Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer and pop-ups


  • This topic is locked This topic is locked
56 replies to this topic

#1 TeckMike95

TeckMike95

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 20 July 2014 - 08:30 AM

hello everyone,

i have a problem,
when surf the Internet, some web-pages appear without I open them; moreover my computer is become slow.

 

I noticed there is a " programme " (it is called TrustedInstaller) Google Chrome and Internet Explorer give the total control to.

However I didn' t " delete its power " over IE and Google Chrome, but, does this " programme " have the control over other programmes ?

 

I suppose this isn' t the only "virus" and that there are other virus in my computer. Can anyone help me? Thanks.


Edited by TeckMike95, 20 July 2014 - 08:31 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:34 AM

Posted 21 July 2014 - 09:22 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 22 July 2014 - 10:37 AM

Well, there is a problem. Now i' m busy and i can' t repond to you. However, i won' t " touch" my computer.

You can close temporarily this topic. I' ll send a message to you when i am free.



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:34 AM

Posted 22 July 2014 - 11:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 AM

Posted 04 September 2014 - 12:11 PM

This topic has been re-opened at the request of the person who originally posted.

#6 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 06 September 2014 - 02:38 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014
Ran by Giacomo (administrator) on PC-GIACOMO on 06-09-2014 21:29:54
Running from C:\Users\Giacomo\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Google Update] => C:\Users\Giacomo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-09] (Google Inc.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [uTorrent] => C:\Users\Giacomo\Desktop\uTorrent-3-2-1-28086.exe [963984 2012-10-14] (BitTorrent, Inc.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [935936 2013-07-19] (Seekar Ltd)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [TU] => C:\Users\Giacomo\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe [133536 2012-10-28] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [DataMgr] => C:\Users\Giacomo\AppData\Roaming\DataMgr\DataMgr.exe [168264 2012-10-22] (HTTO Group, Ltd.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [SSync] => C:\Users\Giacomo\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [OMESupervisor] => C:\Users\Giacomo\AppData\Local\omesuperv.exe [2239264 2013-12-24] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [SCheck] => C:\Users\Giacomo\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Snoozer] => C:\Users\Giacomo\AppData\Roaming\Snz\Snz.exe [1209625 2013-12-24] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Intermediate] => C:\Users\Giacomo\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Giacomo\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-04] (Smartbar)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe [235936 2008-10-05] (Adobe Systems, Inc.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {0db7f736-4ee1-11e2-ba5f-001f16c6b45d} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {0db7f742-4ee1-11e2-ba5f-001e101f305f} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {5c802290-5802-11e2-818b-001e101f1ed9} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {64a8539c-4956-11e2-9362-001f16c6b45d} - G:\Autorun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {9340c8f6-616a-11e2-a95d-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {e1ac0d47-11fc-11e2-a2c0-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {e1ac0e25-11fc-11e2-a2c0-001f16c6b45d} - F:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
Startup: C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:56847
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfit204fbdgy11
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQRdUL7XDuu8V1v2FgNDH7lGide9d6U-5iXP2n-Rkjla1bQ462DAR_QNj52W8XFkch16Nasu0jNLgq_QVl3Hi6IGTnMBz88rKw6OIomc5gQxDCwGqNci2YmR8jD_VyoOOXly7Esv0PhDI1PGMkwSjpK&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQRdUL7XDuu8V1v2FgNDH7lGide9d6U-5iXP2n-Rkjla1bQ462DAR_QNj52W8XFkch16Nasu0jNLgq_QVl3Hi6IGTnMBz88rKw6OIomc5gQxDCwGqNci2YmR8jD_VyoOOXly7Esv0PhDI1PGMkwSjpK&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=E05F0C60761C5BA3&affID=121962&tsp=4991
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
URLSearchHook: HKLM - (No Name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} -  No File
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=TJ&userid=53114090-7f44-4dd9-b5bc-a28dfdc3eb8c&searchtype=ds&q={searchTerms}&installDate=13/05/2013
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQRdUL7XDuu8V1v2FgNDH7lGide9d6U-5iXP2n-Rkjla1bQ462DAR_QNj52W8XFkch16Nasu0jNLgq_QVl3Hi6IGTnMBz88rKw6OIomc5gQxDCwGqNci2YmR8jD_VyoOOXly7Esv0PhDI1PGMkwSjpK&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
BHO: HDvid-Codec V9.0 -> {11111111-1111-1111-1111-110511131156} -> C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-bho.dll (installdaddy)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: No Name -> {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} ->  No File
BHO: FBDownloader -> {553318DA-D010-469E-84B1-496563CAE1BF} -> C:\Users\Giacomo\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Guida per l'accesso a Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 198.211.120.70 8.8.8.8
Tcpip\..\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5B116E61-A613-4523-9038-A3E3DA53DD45}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5C6F68B7-99CB-4C6F-BF2E-92FC32990A82}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BBD93735-715C-42A8-B81E-97BD4A6B2288}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{CBBA25DB-E9C4-4203-A54C-AD8776F416D3}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-09]
FF HKLM\...\Firefox\Extensions: [emoticoons-toolbar@emoticoons.com] - C:\Users\Public\Documents\Emoticoons\emoticoons-toolbar@emoticoons.com
FF Extension: Findeer - C:\Users\Public\Documents\Emoticoons\emoticoons-toolbar@emoticoons.com [2012-10-16]
FF HKLM\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Giacomo\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Extension: SpeedAnalysis.com - C:\Users\Giacomo\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-02-28]
FF HKCU\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Giacomo\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com

