 - 2007-11-13 21:13 - 00069632 _____ () C:\Program Files\Dell V305\dldtcnv4.dll
2013-01-31 19:35 - 2008-02-20 00:21 - 00151552 _____ () C:\Program Files\Dell V305\dldtmonr.dll
2014-05-20 10:03 - 2014-05-19 11:03 - 03982800 _____ () C:\Program Files\fst_it_118\fst_it_118.exe
2014-05-20 10:02 - 2014-05-20 10:02 - 02809856 _____ () C:\Users\Matteo\AppData\Local\bVJGsga\bVJGsga.exe
2013-01-31 19:35 - 2008-06-24 08:27 - 00025840 _____ () C:\Program Files\Dell V305\dldtMsdMon.exe
2013-01-31 19:35 - 2008-05-26 09:05 - 00028672 _____ () C:\Program Files\Dell V305\App4R.Monitor.Common.dll
2013-01-31 19:35 - 2008-05-26 09:05 - 00036864 _____ () C:\Program Files\Dell V305\App4R.Monitor.Core.dll
2013-01-31 19:35 - 2008-05-26 09:04 - 00061440 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
2013-01-31 19:35 - 2007-11-22 10:55 - 00011776 _____ () C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/19/2014 06:21:29 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (06/19/2014 06:21:28 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (06/18/2014 05:00:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/18/2014 04:36:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (06/18/2014 04:35:56 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (06/18/2014 04:35:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
 
Error: (06/18/2014 04:34:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 02:55:09 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (06/15/2014 02:25:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (06/15/2014 02:25:24 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
 
System errors:
=============
Error: (06/19/2014 06:49:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aggiornamento delle definizioni Microsoft Security Essentials – KB2310138 (definizione 1.177.225.0){84CD3267-D422-46B4-9180-D51944E27692}201
 
Error: (06/19/2014 06:48:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 1.177.225.0
 
Origine aggiornamento: %NT AUTHORITY59
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SYSTEM
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:29:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 111.22.0.0
 
Origine aggiornamento: %NT AUTHORITY51
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SERVIZIO DI RETE
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:29:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 1.175.1594.0
 
Origine aggiornamento: %NT AUTHORITY51
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SERVIZIO DI RETE
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:29:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 1.175.1594.0
 
Origine aggiornamento: %NT AUTHORITY51
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SERVIZIO DI RETE
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:29:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 1.175.1594.0
 
Origine aggiornamento: %NT AUTHORITY59
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SYSTEM
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:09:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 111.22.0.0
 
Origine aggiornamento: %NT AUTHORITY51
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SERVIZIO DI RETE
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:09:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 1.175.1594.0
 
Origine aggiornamento: %NT AUTHORITY51
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SERVIZIO DI RETE
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:09:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 1.175.1594.0
 
Origine aggiornamento: %NT AUTHORITY51
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SERVIZIO DI RETE
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
Error: (06/18/2014 05:09:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.
 
Versione nuova firma: 
 
Versione firma precedente: 1.175.1594.0
 
Origine aggiornamento: %NT AUTHORITY59
 
Fase aggiornamento: 4.5.0216.00
 
Percorso aggiornamento: 4.5.0216.01
 
Tipo firma: %NT AUTHORITY602
 
Tipo aggiornamento: %NT AUTHORITY604
 
Utente: NT AUTHORITY\SYSTEM
 
Versione motore corrente: %NT AUTHORITY605
 
Versione motore precedente: %NT AUTHORITY606
 
Codice errore: %NT AUTHORITY607
 
Descrizione errore: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (06/19/2014 06:21:29 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (06/19/2014 06:21:28 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (06/18/2014 05:00:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/18/2014 04:36:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (06/18/2014 04:35:56 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (06/18/2014 04:35:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
 
Error: (06/18/2014 04:34:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 02:55:09 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (06/15/2014 02:25:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (06/15/2014 02:25:24 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-27 07:17:54.411
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:53.895
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:53.318
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:52.802
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:28.319
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:27.680
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:26.978
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:26.384
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:25.572
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-03-27 07:17:24.917
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 55%
Total physical RAM: 3030.13 MB
Available physical RAM: 1341.16 MB
Total Pagefile: 6278.6 MB
Available Pagefile: 4264.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.5 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:231.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D09030C9)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
But when I ran aswmbr.exe on my screen appears a windows error. I attach you a screenshot of my screen with the message. 
I wait your news
 

 

 

Attached Files

  • Attached File  ASW.jpg   101.78KB   0 downloads


#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 19 June 2014 - 08:17 PM

Hi Pystryker, thanks for your instructions.


Hello, you are quite welcome. :)

We have a lot of work to do and I did see the screenshot from the aswMBR scan. That file will be gone shortly. I'm going to break this up into no more than 3 steps at a time, until we get rid of some of the junk. There are a lot of infections, a rogue antimalware program called Activeris AntiMalware on the machine, and browser hijacks. But, no worries, we'll send them all packing. :thumbsup:



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Program Uninstalls and Windows Sidebar Fix


Program Uninstalls


Please uninstall the following programs from your machine, as they are all malware/adware related programs. If you get any warnings saying the program can't be uninstalled or can't be found and would you like to remove it from the list, answer yes, and then proceed to the next one. :)
  • Activeris AntiMalware
  • fst_it_118 (May be listed as "FreeSofttoday)
  • Genesis
  • IB Updater Service
  • Internet Explorer Toolbar 4.7 by SweetPacks
  • MPlayerplus_01
  • MyPC Backup
  • NewPlayer
  • Optimizer Pro v3.2
  • Re-markit
  • SupTab
  • SweetIM for Messenger 3.7
  • Sweetpacks Bundle Uninstaller
  • Update Manager for SweetPacks 1.1
  • VO Package
  • webssearches uninstaller
Windows Fix It

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.

NOTE: Please make absolutely sure you reboot the machine after performing this step and before proceeding with my next instructions.


Step 2: Chrome Changes


Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page. Make sure you do not see delta-homes in the list of pages.
  • Once you have typed in your new home page, close the window.
Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Again, you want to remove any search engines like delta-homes or trovi. Change it from the malware related search engine to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete delta-homes and trovi from the list.
  • Once you have removed it, close the window.
Step 3: Fix with Farbar's Recovery Scan Tool (FRST)
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
C:\ProgramData\IePluginService
C:\ProgramData\IePluginServices
C:\ProgramData\WPM
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\MyPC Backup
() C:\Windows\System32\dmwu.exe
() C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
() C:\Program Files\Re-markit-soft\Re-markitBC170.exe
C:\Program Files\NewPlayer
C:\Program Files\Re-markit-soft
() C:\Program Files\Re-markit-soft\Re-markitw.exe
(Activeris) C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe
C:\Program Files\Activeris AntiMalware
() C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe
C:\Users\Matteo\AppData\Local\fst_it_118
() C:\Windows\System32\jmdp\stij.exe
C:\Windows\System32\jmdp
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\SweetIM
() C:\Program Files\fst_it_118\fst_it_118.exe
C:\Program Files\fst_it_118
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [fst_it_118] => C:\Program Files\fst_it_118\fst_it_118.exe [3982800 2014-05-19] ()
HKLM\...\RunOnce: [upfst_it_118.exe] - C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe -runonce [3267568 2014-05-19] ()
Startup: C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-273196513-1318440332-801156109-1000\...\Run: [bvjgsga] => c:\users\matteo\appdata\local\bvjgsga\bvjgsga.exe [2809856 2014-05-20] ()
() C:\Users\Matteo\AppData\Local\bVJGsga\bVJGsga.exe
C:\Users\Matteo\AppData\Local\bVJGsga
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?type=sc&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=M3ACCF52A-5AD2-4FAA-9788-A27CAAF856D2&SearchSource=58&CUI=&UM=5&UP=SPC8FDBECD-3265-42DE-B02E-A386A3B86E5C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Re-markit - {4232F406-A0E7-9E2B-E39F-3E6DED20182B} - C:\Program Files\Re-markit-soft\170.dll ()
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF HKCU\...\Firefox\Extensions: [{58167137-F08E-F867-44D8-3189AA654B6F}] - C:\Program Files\Re-markit-soft\170.xpi
FF Extension: Re-markit - C:\Program Files\Re-markit-soft\170.xpi [2014-05-20]
CHR HKLM\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx [2014-06-13]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\jmdp\SweetNT.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-06-13]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-20]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=sc&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
2006-11-02 12:23 - 2014-05-25 15:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
S2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [2900424 2014-05-20] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED)
R2 NewPlayerUpdaterService; C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-04-16] () [File not signed]
C:\Program Files\NewPlayer
c:\Program Files\Optimizer Pro
R2 Re-markit; C:\Program Files\Re-markit-soft\Re-markitBC170.exe [180736 2014-05-20] () [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED)
2014-05-25 13:54 - 2014-05-25 13:54 - 00000000 ____D () C:\Users\Matteo\AppData\Local\SearchProtect
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\VOPackage
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Local\newplayer
2014-05-20 10:05 - 2014-05-20 10:06 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\Documents\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\SupTab
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Activeris
2014-05-20 10:04 - 2014-06-13 10:16 - 00000000 ____D () C:\Program Files\SupTab
2014-05-20 10:04 - 2014-06-13 10:15 - 00000000 ____D () C:\ProgramData\WPM
2014-05-20 10:04 - 2014-05-21 09:43 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-20 10:04 - 2014-05-20 10:08 - 00000000 ____D () C:\Program Files\MPlayerplus_01
2014-05-20 10:04 - 2014-05-20 10:06 - 00000000 ____D () C:\Program Files\NewPlayer
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\ProgramData\Activeris
2014-05-20 10:03 - 2014-06-18 17:34 - 00000000 ____D () C:\Users\Matteo\AppData\Local\fst_it_118
2014-05-20 10:03 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-05-20 10:03 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\Activeris AntiMalware
2014-05-20 10:03 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\fst_it_118
2014-05-20 10:02 - 2014-06-19 18:43 - 00000000 ____D () C:\Users\Matteo\AppData\Local\bVJGsga
2014-05-20 10:02 - 2014-06-19 18:23 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-05-20 10:02 - 2014-06-19 18:18 - 00000364 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-05-20 10:02 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\Re-markit-soft
Task: {31360122-D4C6-49C1-8A98-6EB06B3FCD76} - System32\Tasks\Re-markit Update => C:\Program Files\Re-markit-soft\Re-markitV37.exe [2014-05-20] () <==== ATTENTION
Task: {67CE7669-6C23-4FFB-BC53-A8642C6A4840} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris) <==== ATTENTION
Task: {25A58EDF-889E-46B4-8640-8FDACDB5033C} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.exe [2014-05-20] (Freeven)
Task: {6A6E5C5E-C6CD-4D0A-9453-7E2911C31347} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-nova.exe [2014-05-20] (Freeven)
Task: {7E446199-DDF8-4075-A34C-BB9CBA9D01EF} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe [2014-05-20] (Freeven)
Task: {8E0A0BAA-A181-4156-B45D-199103B85E68} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.exe [2014-05-20] (Freeven)
Task: {966379B8-1964-400D-82C5-A54476FEE62E} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.exe [2014-05-20] (Freeven)
Task: {B3F95023-A953-43FF-BD12-29CABB61D998} - System32\Tasks\Re-markit_wd => C:\Program Files\Re-markit-soft\Re-markitw.exe [2014-05-20] () <==== ATTENTION
Task: {C93A2131-1E23-4696-BD4D-6AB614919407} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.exe [2014-05-20] (Freeven)
Task: {EC9F5B5D-C4EC-4868-A239-9D9740F147C5} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-novainstaller.exe [2014-05-20] (Freeven)
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-novainstaller.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-nova.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files\Re-markit-soft\Re-markitV37.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files\Re-markit-soft\Re-markitw.exe <==== ATTENTION
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 mrbara

mrbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 20 June 2014 - 09:59 AM

ok Pystryker, I uninstalled all programs on the list, then I set Chrome and at the end I ran FRST.exe.

 