Chrome:
=======
CHR StartupUrls: Profile 1 -> "https://www.google.it/"
CHR CustomProfile: C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon [2013-02-28]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2013-03-29]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh [2014-03-18]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-01-19]
CHR CustomProfile: C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Documenti Google) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Ricerca Google) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh [2014-09-06]
CHR Extension: (Google Wallet) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Giacomo\AppData\Local\funmoods.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Giacomo\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Giacomo\AppData\Local\funmoods-speeddial_sf.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Giacomo\AppData\Local\funmoods.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Giacomo\AppData\Local\funmoods-speeddial_sf.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [nchpfiddbhbdnagofhkjlaiaejmkdcla] - C:\Users\Giacomo\AppData\Local\Temp\nchpfiddbhbdnagofhkjlaiaejmkdcla.crx [2012-11-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-12-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S2 OfferBox update service; C:\Program Files\OfferBox\OfferBoxUpdateService.exe [336704 2013-06-20] (Aedge Performance BCN SL)
S2 ServUpdater; C:\Users\Giacomo\AppData\Local\ServUpdater\ServiceUpd.exe [156160 2011-12-16] (ServiceUpd) [File not signed]
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
S2 SoftwareUpd; C:\Users\Giacomo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [161280 2013-01-25] (SoftwareUpdService) [File not signed]
S2 Update PacFunction; C:\Program Files\PacFunction\updatePacFunction.exe [348960 2014-03-17] ()
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-18] (Cherished Technololgy LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2012-12-18] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 qsdhjjqz; \??\C:\Windows\system32\drivers\qsdhjjqz.sys [X]
S1 uhgovgwo; \??\C:\Windows\system32\drivers\uhgovgwo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 21:29 - 2014-09-06 21:30 - 00025739 _____ () C:\Users\Giacomo\Desktop\FRST.txt
2014-09-06 21:29 - 2014-09-06 21:29 - 00000000 ____D () C:\Users\Giacomo\Desktop\Problema
2014-09-06 21:28 - 2014-09-06 21:29 - 01096704 _____ (Farbar) C:\Users\Giacomo\Desktop\FRST.exe
2014-09-06 20:57 - 2014-09-06 20:57 - 00000644 _____ () C:\Users\Giacomo\Desktop\Nuovo documento di testo.txt
2014-09-06 20:52 - 2014-09-06 21:23 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2014-09-06 20:52 - 2014-09-06 20:52 - 00000000 ____D () C:\ProgramData\log
2014-09-06 20:51 - 2014-09-06 20:51 - 00135896 _____ () C:\Windows\Minidump\Mini090614-01.dmp
2014-09-06 18:26 - 2014-09-06 18:29 - 00033189 _____ () C:\Users\Giacomo\Downloads\Addition.txt
2014-09-06 18:25 - 2014-09-06 18:29 - 00028835 _____ () C:\Users\Giacomo\Downloads\FRST.txt
2014-09-06 18:09 - 2014-09-06 21:29 - 00000000 ____D () C:\FRST
2014-09-03 10:54 - 2014-09-03 10:54 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Oracle
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\Windows\Sun
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-03 10:45 - 2014-09-03 10:45 - 00000000 ____D () C:\Program Files\Java
2014-09-03 10:25 - 2014-09-03 15:57 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\.minecraft
2014-09-03 10:25 - 2014-09-03 10:37 - 00000000 ____D () C:\Users\Giacomo\Desktop\Minecraft
2014-09-03 10:25 - 2014-07-24 22:27 - 00369758 _____ () C:\Users\Giacomo\Desktop\Minecraft.jar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 06:12 - 2014-03-24 10:39 - 00000000 ____D () C:\Users\Giacomo\Desktop\MUSICA MACCHINA
2014-09-07 06:12 - 2014-03-18 23:44 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-07 06:12 - 2014-01-11 14:45 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Snz
2014-09-07 06:12 - 2013-11-17 13:24 - 00000000 ____D () C:\Users\Giacomo\Downloads\After.Earth.2013.iTALiAN.MD.720p.WEB-DL.x264-TrTd_TeaM
2014-09-07 06:12 - 2013-06-28 16:34 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\OfferBox
2014-09-07 06:12 - 2013-05-19 15:36 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\player
2014-09-07 06:12 - 2013-05-19 15:27 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\BabSolution
2014-09-07 06:12 - 2013-04-01 19:57 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\SCheck
2014-09-07 06:12 - 2013-03-26 16:57 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Intermediate
2014-09-07 06:12 - 2013-03-14 17:51 - 00000000 ____D () C:\Users\Giacomo\Downloads\Sherlock Holmes
2014-09-07 06:12 - 2013-02-28 17:33 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\File Scout
2014-09-07 06:12 - 2012-12-31 00:45 - 00000000 ____D () C:\Users\Giacomo\Desktop\NDS
2014-09-07 06:12 - 2012-12-19 00:44 - 00000000 ____D () C:\Users\Giacomo\Documents\SimCity Societies
2014-09-07 06:12 - 2012-12-18 22:27 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\SoftDMA
2014-09-07 06:12 - 2012-11-28 19:37 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
2014-09-07 06:12 - 2012-10-22 12:42 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\vlc
2014-09-07 06:12 - 2012-10-09 21:48 - 00000000 ____D () C:\Users\Public\Documents\Acer
2014-09-07 06:12 - 2012-10-09 17:52 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 06:12 - 2012-10-09 17:42 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\PowerCinema
2014-09-07 06:12 - 2012-10-09 17:40 - 00000000 ____D () C:\Users\Giacomo
2014-09-07 06:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-07 06:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-07 06:12 - 2006-11-02 12:22 - 36438016 _____ () C:\Windows\system32\config\software_previous
2014-09-07 06:12 - 2006-11-02 12:22 - 27000832 _____ () C:\Windows\system32\config\system_previous
2014-09-07 06:11 - 2014-03-18 23:41 - 00000000 ____D () C:\Program Files\PacFunction
2014-09-07 06:11 - 2014-03-18 23:39 - 00000000 ____D () C:\Program Files\HDvid-Codec V9.0
2014-09-07 06:11 - 2014-03-18 23:38 - 00000000 ____D () C:\Program Files\hdvidcodec.com
2014-09-07 06:11 - 2014-03-11 15:13 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\LPT
2014-09-07 06:11 - 2013-05-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
2014-09-07 06:11 - 2013-05-19 15:30 - 00000000 ____D () C:\Program Files\Desk 365
2014-09-07 06:11 - 2013-02-09 23:43 - 00000000 ____D () C:\Program Files\Machinarium
2014-09-07 06:11 - 2013-01-05 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imperivm - Le Grandi Bataglie di Roma
2014-09-07 06:11 - 2013-01-05 23:41 - 00000000 ____D () C:\Program Files\Imperivm - Le Grandi Bataglie di Roma
2014-09-07 06:11 - 2012-12-27 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-09-07 06:11 - 2012-12-27 23:10 - 00000000 ____D () C:\Program Files\Mobile Partner
2014-09-07 06:11 - 2012-12-18 22:27 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\PlayMovie
2014-09-07 06:11 - 2012-11-28 19:37 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\fbDownloader
2014-09-07 06:11 - 2012-11-26 18:49 - 00000000 ____D () C:\ProgramData\SweetIM
2014-09-07 06:11 - 2012-10-22 12:41 - 00000000 ____D () C:\Program Files\Iminent
2014-09-07 06:11 - 2012-10-16 18:12 - 00000000 ____D () C:\Program Files\OfferBox
2014-09-07 06:11 - 2012-10-16 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
2014-09-07 06:11 - 2012-10-16 18:04 - 00000000 ____D () C:\Program Files\Ares
2014-09-07 06:11 - 2012-10-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPcCleaner
2014-09-07 06:11 - 2012-10-16 13:02 - 00000000 ____D () C:\Program Files\MyPcCleaner
2014-09-07 06:11 - 2012-10-14 10:43 - 00000000 ____D () C:\Program Files\uTorrent
2014-09-07 06:11 - 2012-10-09 22:05 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-07 06:11 - 2009-02-25 03:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 06:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-09-07 06:08 - 2013-11-17 13:11 - 00000000 ____D () C:\Users\Giacomo\Desktop\Film
2014-09-07 06:08 - 2013-02-23 23:10 - 00000000 ____D () C:\Users\Giacomo\Desktop\MUSICA
2014-09-07 06:08 - 2012-12-18 21:10 - 00000000 ____D () C:\Users\Giacomo\Desktop\PS1
2014-09-07 06:07 - 2013-05-13 10:47 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\Smartbar
2014-09-07 06:05 - 2013-05-19 15:36 - 00000000 ____D () C:\Program Files\Tuguu SL
2014-09-07 06:05 - 2012-11-26 18:49 - 00000000 ____D () C:\Program Files\SweetIM
2014-09-07 05:59 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\components_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-09-06 21:30 - 2014-09-06 21:29 - 00025739 _____ () C:\Users\Giacomo\Desktop\FRST.txt
2014-09-06 21:29 - 2014-09-06 21:29 - 00000000 ____D () C:\Users\Giacomo\Desktop\Problema
2014-09-06 21:29 - 2014-09-06 21:28 - 01096704 _____ (Farbar) C:\Users\Giacomo\Desktop\FRST.exe
2014-09-06 21:29 - 2014-09-06 18:09 - 00000000 ____D () C:\FRST
2014-09-06 21:26 - 2012-10-09 12:29 - 02077434 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 21:24 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-06 21:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 21:23 - 2014-09-06 20:52 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2014-09-06 21:23 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 21:23 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 21:10 - 2012-10-14 10:42 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\uTorrent
2014-09-06 21:08 - 2014-03-18 23:45 - 00001758 _____ () C:\Users\Giacomo\Desktop\Sync Folder.lnk
2014-09-06 21:08 - 2014-03-18 23:44 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-09-06 21:08 - 2012-10-22 12:41 - 00000000 ____D () C:\Users\Giacomo\Tracing
2014-09-06 21:08 - 2012-10-10 17:39 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Skype
2014-09-06 21:08 - 2009-02-25 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-06 21:07 - 2014-03-18 23:40 - 00003104 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00002402 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00001528 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00001472 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00001362 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
2014-09-06 20:57 - 2014-09-06 20:57 - 00000644 _____ () C:\Users\Giacomo\Desktop\Nuovo documento di testo.txt
2014-09-06 20:52 - 2014-09-06 20:52 - 00000000 ____D () C:\ProgramData\log
2014-09-06 20:52 - 2012-12-27 23:08 - 00000000 ____D () C:\ProgramData\DatacardService
2014-09-06 20:51 - 2014-09-06 20:51 - 00135896 _____ () C:\Windows\Minidump\Mini090614-01.dmp
2014-09-06 20:51 - 2012-11-02 20:06 - 154722936 _____ () C:\Windows\MEMORY.DMP
2014-09-06 20:51 - 2012-11-02 20:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 18:29 - 2014-09-06 18:26 - 00033189 _____ () C:\Users\Giacomo\Downloads\Addition.txt
2014-09-06 18:29 - 2014-09-06 18:25 - 00028835 _____ () C:\Users\Giacomo\Downloads\FRST.txt
2014-09-06 17:16 - 2012-10-09 18:09 - 00007836 _____ () C:\Users\Giacomo\AppData\Local\d3d9caps.dat
2014-09-03 15:57 - 2014-09-03 10:25 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\.minecraft
2014-09-03 10:54 - 2014-09-03 10:54 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Oracle
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\Windows\Sun
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-03 10:45 - 2014-09-03 10:45 - 00000000 ____D () C:\Program Files\Java
2014-09-03 10:37 - 2014-09-03 10:25 - 00000000 ____D () C:\Users\Giacomo\Desktop\Minecraft
2014-09-03 08:45 - 2008-01-21 04:47 - 00088532 _____ () C:\Windows\PFRO.log
2014-09-02 22:00 - 2013-07-13 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-02 14:32 - 2012-11-28 19:37 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\DataMgr