FIXLOG.TXT 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:18-06-2014

Ran by Matteo at 2014-06-20 16:49:33 Run:1
Running from C:\Users\Matteo\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
C:\ProgramData\IePluginService
C:\ProgramData\IePluginServices
C:\ProgramData\WPM
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\MyPC Backup
() C:\Windows\System32\dmwu.exe
() C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
() C:\Program Files\Re-markit-soft\Re-markitBC170.exe
C:\Program Files\NewPlayer
C:\Program Files\Re-markit-soft
() C:\Program Files\Re-markit-soft\Re-markitw.exe
(Activeris) C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe
C:\Program Files\Activeris AntiMalware
() C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe
C:\Users\Matteo\AppData\Local\fst_it_118
() C:\Windows\System32\jmdp\stij.exe
C:\Windows\System32\jmdp
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\SweetIM
() C:\Program Files\fst_it_118\fst_it_118.exe
C:\Program Files\fst_it_118
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [fst_it_118] => C:\Program Files\fst_it_118\fst_it_118.exe [3982800 2014-05-19] ()
HKLM\...\RunOnce: [upfst_it_118.exe] - C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe -runonce [3267568 2014-05-19] ()
Startup: C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-273196513-1318440332-801156109-1000\...\Run: [bvjgsga] => c:\users\matteo\appdata\local\bvjgsga\bvjgsga.exe [2809856 2014-05-20] ()
() C:\Users\Matteo\AppData\Local\bVJGsga\bVJGsga.exe
C:\Users\Matteo\AppData\Local\bVJGsga
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?type=sc&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Re-markit - {4232F406-A0E7-9E2B-E39F-3E6DED20182B} - C:\Program Files\Re-markit-soft\170.dll ()
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF HKCU\...\Firefox\Extensions: [{58167137-F08E-F867-44D8-3189AA654B6F}] - C:\Program Files\Re-markit-soft\170.xpi
FF Extension: Re-markit - C:\Program Files\Re-markit-soft\170.xpi [2014-05-20]
CHR HKLM\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx [2014-06-13]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\jmdp\SweetNT.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-06-13]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-20]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=sc&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
2006-11-02 12:23 - 2014-05-25 15:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
S2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [2900424 2014-05-20] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED)
R2 NewPlayerUpdaterService; C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-04-16] () [File not signed]
C:\Program Files\NewPlayer
c:\Program Files\Optimizer Pro
R2 Re-markit; C:\Program Files\Re-markit-soft\Re-markitBC170.exe [180736 2014-05-20] () [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED)
2014-05-25 13:54 - 2014-05-25 13:54 - 00000000 ____D () C:\Users\Matteo\AppData\Local\SearchProtect
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\VOPackage
2014-05-20 10:06 - 2014-05-20 10:06 - 00000000 ____D () C:\Users\Matteo\AppData\Local\newplayer
2014-05-20 10:05 - 2014-05-20 10:06 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\Documents\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\SupTab
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Optimizer Pro
2014-05-20 10:05 - 2014-05-20 10:05 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\Activeris
2014-05-20 10:04 - 2014-06-13 10:16 - 00000000 ____D () C:\Program Files\SupTab
2014-05-20 10:04 - 2014-06-13 10:15 - 00000000 ____D () C:\ProgramData\WPM
2014-05-20 10:04 - 2014-05-21 09:43 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-05-20 10:04 - 2014-05-20 10:08 - 00000000 ____D () C:\Program Files\MPlayerplus_01
2014-05-20 10:04 - 2014-05-20 10:06 - 00000000 ____D () C:\Program Files\NewPlayer
2014-05-20 10:04 - 2014-05-20 10:04 - 00000000 ____D () C:\ProgramData\Activeris
2014-05-20 10:03 - 2014-06-18 17:34 - 00000000 ____D () C:\Users\Matteo\AppData\Local\fst_it_118
2014-05-20 10:03 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-05-20 10:03 - 2014-05-20 10:04 - 00000000 ____D () C:\Program Files\Activeris AntiMalware
2014-05-20 10:03 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\fst_it_118
2014-05-20 10:02 - 2014-06-19 18:43 - 00000000 ____D () C:\Users\Matteo\AppData\Local\bVJGsga
2014-05-20 10:02 - 2014-06-19 18:23 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-05-20 10:02 - 2014-06-19 18:18 - 00000364 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-05-20 10:02 - 2014-05-20 10:03 - 00000000 ____D () C:\Program Files\Re-markit-soft
Task: {31360122-D4C6-49C1-8A98-6EB06B3FCD76} - System32\Tasks\Re-markit Update => C:\Program Files\Re-markit-soft\Re-markitV37.exe [2014-05-20] () <==== ATTENTION
Task: {67CE7669-6C23-4FFB-BC53-A8642C6A4840} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris) <==== ATTENTION
Task: {25A58EDF-889E-46B4-8640-8FDACDB5033C} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.exe [2014-05-20] (Freeven)
Task: {6A6E5C5E-C6CD-4D0A-9453-7E2911C31347} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-nova.exe [2014-05-20] (Freeven)
Task: {7E446199-DDF8-4075-A34C-BB9CBA9D01EF} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe [2014-05-20] (Freeven)
Task: {8E0A0BAA-A181-4156-B45D-199103B85E68} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.exe [2014-05-20] (Freeven)
Task: {966379B8-1964-400D-82C5-A54476FEE62E} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.exe [2014-05-20] (Freeven)
Task: {B3F95023-A953-43FF-BD12-29CABB61D998} - System32\Tasks\Re-markit_wd => C:\Program Files\Re-markit-soft\Re-markitw.exe [2014-05-20] () <==== ATTENTION
Task: {C93A2131-1E23-4696-BD4D-6AB614919407} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5 => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.exe [2014-05-20] (Freeven)
Task: {EC9F5B5D-C4EC-4868-A239-9D9740F147C5} - System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6 => C:\Program Files\MPlayerplus_01\MPlayerplus_01-novainstaller.exe [2014-05-20] (Freeven)
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.job => C:\Program Files\MPlayerplus_01\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-novainstaller.exe
Task: C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7.job => C:\Program Files\MPlayerplus_01\MPlayerplus_01-nova.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files\Re-markit-soft\Re-markitV37.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files\Re-markit-soft\Re-markitw.exe <==== ATTENTION
End
*****************
 