Some content of TEMP:
====================
C:\Users\Giacomo\AppData\Local\Temp\77053uninstall.exe
C:\Users\Giacomo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\chatzum_aff50_nt_s.exe
C:\Users\Giacomo\AppData\Local\Temp\crt2379.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Giacomo\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Giacomo\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Giacomo\AppData\Local\Temp\fft6C0C.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\iet8046.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\InnoSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\Installer.exe
C:\Users\Giacomo\AppData\Local\Temp\MyPcCleanerSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\OB.exe
C:\Users\Giacomo\AppData\Local\Temp\OfferBoxSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Giacomo\AppData\Local\Temp\SetupEmoticoons.exe
C:\Users\Giacomo\AppData\Local\Temp\Shortcut_sweetimsetup.exe
C:\Users\Giacomo\AppData\Local\Temp\Shortcut_WinRARSDM.exe
C:\Users\Giacomo\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Giacomo\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Giacomo\AppData\Local\Temp\tbedrs.dll
C:\Users\Giacomo\AppData\Local\Temp\TB_3FC2.exe
C:\Users\Giacomo\AppData\Local\Temp\uninst1.exe
C:\Users\Giacomo\AppData\Local\Temp\update.exe
C:\Users\Giacomo\AppData\Local\Temp\utt6E2F.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\utt8718.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\utt97E4.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Giacomo\AppData\Local\Temp\wajam_install.exe
C:\Users\Giacomo\AppData\Local\Temp\WhiteLabelSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\{BFB39A76-E6AC-47BE-BAF6-B1700C4BC74E}-33.0.1750.146_chrome_installer.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-06 18:30