[1744] C:\ProgramData\IePluginService\PluginService.exe => Process closed successfully.
[1816] C:\ProgramData\IePluginServices\PluginService.exe => Process closed successfully.
[1844] C:\ProgramData\WPM\wprotectmanager.exe => Process closed successfully.
C:\ProgramData\IePluginService => Moved successfully.
C:\ProgramData\IePluginServices => Moved successfully.
C:\ProgramData\WPM => Moved successfully.
C:\Program Files\MyPC Backup\BackupStack.exe => No running process found
"C:\Program Files\MyPC Backup" => File/Directory not found.
C:\Windows\System32\dmwu.exe => No running process found
C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe => No running process found
C:\Program Files\Re-markit-soft\Re-markitBC170.exe => No running process found
"C:\Program Files\NewPlayer" => File/Directory not found.
"C:\Program Files\Re-markit-soft" => File/Directory not found.
C:\Program Files\Re-markit-soft\Re-markitw.exe => No running process found
C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe => No running process found
"C:\Program Files\Activeris AntiMalware" => File/Directory not found.
C:\Users\Matteo\AppData\Local\fst_it_118\upfst_it_118.exe => No running process found
"C:\Users\Matteo\AppData\Local\fst_it_118" => File/Directory not found.
C:\Windows\System32\jmdp\stij.exe => No running process found
"C:\Windows\System32\jmdp" => File/Directory not found.
C:\Program Files\SweetIM\Messenger\SweetIM.exe => No running process found
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe => No running process found
"C:\Program Files\SweetIM" => File/Directory not found.
C:\Program Files\fst_it_118\fst_it_118.exe => No running process found
"C:\Program Files\fst_it_118" => File/Directory not found.
C:\Program Files\MyPC Backup\MyPC Backup.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\fst_it_118 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_it_118.exe => Value not found.
C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files\MyPC Backup\MyPC Backup.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKU\S-1-5-21-273196513-1318440332-801156109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bvjgsga => Value not found.
C:\Users\Matteo\AppData\Local\bVJGsga\bVJGsga.exe => No running process found
C:\Users\Matteo\AppData\Local\bVJGsga => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}'=> Key not found.
'HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4232F406-A0E7-9E2B-E39F-3E6DED20182B}'=> Key not found.
'HKCR\CLSID\{4232F406-A0E7-9E2B-E39F-3E6DED20182B}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{58167137-F08E-F867-44D8-3189AA654B6F} => Value not found.
C:\Program Files\Re-markit-soft\170.xpi => not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd' => Key deleted successfully.
C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj'=> Key not found.
"C:\Windows\System32\jmdp\SweetNT.crx" => File/Directory not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo' => Key deleted successfully.
C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx => Moved successfully.
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-20] ==> The Chrome "Settings" can be used to fix the entry.
'HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma' => Key deleted successfully.
C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
BackupStack => Service not found.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
ca82e1a5 => Service not found.
IePluginService => Service deleted successfully.
IePluginServices => Service deleted successfully.
NewPlayerUpdaterService => Service not found.
"C:\Program Files\NewPlayer" => File/Directory not found.
"c:\Program Files\Optimizer Pro" => File/Directory not found.
Re-markit => Service not found.
Wpm => Service deleted successfully.
C:\Users\Matteo\AppData\Local\SearchProtect => Moved successfully.
"C:\Users\Matteo\AppData\Roaming\VOPackage" => File/Directory not found.
"C:\Users\Matteo\AppData\Local\newplayer" => File/Directory not found.
"C:\ProgramData\IePluginService" => File/Directory not found.
C:\Users\Matteo\Documents\Optimizer Pro => Moved successfully.
"C:\Users\Matteo\AppData\Roaming\SupTab" => File/Directory not found.
"C:\Users\Matteo\AppData\Roaming\Optimizer Pro" => File/Directory not found.
C:\Users\Matteo\AppData\Roaming\Activeris => Moved successfully.
C:\Program Files\SupTab => Moved successfully.
"C:\ProgramData\WPM" => File/Directory not found.
"C:\Program Files\MyPC Backup" => File/Directory not found.
"C:\Program Files\MPlayerplus_01" => File/Directory not found.
"C:\Program Files\NewPlayer" => File/Directory not found.
"C:\ProgramData\Activeris" => File/Directory not found.
"C:\Users\Matteo\AppData\Local\fst_it_118" => File/Directory not found.
"C:\Program Files\Optimizer Pro" => File/Directory not found.
"C:\Program Files\Activeris AntiMalware" => File/Directory not found.
"C:\Program Files\fst_it_118" => File/Directory not found.
"C:\Users\Matteo\AppData\Local\bVJGsga" => File/Directory not found.
"C:\Windows\Tasks\Re-markit Update.job" => File/Directory not found.
"C:\Windows\Tasks\Re-markit_wd.job" => File/Directory not found.
"C:\Program Files\Re-markit-soft" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31360122-D4C6-49C1-8A98-6EB06B3FCD76}'=> Key not found.
C:\Windows\System32\Tasks\Re-markit Update not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67CE7669-6C23-4FFB-BC53-A8642C6A4840}'=> Key not found.
C:\Windows\System32\Tasks\Activeris AntiMalware_startup not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Activeris AntiMalware_startup'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25A58EDF-889E-46B4-8640-8FDACDB5033C}'=> Key not found.
C:\Windows\System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A6E5C5E-C6CD-4D0A-9453-7E2911C31347}'=> Key not found.
C:\Windows\System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E446199-DDF8-4075-A34C-BB9CBA9D01EF}'=> Key not found.
C:\Windows\System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E0A0BAA-A181-4156-B45D-199103B85E68}'=> Key not found.
C:\Windows\System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{966379B8-1964-400D-82C5-A54476FEE62E}'=> Key not found.
C:\Windows\System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F95023-A953-43FF-BD12-29CABB61D998}'=> Key not found.
C:\Windows\System32\Tasks\Re-markit_wd not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit_wd'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C93A2131-1E23-4696-BD4D-6AB614919407}'=> Key not found.
C:\Windows\System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9F5B5D-C4EC-4868-A239-9D9740F147C5}'=> Key not found.
C:\Windows\System32\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6'=> Key not found.
C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-1.job not found.
C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-2.job not found.
C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-3.job not found.
C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-4.job not found.
C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-5.job not found.
C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-6.job not found.
C:\Windows\Tasks\d883c0dc-2aba-4df6-aa3c-a2aaf825f9e1-7.job not found.
C:\Windows\Tasks\Re-markit Update.job not found.
C:\Windows\Tasks\Re-markit_wd.job not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 20 June 2014 - 12:57 PM

Hi, did you also run the Windows fix it procedure? If not, please run it, and make sure you reboot once you do. If you have, then no worries. I will have further instructions soon. :)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 20 June 2014 - 07:50 PM

Hello :)

If you have run the Windows Fixit, then proceed with the following steps. If not, please run the Windows Fixit, reboot the machine, and then proceed with the steps below.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: Fresh FRST Scan/b]
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
[b]Things I need to see in your next post:

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 mrbara

mrbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 21 June 2014 - 03:50 AM

ok, I ran programs.

 

ADWCLEANER LOG:

 

# AdwCleaner v3.212 - Rapporto creato 21/06/2014 in 10:01:11
# Aggiornato 05/06/2014 di Xplode
# Sistema operativo : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Nome utente : Matteo - PC-MATTEO
# In esecuzione da : C:\Users\Matteo\Desktop\AdwCleaner.exe
# Opzione : Scansiona
 
***** [ Servizi ] *****
 
Servizio Trovato : globalUpdate
Servizio Trovato : globalUpdatem
 
***** [ File / Cartelle ] *****
 
Cartella Trovato : C:\Program Files\globalUpdate
Cartella Trovato : C:\Program Files\predm
Cartella Trovato : C:\ProgramData\2308189059
Cartella Trovato : C:\Users\Matteo\AppData\Local\globalUpdate
Cartella Trovato : C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Cartella Trovato : C:\Users\Matteo\AppData\Roaming\337Games
Cartella Trovato : C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
Cartella Trovato : C:\Users\Matteo\AppData\Roaming\webssearches
File Trovato : C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Trovato : C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Trovato : C:\Users\Matteo\AppData\LocalLow\SkwConfig.bin
File Trovato : C:\Windows\System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-1
File Trovato : C:\Windows\System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2
File Trovato : C:\Windows\System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4
File Trovato : C:\Windows\System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5
File Trovato : C:\Windows\System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-6
File Trovato : C:\Windows\System32\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-7
File Trovato : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Trovato : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Trovato : C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-1.job
File Trovato : C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2.job
File Trovato : C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4.job
File Trovato : C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5.job
File Trovato : C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-6.job
File Trovato : C:\Windows\Tasks\dba1c78b-b3c1-43aa-9baa-6d258490dccb-7.job
File Trovato : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Trovato : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
Chiave Trovati : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Trovati : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chiave Trovati : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chiave Trovati : HKCU\Software\FreeSoftToday
Chiave Trovati : HKCU\Software\genesis
Chiave Trovati : HKCU\Software\IM
Chiave Trovati : HKCU\Software\ImInstaller
Chiave Trovati : HKCU\Software\installedbrowserextensions
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Chiave Trovati : HKCU\Software\SweetIM
Chiave Trovati : HKCU\Software\TutoTag
Chiave Trovati : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Trovati : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chiave Trovati : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312270}
Chiave Trovati : HKLM\SOFTWARE\Classes\CrossriderApp0053170.BHO
Chiave Trovati : HKLM\SOFTWARE\Classes\CrossriderApp0053170.Sandbox
Chiave Trovati : HKLM\SOFTWARE\Classes\CrossriderApp0053170.Sandbox.1
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chiave Trovati : HKLM\Software\delta-homesSoftware
Chiave Trovati : HKLM\Software\FreeSoftToday
Chiave Trovati : HKLM\Software\installedbrowserextensions
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01FE0473-E102-490A-8331-0AD1AA1499E8}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2CA7C371-D69D-45C4-952E-4E1EB96766A8}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{333EA61F-EAB7-44E7-A6C7-22E015A2CC70}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F3A8FD0-0F8B-4AD6-962D-EAAA15C9C5CE}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{401E4408-63D6-427D-8010-F9D1B25F9259}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CD0822F-3353-433D-AAFF-3122DA90F702}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2870D40-698C-40DD-A045-68080F43C0F2}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CED86862-8BAA-46E6-96E9-65412495689D}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01FE0473-E102-490A-8331-0AD1AA1499E8}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CA7C371-D69D-45C4-952E-4E1EB96766A8}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{333EA61F-EAB7-44E7-A6C7-22E015A2CC70}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F3A8FD0-0F8B-4AD6-962D-EAAA15C9C5CE}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{401E4408-63D6-427D-8010-F9D1B25F9259}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CD0822F-3353-433D-AAFF-3122DA90F702}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2870D40-698C-40DD-A045-68080F43C0F2}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CED86862-8BAA-46E6-96E9-65412495689D}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chiave Trovati : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
Chiave Trovati : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chiave Trovati : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chiave Trovati : HKLM\Software\SearchProtect
Chiave Trovati : HKLM\Software\SupDp
Chiave Trovati : HKLM\Software\SupTab
Chiave Trovati : HKLM\Software\supWPM
Chiave Trovati : HKLM\Software\SweetIM
Chiave Trovati : HKLM\Software\Tutorials
Chiave Trovati : HKLM\Software\webssearchesSoftware
Chiave Trovati : HKLM\Software\Wpm
 
***** [ Browser ] *****
 
-\\ Internet Explorer v9.0.8112.16555
 
Impostazioni Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
Impostazioni Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://search.delta-homes.com/web/?type=ds&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX&q={searchTerms}
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Trovato [Homepage] : hxxp://www.delta-homes.com/?type=hp&ts=1402647313&from=wpm0612&uid=HitachiXHTS543232L9A300_090425FB2406CEG422LCX
Trovato [Extension] : majjphhgppkndjjkmhhnbgafooenebhd
Trovato [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
Trovato [Extension] : ogfjmhfnldnajmfaofeiaepghjenbgjo
Trovato [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
 
*************************
 
AdwCleaner[R0].txt - [8342 octets] - [21/06/2014 10:01:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8402 octets] ##########

 

 
 
 
JRT.TXT :
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Matteo on 21/06/2014 at 10.13.36,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-273196513-1318440332-801156109-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{75BC422E-A8A7-49DE-956E-3D75007351C5}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/06/2014 at 10.36.11,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST.TXT:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by Matteo (administrator) on PC-MATTEO on 21-06-2014 10:37:56
Running from C:\Users\Matteo\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dldtserv.exe
( ) C:\Windows\System32\dldtcoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Dell V305\dldtmon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Dell V305\dldtmsdmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1422632 2008-12-01] (Synaptics, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [dldtmon.exe] => C:\Program Files\Dell V305\dldtmon.exe [668912 2008-06-24] ()
HKLM\...\Run: [dldtamon] => C:\Program Files\Dell V305\dldtamon.exe [16624 2008-06-24] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-20] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-273196513-1318440332-801156109-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: c:\progra~2\fastan~1\fastan~1.dll => C:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-06-20] ()
Startup: C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matteo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_126.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - c:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-22]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.it/"
CHR Extension: (Documenti Google) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25]
CHR Extension: (Google Drive) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-22]
CHR Extension: (Ricerca Google) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-22]
CHR Extension: (No Name) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-22]
 