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2014
Ran by Giacomo at 2014-09-06 21:30:42
Running from C:\Users\Giacomo\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Out of date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Reader 9 - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated\0)
Ares 2.2.5 (HKLM\...\Ares) (Version: 2.2.5-Build#3049 - Seekar Ltd)
Assistente per l'accesso a Windows Live (HKLM\...\{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}) (Version: 5.000.818.6 - Microsoft Corporation)
ATI Catalyst Install Manager (HKLM\...\{502D4628-92AD-416A-0580-00D64320DBB7}) (Version: 3.0.728.0 - ATI Technologies, Inc.)
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.6 - Oberon Media, Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0602.2224.38408 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0602.2224.38408 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0602.2224.38408 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0602.2224.38408 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0602.2224.38408 - ATI) Hidden
Catalyst Control Center Localization All (Version: 2009.0602.2224.38408 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Czech (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Danish (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Dutch (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help English (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Finnish (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help French (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help German (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Greek (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Italian (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Japanese (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Korean (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Polish (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Russian (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Spanish (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Swedish (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Thai (Version: 2009.0602.2223.38408 - ATI) Hidden
CCC Help Turkish (Version: 2009.0602.2223.38408 - ATI) Hidden
ccc-core-static (Version: 2009.0602.2224.38408 - Nome società) Hidden
ccc-utility (Version: 2009.0602.2224.38408 - ATI) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
fbDownloader (HKCU\...\fbDownloader) (Version: 1.0.0.0 - HTTO Group, Ltd.)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.2.53 - Conexant Systems)
HDVidCodec (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com)
HDvid-Codec V9.0 (HKLM\...\HDvid-Codec V9.0) (Version: 1.34.3.6 - installdaddy) <==== ATTENTION
Imperivm - Le Grandi Bataglie di Roma (HKLM\...\Imperivm - Le Grandi Bataglie di Roma) (Version:  - FX Interactive)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
Machinarium (HKLM\...\Machinarium) (Version: 11.10.09 - Amanita Design, s.r.o.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (Italian) (HKLM\...\{95120000-00AF-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{34A08914-7A33-4040-A959-1577BF5AFF8A}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.003.25.06.51 - Huawei Technologies Co.,Ltd)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
MyPcCleaner versione 1.0 (HKLM\...\{635E8116-E451-4E27-BF28-AD11C489D28E}_is1) (Version: 1.0 - MyPcCleaner.net)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
OfferBox (HKLM\...\OfferBox) (Version: 8.1.6045.468 - Aedge Performance BCN SL) <==== ATTENTION
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
PacFunction (HKLM\...\PacFunction) (Version: 2014.03.17.214508 - PacFunction) <==== ATTENTION
Raccolta foto di Windows Live (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
SimCity™ Societies (HKLM\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts)
Skins (Version: 2009.0602.2224.38408 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snap.Do (HKLM\...\{F4F6F37C-8D19-4DAD-BF7B-0953133FD43F}) (Version: 11.20.1.15636 - ReSoft Ltd.) <==== ATTENTION
Strumento di caricamento di Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks bundle uninstaller (HKLM\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
VAFPlayer (HKLM\...\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}) (Version: 1.6.8 - Tuguu SL) <==== ATTENTION
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{290F0D57-2D8C-4A17-8230-F12263173812}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WPM17.8.0.3442 (HKLM\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Giacomo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Giacomo\AppData\Local\Google\Chrome\Application\35.0.1916.153\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4091645661-1459223416-1861246005-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\psuser.dll (Google Inc.)

==================== Restore Points  =========================

17-06-2014 15:43:24 Removed SimCity™ Societies
17-06-2014 15:49:59 Quitado VAFPlayer
17-06-2014 15:51:53 Removed Internet Explorer Toolbar 4.6 by SweetPacks
17-06-2014 16:11:03 Windows Update
18-06-2014 06:33:12 Windows Update
19-06-2014 13:09:13 Windows Update
20-06-2014 19:06:02 Windows Update
11-07-2014 14:57:35 Windows Update
11-07-2014 15:21:18 Windows Update
11-07-2014 17:53:40 Windows Update
12-07-2014 19:28:15 Windows Update
13-07-2014 10:31:09 Windows Update
15-07-2014 07:14:32 Windows Update
20-07-2014 09:42:17 Removed Snap.Do
20-07-2014 09:43:46 Removed Snap.Do
20-07-2014 10:07:51 Windows Update
20-07-2014 10:29:39 Removed Skype Click to Call
20-07-2014 10:30:11 Removed Skype Click to Call
20-07-2014 10:31:05 Removed Skype Click to Call
20-07-2014 10:44:47 Removed SweetIM for Messenger 3.7
20-07-2014 10:46:08 Removed SweetPacks bundle uninstaller
20-07-2014 10:49:17 Removed SweetPacks bundle uninstaller
20-07-2014 10:49:36 Removed SweetPacks bundle uninstaller
20-07-2014 10:50:45 Removed Update Manager for SweetPacks 1.1
20-07-2014 14:33:06 Windows Update
02-09-2014 13:13:13 Windows Update
02-09-2014 19:58:54 Windows Update
03-09-2014 08:44:07 Installed Java 7 Update 67
06-09-2014 15:36:30 Removed SimCity™ Societies
06-09-2014 15:48:35 Removed SimCity™ Societies

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17203E36-7B36-48EE-B5D1-84C0603A6101} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer)
Task: {1A4C6AF8-65EF-4876-8659-74ED8DF47F27} - System32\Tasks\HDvid-Codec V9.0-updater => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F7AE11A-5D6A-451A-BC38-7B939048605E} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: {23276746-0E7A-4E8E-80A3-8C7102961EE2} - System32\Tasks\HDvid-Codec V9.0-codedownloader => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {65AA3E2C-92B1-445F-9C7E-6EA2E1420E88} - System32\Tasks\HDvid-Codec V9.0-chromeinstaller => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {A0DCE2AC-0CB1-4749-AB69-B85E6A4D4B54} - System32\Tasks\HDvid-Codec V9.0-firefoxinstaller => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A7F6093E-76DB-48C4-8B8D-1A03EB93E1B9} - System32\Tasks\HDvid-Codec V9.0-enabler => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {B9EA00B2-47EF-4416-92B3-E6AE8B2E92B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4091645661-1459223416-1861246005-1000UA => C:\Users\Giacomo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {DCA4A667-907D-4A25-B7C6-66EC09659B7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4091645661-1459223416-1861246005-1000Core => C:\Users\Giacomo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091645661-1459223416-1861246005-1000Core.job => C:\Users\Giacomo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091645661-1459223416-1861246005-1000UA.job => C:\Users\Giacomo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-updater.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2014 09:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 09:26:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha generato l'errore chrome.exe, versione 35.0.1916.153, timestamp 0x538fb354, modulo che ha generato l'errore chrome.dll, versione 35.0.1916.153, timestamp 0x538fb051, codice eccezione 0x80000003, offset errore 0x00485166,
ID processo 0x198, data e ora di avvio dell'applicazione 0xchrome.exe0.

Error: (09/06/2014 09:25:54 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/06/2014 09:24:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificato richiesto non rientra nel suo periodo di validità se verificato rispetto all'ora corrente del sistema o al timestamp sul file firmato.

Error: (09/06/2014 09:09:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha generato l'errore chrome.exe, versione 35.0.1916.153, timestamp 0x538fb354, modulo che ha generato l'errore chrome.dll, versione 35.0.1916.153, timestamp 0x538fb051, codice eccezione 0x80000003, offset errore 0x00485166,
ID processo 0xa0, data e ora di avvio dell'applicazione 0xchrome.exe0.

Error: (09/06/2014 09:09:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha generato l'errore chrome.exe, versione 35.0.1916.153, timestamp 0x538fb354, modulo che ha generato l'errore chrome.dll, versione 35.0.1916.153, timestamp 0x538fb051, codice eccezione 0x80000003, offset errore 0x00485166,
ID processo 0x11f4, data e ora di avvio dell'applicazione 0xchrome.exe0.

Error: (09/06/2014 09:08:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha generato l'errore chrome.exe, versione 35.0.1916.153, timestamp 0x538fb354, modulo che ha generato l'errore chrome.dll, versione 35.0.1916.153, timestamp 0x538fb051, codice eccezione 0x80000003, offset errore 0x00485166,
ID processo 0xefc, data e ora di avvio dell'applicazione 0xchrome.exe0.

Error: (09/06/2014 09:08:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha generato l'errore chrome.exe, versione 35.0.1916.153, timestamp 0x538fb354, modulo che ha generato l'errore chrome.dll, versione 35.0.1916.153, timestamp 0x538fb051, codice eccezione 0x80000003, offset errore 0x00485166,
ID processo 0x1184, data e ora di avvio dell'applicazione 0xchrome.exe0.

Error: (09/06/2014 09:00:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 08:56:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (06/15/2013 08:48:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Precedente arresto del sistema inatteso a 20.46.59 su 15/06/2013.

Error: (06/15/2013 08:33:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 104.0.0.0

 Origine aggiornamento: %NT AUTHORITY51

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SERVIZIO DI RETE

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/15/2013 08:33:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 1.151.1712.0

 Origine aggiornamento: %NT AUTHORITY51

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SERVIZIO DI RETE

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/15/2013 08:33:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 1.151.1712.0

 Origine aggiornamento: %NT AUTHORITY51

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SERVIZIO DI RETE

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/15/2013 08:33:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 1.151.1712.0

 Origine aggiornamento: %NT AUTHORITY59

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SYSTEM

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/14/2013 08:56:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 104.0.0.0

 Origine aggiornamento: %NT AUTHORITY51

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SERVIZIO DI RETE

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/14/2013 08:56:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 1.151.1712.0

 Origine aggiornamento: %NT AUTHORITY51

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SERVIZIO DI RETE

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/14/2013 08:56:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 1.151.1712.0

 Origine aggiornamento: %NT AUTHORITY51

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SERVIZIO DI RETE

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/14/2013 08:56:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 1.151.1712.0

 Origine aggiornamento: %NT AUTHORITY59

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SYSTEM

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Error: (06/14/2013 00:52:27 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 ha rilevato un errore durante il tentativo di aggiornamento delle firme.