========================== Services (Whitelisted) =================
 
S2 64af91bf; C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [186192 2014-06-20] () [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-20] (Andrea Electronics Corporation)
R2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [98984 2009-07-09] ()
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [595184 2008-02-25] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-20] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [274048 2009-05-06] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Matteo\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-21 10:37 - 2014-06-21 10:37 - 00000000 ____D () C:\Users\Matteo\Desktop\FRST-OlderVersion
2014-06-21 10:36 - 2014-06-21 10:36 - 00000969 _____ () C:\Users\Matteo\Desktop\JRT.txt
2014-06-21 10:13 - 2014-06-21 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:10 - 2014-06-21 10:01 - 00008482 _____ () C:\Users\Matteo\Desktop\AdwCleaner[R0].txt
2014-06-21 10:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-21 09:59 - 2014-06-21 10:07 - 00000000 ____D () C:\AdwCleaner
2014-06-21 09:55 - 2014-06-21 09:54 - 01016261 _____ (Thisisu) C:\Users\Matteo\Desktop\JRT.exe
2014-06-21 09:55 - 2014-06-21 09:53 - 01333465 _____ () C:\Users\Matteo\Desktop\AdwCleaner.exe
2014-06-20 16:41 - 2014-06-20 16:41 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-06-20 16:18 - 2014-06-20 16:13 - 00984576 _____ () C:\Users\Matteo\Desktop\MicrosoftFixit50906.msi
2014-06-19 19:00 - 2014-06-19 18:54 - 05185536 _____ (AVAST Software) C:\Users\Matteo\Desktop\aswmbr.exe
2014-06-19 18:59 - 2014-06-19 18:59 - 00000780 _____ () C:\Windows\setupact.log
2014-06-19 18:59 - 2014-06-19 18:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 18:52 - 2014-06-19 18:53 - 00044630 _____ () C:\Users\Matteo\Desktop\Addition.txt
2014-06-19 18:51 - 2014-06-21 10:38 - 00013252 _____ () C:\Users\Matteo\Desktop\FRST.txt
2014-06-19 18:51 - 2014-06-21 10:38 - 00000000 ____D () C:\FRST
2014-06-19 18:43 - 2014-06-21 10:37 - 01070592 _____ (Farbar) C:\Users\Matteo\Desktop\FRST.exe
2014-06-18 17:41 - 2014-06-18 17:41 - 00018082 _____ () C:\Users\Matteo\Desktop\dds.txt
2014-06-18 17:41 - 2014-06-18 17:41 - 00006772 _____ () C:\Users\Matteo\Desktop\attach.txt
2014-06-18 17:34 - 2014-06-18 17:35 - 00688992 ____R (Swearware) C:\Users\Matteo\Desktop\dds.com
2014-06-15 14:44 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-15 14:44 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-15 14:44 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-15 14:44 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-15 14:44 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-15 14:44 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-15 14:44 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-15 14:44 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-15 14:44 - 2014-04-05 05:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-15 14:44 - 2014-04-05 03:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-15 14:44 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-15 14:44 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-15 14:43 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-15 14:43 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-15 14:43 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-15 14:43 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-15 14:43 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-15 14:43 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-15 14:43 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-15 14:43 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-15 14:43 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-15 14:43 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-15 14:43 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-15 14:22 - 2014-06-21 10:09 - 00003750 _____ () C:\Windows\PFRO.log
2014-06-07 14:30 - 2014-06-07 14:30 - 00998400 _____ () C:\Users\Matteo\Downloads\setup.exe
2014-05-30 17:32 - 2014-05-30 17:32 - 00499544 _____ () C:\Users\Matteo\Downloads\Player Setup (2).exe
2014-05-30 17:31 - 2014-05-30 17:31 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup (1).exe
2014-05-30 17:30 - 2014-05-30 17:31 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup.exe
2014-05-27 19:22 - 2014-05-27 19:22 - 00000000 ____D () C:\Users\Matteo\Desktop\Rimozione Malware(NON CANCELLARE)
2014-05-25 19:42 - 2014-05-25 19:44 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-25 14:40 - 2014-05-25 19:44 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 14:23 - 2014-05-25 14:23 - 06210304 _____ (TeamViewer GmbH) C:\Users\Matteo\Downloads\TeamViewer_Setup_it.exe
2014-05-25 13:52 - 2014-05-25 13:52 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\TeamViewer
2014-05-25 13:18 - 2014-05-25 13:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 13:13 - 2014-05-25 13:14 - 04765152 _____ (Piriform Ltd) C:\Users\Matteo\Downloads\ccsetup411.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-21 10:39 - 2014-06-19 18:51 - 00013252 _____ () C:\Users\Matteo\Desktop\FRST.txt
2014-06-21 10:38 - 2014-06-19 18:51 - 00000000 ____D () C:\FRST
2014-06-21 10:37 - 2014-06-21 10:37 - 00000000 ____D () C:\Users\Matteo\Desktop\FRST-OlderVersion
2014-06-21 10:37 - 2014-06-19 18:43 - 01070592 _____ (Farbar) C:\Users\Matteo\Desktop\FRST.exe
2014-06-21 10:37 - 2009-05-20 10:50 - 02005957 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 10:36 - 2014-06-21 10:36 - 00000969 _____ () C:\Users\Matteo\Desktop\JRT.txt
2014-06-21 10:34 - 2013-01-22 20:26 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-21 10:32 - 2013-01-22 20:26 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 10:32 - 2013-01-22 20:26 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 10:13 - 2014-06-21 10:13 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:09 - 2014-06-15 14:22 - 00003750 _____ () C:\Windows\PFRO.log
2014-06-21 10:09 - 2013-01-28 23:41 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-06-21 10:09 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 10:09 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 10:09 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 10:08 - 2006-11-02 15:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 10:07 - 2014-06-21 09:59 - 00000000 ____D () C:\AdwCleaner
2014-06-21 10:01 - 2014-06-21 10:10 - 00008482 _____ () C:\Users\Matteo\Desktop\AdwCleaner[R0].txt
2014-06-21 09:57 - 2008-01-21 08:31 - 01604736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 09:57 - 2008-01-21 08:30 - 00714702 _____ () C:\Windows\system32\perfh010.dat
2014-06-21 09:57 - 2008-01-21 08:30 - 00143050 _____ () C:\Windows\system32\perfc010.dat
2014-06-21 09:54 - 2014-06-21 09:55 - 01016261 _____ (Thisisu) C:\Users\Matteo\Desktop\JRT.exe
2014-06-21 09:53 - 2014-06-21 09:55 - 01333465 _____ () C:\Users\Matteo\Desktop\AdwCleaner.exe
2014-06-20 16:51 - 2014-05-20 10:02 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-20 16:49 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-20 16:41 - 2014-06-20 16:41 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-06-20 16:13 - 2014-06-20 16:18 - 00984576 _____ () C:\Users\Matteo\Desktop\MicrosoftFixit50906.msi
2014-06-20 16:10 - 2013-01-22 20:27 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-20 16:10 - 2013-01-22 06:06 - 00000951 _____ () C:\Users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-19 18:59 - 2014-06-19 18:59 - 00000780 _____ () C:\Windows\setupact.log
2014-06-19 18:59 - 2014-06-19 18:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 18:54 - 2014-06-19 19:00 - 05185536 _____ (AVAST Software) C:\Users\Matteo\Desktop\aswmbr.exe
2014-06-19 18:53 - 2014-06-19 18:52 - 00044630 _____ () C:\Users\Matteo\Desktop\Addition.txt
2014-06-18 17:41 - 2014-06-18 17:41 - 00018082 _____ () C:\Users\Matteo\Desktop\dds.txt
2014-06-18 17:41 - 2014-06-18 17:41 - 00006772 _____ () C:\Users\Matteo\Desktop\attach.txt
2014-06-18 17:35 - 2014-06-18 17:34 - 00688992 ____R (Swearware) C:\Users\Matteo\Desktop\dds.com
2014-06-18 16:40 - 2009-05-20 16:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-15 14:50 - 2013-07-30 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 14:39 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-15 14:36 - 2013-01-22 20:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-15 14:36 - 2013-01-22 20:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-07 14:30 - 2014-06-07 14:30 - 00998400 _____ () C:\Users\Matteo\Downloads\setup.exe
2014-05-30 17:32 - 2014-05-30 17:32 - 00499544 _____ () C:\Users\Matteo\Downloads\Player Setup (2).exe
2014-05-30 17:31 - 2014-05-30 17:31 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup (1).exe
2014-05-30 17:31 - 2014-05-30 17:30 - 00277848 _____ () C:\Users\Matteo\Downloads\Player Setup.exe
2014-05-28 18:48 - 2014-06-15 14:43 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-15 14:43 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-15 14:43 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-15 14:44 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-15 14:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-15 14:43 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-15 14:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-15 14:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-15 14:44 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-15 14:44 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-15 14:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-15 14:43 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-15 14:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-15 14:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-15 14:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-15 14:44 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-15 14:44 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:29 - 2014-06-15 14:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-15 14:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-15 14:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:28 - 2014-06-15 14:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-27 19:22 - 2014-05-27 19:22 - 00000000 ____D () C:\Users\Matteo\Desktop\Rimozione Malware(NON CANCELLARE)
2014-05-25 19:44 - 2014-05-25 19:42 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-25 19:44 - 2014-05-25 14:40 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 15:06 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-25 15:06 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-25 15:04 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-25 14:23 - 2014-05-25 14:23 - 06210304 _____ (TeamViewer GmbH) C:\Users\Matteo\Downloads\TeamViewer_Setup_it.exe
2014-05-25 13:52 - 2014-05-25 13:52 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\TeamViewer
2014-05-25 13:22 - 2013-01-28 23:11 - 00000000 ____D () C:\Users\Matteo\AppData\Roaming\DAEMON Tools Pro
2014-05-25 13:22 - 2013-01-22 20:05 - 00000000 ____D () C:\Users\Matteo\Tracing
2014-05-25 13:22 - 2008-04-14 17:13 - 00000000 ____D () C:\Windows\Panther
2014-05-25 13:18 - 2014-05-25 13:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-25 13:14 - 2014-05-25 13:13 - 04765152 _____ (Piriform Ltd) C:\Users\Matteo\Downloads\ccsetup411.exe
 
Some content of TEMP:
====================
C:\Users\Matteo\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppntya1.dll
C:\Users\Matteo\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-21 10:16
 
==================== End Of Log ============================
 
 
 


#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 21 June 2014 - 07:31 AM

Hello :)

How is the machine running now?

We still have a ways to go, but things are looking pretty good in the logs. :thumbsup: Let's continue with the next set of steps in the cleaning.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Re-Run AdwCleaner

 
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply. This report is also saved at C:\AdwCleaner[R0].txt

  • Step 2: Fix with Farbar's Recovery Scan Tool


  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    Start
    Hosts: Hosts file not detected in the default directory
    C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
    S2 64af91bf; C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [186192 2014-06-20] () [File not signed]
    C:\ProgramData\Fast And Safe
    AppInit_DLLs: c:\progra~2\fastan~1\fastan~1.dll => C:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-06-20] ()
    End

  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


    Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


    Step 3: Temporary File Cleaner


    Clear Cache/Temp Files
    Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Things I need to see in your next post:

    AdwCleaner Log

    Fixlog.txt Log

    Question: How is the machine running?
  • [/list]

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 mrbara

mrbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 21 June 2014 - 12:42 PM

ADWCLEANER LOG: 

 

# AdwCleaner v3.212 - Rapporto creato 21/06/2014 in 19:17:53

# Aggiornato 05/06/2014 di Xplode
# Sistema operativo : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Nome utente : Matteo - PC-MATTEO
# In esecuzione da : C:\Users\Matteo\Desktop\AdwCleaner.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
Cartella Eliminato : C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Browser ] *****
 
-\\ Internet Explorer v9.0.8112.16555
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8482 octets] - [21/06/2014 10:01:11]
AdwCleaner[R1].txt - [8707 octets] - [21/06/2014 10:02:42]
AdwCleaner[R2].txt - [1099 octets] - [21/06/2014 19:15:58]
AdwCleaner[R3].txt - [1159 octets] - [21/06/2014 19:17:06]
AdwCleaner[S0].txt - [8665 octets] - [21/06/2014 10:07:28]
AdwCleaner[S1].txt - [1080 octets] - [21/06/2014 19:17:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1140 octets] ##########
 
 
FIXLOG:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-06-2014 01
Ran by Matteo at 2014-06-21 19:32:13 Run:2
Running from C:\Users\Matteo\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
Hosts: Hosts file not detected in the default directory
C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
S2 64af91bf; C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [186192 2014-06-20] () [File not signed]
C:\ProgramData\Fast And Safe
AppInit_DLLs: c:\progra~2\fastan~1\fastan~1.dll => C:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-06-20] ()
End
*****************
 
Hosts was reset successfully.
"C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd" => File/Directory not found.
64af91bf => Service deleted successfully.
C:\ProgramData\Fast And Safe => Moved successfully.
"c:\progra~2\fastan~1\fastan~1.dll" => Value Data removed successfully.
 