 Versione nuova firma:

 Versione firma precedente: 104.0.0.0

 Origine aggiornamento: %NT AUTHORITY51

 Fase aggiornamento: 4.2.0223.00

 Percorso aggiornamento: 4.2.0223.01

 Tipo firma: %NT AUTHORITY602

 Tipo aggiornamento: %NT AUTHORITY604

 Utente: NT AUTHORITY\SERVIZIO DI RETE

 Versione motore corrente: %NT AUTHORITY605

 Versione motore precedente: %NT AUTHORITY606

 Codice errore: %NT AUTHORITY607

 Descrizione errore: %NT AUTHORITY608

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-06 20:56:29.025
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 20:56:28.931
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 20:56:28.791
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 20:56:28.651
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 18:26:22.002
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 18:26:21.908
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 18:26:21.815
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 18:26:21.721
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 18:26:21.565
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-09-06 18:26:21.472
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 26%
Total physical RAM: 3065.99 MB
Available physical RAM: 2267.37 MB
Total Pagefile: 6334.26 MB
Available Pagefile: 5709.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.88 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:253.35 GB) (Free:181.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:34.97 GB) (Free:34.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9ABD0411)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=253.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=35 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:34 AM

Posted 06 September 2014 - 05:11 PM

Hi,
I think you hit a record ... I never made such a long fixlist in my life ... lol

 
Part I: Warnings
 
 

 

  • Warning I: P2P Warning

 
IMPORTANT I see, you have one or more P2P (Peer to Peer) programs installed.

1.) You have following P2P program installed: uTorrent, Ares
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:

4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

 

 
Part II: Uninstalls

 
 

We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":
 

  • fbDownloader
  • ffdshow v1.2.4422
  • HDvid-Codec V9.0
  • Internet Explorer Toolbar 4.6 by SweetPacks
  • MyPC Backup
  • MyPcCleaner versione 1.0
  • OfferBox
  • PacFunction
  • Snap.Do
  • SweetIM for Messenger 3.7
  • SweetPacks bundle uninstaller
  • Update Manager for SweetPacks 1.1
  • VAFPlayer
  • WPM17.8.0.3442


Additional instructions can be found here if needed.
 

 
Part III: Action
 

 

Step 1: FRST Fix
 
We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Step 2: Adwarecleaner
 
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here:C:\AdwCleaner\
 
Step 3: Junkware Removal Tool

 
thisisujrt.gifPlease download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 
Step 4: FRST Scan

  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

 
Part IV: Logs request
 

 
 
For the next time I need to see following logs:-

  • FRST Log
  • Junkware Removal Tool log
  • Adwarecleaner Log
  • FRST fixlog

Please also tell me how your computer is running currently. If you have any issues please tell me which.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 08 September 2014 - 03:16 AM

Hi
 
Really ? Is The loglist the most long you have ever seen ? Is the computer so infected ? asd 
 
Anyway the computer is not mine, but it is of my brother. He' s older than me but he don' t know absolutely how to use a PC. lol
I know all the risk running P2P programmes and installing any programmes, and I could know these risks here in Bleeping Computer.  
 
 
However:
I didn' t manage to unistall:
 
MyPcCleaner versione 1.0
 
The computer states me that there are not the files anymore, and the PC doesn' t allow me to unistall it.
 
The other programmes was unistalled correctly. Moreover i unistalled the P2P programmes; Ares and UTorrent
 
 
Before continuing i need to tell you that probably my HDD was infected as i moved some photos and videos here.
Infact i scanned my HDD with Avira and MBAM with another computer and they have detected some virus. Here the logs:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data scansione: 03/09/2014
Ora scansione: 20:49:36
File di log: VIRUS.txt
Amministratore: Si
 
Versione: 2.00.2.1012
Database malware: v2014.08.25.05
Database rootkit: v2014.08.21.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata
 
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Michele
 
Tipo di scansione: Scansione personalizzata
Risultati: Completata
Elementi analizzati: 398844
Tempo impiegato: 5 min, 51 sec
 
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata
 
Processi: 0
(No malicious items detected)
 
Moduli: 0
(No malicious items detected)
 
Chiavi di registro: 0
(No malicious items detected)
 
Valori di registro: 0
(No malicious items detected)
 
Dati di registro: 0
(No malicious items detected)
 
Cartelle: 0
(No malicious items detected)
 
File: 5
PUP.Optional.OpenCandy, G:\Cartelle personali\Cartella di Giacomo\Immagini e Video\DTLite4451-0236.exe, , [b910b5156219a393661fdb2947bee020], 
PUP.FakeFlash.Domaiq, G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\FlashPlayer_V.142671816c.exe, , [d6f34387fc7f91a5108680738b75fe02], 
PUP.FakeFlash.Domaiq, G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\FlashPlayer_V.142673288c.exe, , [59709d2d215adb5baaecee05a25ecd33], 
PUP.Optional.Softonic, G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\SoftonicDownloader_per_ares.exe, , [359428a2d0abf046ee3d68a9926f8d73], 
PUP.Optional.Softonic, G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\SoftonicDownloader_per_winrar.exe, , [7f4a309a57249a9c989332df02ff9f61], 
 
Settori fisici: 0
(No malicious items detected)
 
 
(end)
 
 
 
Tipo: File
Fonte: G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\Mika_-_Stardust_Feat_Chiara.mp3.exe
Stato: Infetta
Oggetto in quarantena: 514dccf0.qua
Ripristinato: NO
Upload effettuato in Avira: NO
Sistema operativo: Windows XP/VISTA Workstation/Windows 7
Motore di ricerca: 8.03.24.20
File di definizione dei virus: 8.11.170.136
Rilevamento: TR/Kazy.324119.8
Data/Ora: 03/09/2014, 20:43
 
 
Tipo: File
Fonte: G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\GoPlayer.exe
Stato: Infetta
Oggetto in quarantena: 7d97f647.qua
Ripristinato: NO
Upload effettuato in Avira: NO
Sistema operativo: Windows XP/VISTA Workstation/Windows 7
Motore di ricerca: 8.03.24.20
File di definizione dei virus: 8.11.170.136
Rilevamento: ADWARE/Adware.Gen2
Data/Ora: 03/09/2014, 20:43
 
 
Tipo: File
Fonte: G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\Mika_-_Stardust_Feat_Chiara.mp3 (1).exe
Stato: Infetta
Oggetto in quarantena: 1b85b9bf.qua
Ripristinato: NO
Upload effettuato in Avira: NO
Sistema operativo: Windows XP/VISTA Workstation/Windows 7
Motore di ricerca: 8.03.24.20
File di definizione dei virus: 8.11.170.136
Rilevamento: TR/Kazy.324119.8
Data/Ora: 03/09/2014, 20:43
 
 
Tipo: File
Fonte: G:\Cartelle personali\Cartella di Giacomo\Musica\MUSICA MACCHINA\Mika_-_Stardust_Feat_Chiara.mp3 (2).exe
Stato: Infetta
Oggetto in quarantena: 49dae357.qua
Ripristinato: NO
Upload effettuato in Avira: NO
Sistema operativo: Windows XP/VISTA Workstation/Windows 7
Motore di ricerca: 8.03.24.20
File di definizione dei virus: 8.11.170.136
Rilevamento: TR/Kazy.324119.8
Data/Ora: 03/09/2014, 20:43

Edited by TeckMike95, 08 September 2014 - 03:20 AM.


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:34 AM

Posted 08 September 2014 - 05:20 AM

Hi,

 

MyPcCleaner versione 1.0

 
The computer states me that there are not the files anymore, and the PC doesn' t allow me to unistall it.

Ok, forget this for now, proceed with the other steps.

 

I will look at your system when we are finished with cleaning this system. And yes, I never made such a long fixlist in my life, the PC is heavily infected with Adware and I believe with some really nasty Malware. But let us wait until you completed the steps. ;)