==== End of Fixlog ====
 
 
 


#11 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 21 June 2014 - 03:36 PM

Please let me know how the machine is running. Let's continue. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • Answer to my question

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#12 mrbara

mrbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 22 June 2014 - 05:05 AM

MBAM LOG:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 22/06/2014
Scan Time: 0.58.40
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.21.10
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Matteo
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261839
Time Elapsed: 12 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b50a4a30bac1ce68d4c34afc9171b64a], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b50a4a30bac1ce68d4c34afc9171b64a], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\Pl-usHD, Quarantined, [bb04e199a0dbb87eb4503e75679b758b], 
PUP.Optional.MPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MPlayerplus_01, Quarantined, [efd065157803e1551ea4446a09f94ab6], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Pl-usHD, Quarantined, [5768c2b8f883c274d72b6b487e843ac6], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [02bd90eac4b7cc6a944e4b9bc043c13f], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-273196513-1318440332-801156109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Pl-usHD, Quarantined, [12ad5723ee8d290d7d85d8db62a020e0], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Pl-usHD, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
 
Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Quarantined, [02bd90eac4b7cc6a944e4b9bc043c13f]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0, Quarantined, [3c831d5d34477cba4b7799fc808204fc], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
 
Files: 39
PUP.Optional.Amonetize.A, C:\Users\Matteo\Downloads\dubstep Krewella Live For The Night__3818_il8332057.exe, Quarantined, [a31c7109ed8e5fd7a4ba0435e81860a0], 
PUP.Optional.Amonetize.A, C:\Users\Matteo\Downloads\Krewella Live For The Night komerciya ebuchaya__3818_il8331137 (1).exe, Quarantined, [c8f777031368d660a2bc85b40df3cf31], 
PUP.Optional.Amonetize.A, C:\Users\Matteo\Downloads\Krewella Live For The Night komerciya ebuchaya__3818_il8331137.exe, Quarantined, [46798af07efd42f437273efb2cd48b75], 
PUP.Optional.DomaIQ, C:\Users\Matteo\Downloads\Player Setup (1).exe, Quarantined, [2699136785f63cfa341d790cea17946c], 
PUP.Optional.DomaIQ, C:\Users\Matteo\Downloads\Player Setup (2).exe, Quarantined, [dce34634a6d562d40a77a49ef10fd52b], 
PUP.Optional.DomaIQ, C:\Users\Matteo\Downloads\Player Setup.exe, Quarantined, [615ec1b9c8b3ee486fe2e79e20e1d729], 
PUP.Optional.OutBrowse, C:\Users\Matteo\Downloads\setup.exe, Quarantined, [823d90ea314acf67977a008917eab24e], 
PUP.Optional.Amonetize.A, C:\Users\Matteo\Downloads\Krewella Live For The Night Novinka Iyul 2013__3818_il8331889.exe, Quarantined, [a8178ceef18add592935e851fd03758b], 
PUP.Optional.Somoto, C:\Users\Matteo\Downloads\VLCMediaPlayerSetup-9KeM5i8.exe, Quarantined, [11ae93e7a5d660d6b991ccd9de267c84], 
PUP.Optional.Amonetize.A, C:\Users\Matteo\Downloads\Krewella Live For The Night__3818_il8332011.exe, Quarantined, [546b85f5463543f31a44e9509c64b64a], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage, Quarantined, [6f5099e1dba05adc1300873538ca2dd3], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage-journal, Quarantined, [625d2951f685a096ef249d1fff03966a], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\7, Quarantined, [3c831d5d34477cba4b7799fc808204fc], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\7-journal, Quarantined, [3c831d5d34477cba4b7799fc808204fc], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000148.ldb, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000150.ldb, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000174.ldb, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000201.ldb, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000217.log, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.CrossRider.A, C:\Users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000215, Quarantined, [c2fd94e6473413234985f4a158aa21df], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\53170.xpi, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\background.html, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\bgNova.html, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-2.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-4.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\dba1c78b-b3c1-43aa-9baa-6d258490dccb-5.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Pl-usHD-bg.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Pl-usHD-bho.dll, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Pl-usHD-codedownloader.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Pl-usHD-nova.dll, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Pl-usHD-nova.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Pl-usHD-novainstaller.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Pl-usHD.ico, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\Uninstall.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
PUP.Optional.PlusHD.A, C:\Program Files\Pl-usHD\utils.exe, Quarantined, [3b847dfd512a63d31e3b247860a210f0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET SCAN LOG:
 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
 
 
SECURITY CHECK LOG:
 
 Results of screen317's Security Check version 0.99.85  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java™ 6 Update 38  
 Java 7 Update 11  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.136  
 Adobe Reader 10.1.5 Adobe Reader out of Date!  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
ANSWER:
 
Now advertising doesn't open more and when I surf on internet or I work on my pc, no window opens. So all ok for the moment.


#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 22 June 2014 - 07:31 AM

Now advertising doesn't open more and when I surf on internet or I work on my pc, no window opens. So all ok for the moment.


That's what I wanted to hear. :thumbsup: The MBAM log shows the remainders have all been quarantined, and the ESET log found no threats. Which brings me to my next point..


Great news, your logs are CLEAN! :thumbsup: :) I see no signs of infection in the last logs you posted, but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware
installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Program Updates and Installation of FileHippo


Your current version of Java is out of date. However, before updating it, please read the information below.


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.
Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 2: Install Unchecky, tips and Information


Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Tips and Information


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 mrbara

mrbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 22 June 2014 - 12:18 PM

ok perfect. I have a question: can i uninstall all tools that i used for clean my pc (MBAM, MICROSOFTFIX, DELFIX and their log)?

 

DELFIX LOG:

 

  # DelFix v10.7 - Logfile created 22/06/2014 at 18:19:31

# Updated 27/04/2014 by Xplode
# Username : Matteo - PC-MATTEO
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Matteo\Desktop\FRST-OlderVersion
Deleted : C:\Users\Matteo\Desktop\Addition.txt
Deleted : C:\Users\Matteo\Desktop\AdwCleaner.exe
Deleted : C:\Users\Matteo\Desktop\AdwCleaner[R0].txt
Deleted : C:\Users\Matteo\Desktop\aswmbr.exe
Deleted : C:\Users\Matteo\Desktop\dds.com
Deleted : C:\Users\Matteo\Desktop\dds.txt
Deleted : C:\Users\Matteo\Desktop\Fixlog.txt
Deleted : C:\Users\Matteo\Desktop\FRST.exe
Deleted : C:\Users\Matteo\Desktop\FRST.txt
Deleted : C:\Users\Matteo\Desktop\FRST1.txt
Deleted : C:\Users\Matteo\Desktop\JRT.exe
Deleted : C:\Users\Matteo\Desktop\JRT.txt
Deleted : C:\Users\Matteo\Desktop\SecurityCheck.exe
Deleted : C:\Users\Matteo\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
########## - EOF - ##########


#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 22 June 2014 - 12:47 PM

ok perfect. I have a question: can i uninstall all tools that i used for clean my pc (MBAM, MICROSOFTFIX, DELFIX and their log)?


I recommend keeping MBAM on your machine, it's a great defense against malware. I use it on my own machine. Make sure you update it and run a scan at least once a week. :thumbsup:

You can remove Delfix and the Microsoft Fixit we used to get rid of the Sidebar issue. :)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users