Edited by Machiavelli, 08 September 2014 - 05:20 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 08 September 2014 - 10:14 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Giacomo (administrator) on PC-GIACOMO on 08-09-2014 17:08:36
Running from C:\Users\Giacomo\Desktop\Problema
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Realtek Semiconductor Corp.) C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [uTorrent] => C:\Users\Giacomo\Desktop\uTorrent-3-2-1-28086.exe [963984 2012-10-14] (BitTorrent, Inc.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ares] => "C:\Program Files\Ares\Ares.exe" -h
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Guida per l'accesso a Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 198.211.120.70 8.8.8.8
Tcpip\..\Interfaces\{5B116E61-A613-4523-9038-A3E3DA53DD45}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-09]
FF HKLM\...\Firefox\Extensions: [emoticoons-toolbar@emoticoons.com] - C:\Users\Public\Documents\Emoticoons\emoticoons-toolbar@emoticoons.com
FF Extension: Findeer - C:\Users\Public\Documents\Emoticoons\emoticoons-toolbar@emoticoons.com [2012-10-16]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "https://www.google.it/"
CHR CustomProfile: C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default
CHR CustomProfile: C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Documenti Google) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Ricerca Google) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2012-12-18] () [File not signed]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:59 - 2014-09-08 16:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 16:50 - 2014-09-08 16:51 - 00000000 ____D () C:\AdwCleaner
2014-09-08 16:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-08 16:46 - 2014-09-08 16:46 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\PowerCinema
2014-09-08 10:05 - 2014-09-08 16:54 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\uTorrent
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\IO.SYS
2014-09-06 21:29 - 2014-09-08 17:08 - 00000000 ____D () C:\Users\Giacomo\Desktop\Problema
2014-09-06 20:52 - 2014-09-08 09:18 - 00000000 ____D () C:\ProgramData\log
2014-09-06 20:51 - 2014-09-06 20:51 - 00135896 _____ () C:\Windows\Minidump\Mini090614-01.dmp
2014-09-06 18:26 - 2014-09-06 18:29 - 00033189 _____ () C:\Users\Giacomo\Downloads\Addition.txt
2014-09-06 18:25 - 2014-09-06 18:29 - 00028835 _____ () C:\Users\Giacomo\Downloads\FRST.txt
2014-09-06 18:09 - 2014-09-08 17:08 - 00000000 ____D () C:\FRST
2014-09-03 10:54 - 2014-09-03 10:54 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Oracle
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\Windows\Sun
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-03 10:45 - 2014-09-03 10:45 - 00000000 ____D () C:\Program Files\Java
2014-09-03 10:25 - 2014-09-03 15:57 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\.minecraft
2014-09-03 10:25 - 2014-09-03 10:37 - 00000000 ____D () C:\Users\Giacomo\Desktop\Minecraft
2014-09-03 10:25 - 2014-07-24 22:27 - 00369758 _____ () C:\Users\Giacomo\Desktop\Minecraft.jar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 17:08 - 2014-09-06 21:29 - 00000000 ____D () C:\Users\Giacomo\Desktop\Problema
2014-09-08 17:08 - 2014-09-06 18:09 - 00000000 ____D () C:\FRST
2014-09-08 17:00 - 2012-10-09 12:29 - 01138622 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 16:59 - 2014-09-08 16:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 16:54 - 2014-09-08 10:05 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\uTorrent
2014-09-08 16:53 - 2008-01-21 04:47 - 00256518 _____ () C:\Windows\PFRO.log
2014-09-08 16:53 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 16:53 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:53 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:52 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-08 16:51 - 2014-09-08 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-08 16:51 - 2012-10-09 17:42 - 00000929 _____ () C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 16:46 - 2014-09-08 16:46 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\PowerCinema
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\IO.SYS
2014-09-08 09:51 - 2012-10-09 22:21 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-08 09:50 - 2012-12-27 23:08 - 00000000 ____D () C:\ProgramData\DatacardService
2014-09-08 09:49 - 2012-10-10 17:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-08 09:48 - 2012-10-09 17:42 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\Google
2014-09-08 09:36 - 2009-02-25 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-08 09:36 - 2009-02-25 03:27 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-08 09:33 - 2012-10-10 17:39 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Skype
2014-09-08 09:25 - 2012-10-16 18:04 - 00000000 ____D () C:\Program Files\Ares
2014-09-08 09:21 - 2012-10-22 12:41 - 00000000 ____D () C:\Users\Giacomo\Tracing
2014-09-08 09:18 - 2014-09-06 20:52 - 00000000 ____D () C:\ProgramData\log
2014-09-07 06:12 - 2014-03-24 10:39 - 00000000 ____D () C:\Users\Giacomo\Desktop\MUSICA MACCHINA
2014-09-07 06:12 - 2012-12-31 00:45 - 00000000 ____D () C:\Users\Giacomo\Desktop\NDS
2014-09-07 06:12 - 2012-12-19 00:44 - 00000000 ____D () C:\Users\Giacomo\Documents\SimCity Societies
2014-09-07 06:12 - 2012-10-09 21:48 - 00000000 ____D () C:\Users\Public\Documents\Acer
2014-09-07 06:12 - 2012-10-09 17:40 - 00000000 ____D () C:\Users\Giacomo
2014-09-07 06:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-07 06:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-07 06:12 - 2006-11-02 12:22 - 36438016 _____ () C:\Windows\system32\config\software_previous
2014-09-07 06:12 - 2006-11-02 12:22 - 27000832 _____ () C:\Windows\system32\config\system_previous
2014-09-07 06:11 - 2009-02-25 03:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 06:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-09-07 06:08 - 2013-11-17 13:11 - 00000000 ____D () C:\Users\Giacomo\Desktop\Film
2014-09-07 06:08 - 2013-02-23 23:10 - 00000000 ____D () C:\Users\Giacomo\Desktop\MUSICA
2014-09-07 06:08 - 2012-12-18 21:10 - 00000000 ____D () C:\Users\Giacomo\Desktop\PS1
2014-09-07 05:59 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\components_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-09-06 20:51 - 2014-09-06 20:51 - 00135896 _____ () C:\Windows\Minidump\Mini090614-01.dmp
2014-09-06 20:51 - 2012-11-02 20:06 - 154722936 _____ () C:\Windows\MEMORY.DMP
2014-09-06 20:51 - 2012-11-02 20:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 18:29 - 2014-09-06 18:26 - 00033189 _____ () C:\Users\Giacomo\Downloads\Addition.txt
2014-09-06 18:29 - 2014-09-06 18:25 - 00028835 _____ () C:\Users\Giacomo\Downloads\FRST.txt
2014-09-06 17:16 - 2012-10-09 18:09 - 00007836 _____ () C:\Users\Giacomo\AppData\Local\d3d9caps.dat
2014-09-03 15:57 - 2014-09-03 10:25 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\.minecraft
2014-09-03 10:54 - 2014-09-03 10:54 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Oracle
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\Windows\Sun
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-03 10:45 - 2014-09-03 10:45 - 00000000 ____D () C:\Program Files\Java
2014-09-03 10:37 - 2014-09-03 10:25 - 00000000 ____D () C:\Users\Giacomo\Desktop\Minecraft
2014-09-02 22:00 - 2013-07-13 03:05 - 00000000 ____D () C:\Windows\system32\MRT

Some content of TEMP:
====================
C:\Users\Giacomo\AppData\Local\Temp\Quarantine.exe
C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-08 17:01

==================== End Of Log ============================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Giacomo at 2014-09-08 16:34:46 Run:1
Running from C:\Users\Giacomo\Desktop\Problema
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [TU] => C:\Users\Giacomo\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe [133536 2012-10-28] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [DataMgr] => C:\Users\Giacomo\AppData\Roaming\DataMgr\DataMgr.exe [168264 2012-10-22] (HTTO Group, Ltd.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [SSync] => C:\Users\Giacomo\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [OMESupervisor] => C:\Users\Giacomo\AppData\Local\omesuperv.exe [2239264 2013-12-24] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [SCheck] => C:\Users\Giacomo\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Snoozer] => C:\Users\Giacomo\AppData\Roaming\Snz\Snz.exe [1209625 2013-12-24] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Intermediate] => C:\Users\Giacomo\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Giacomo\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-04] (Smartbar)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {0db7f736-4ee1-11e2-ba5f-001f16c6b45d} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {0db7f742-4ee1-11e2-ba5f-001e101f305f} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {5c802290-5802-11e2-818b-001e101f1ed9} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {64a8539c-4956-11e2-9362-001f16c6b45d} - G:\Autorun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {9340c8f6-616a-11e2-a95d-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {e1ac0d47-11fc-11e2-a2c0-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: {e1ac0e25-11fc-11e2-a2c0-001f16c6b45d} - F:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
Startup: C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ProxyServer: http=127.0.0.1:56847
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfit204fbdgy11
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQRdUL7XDuu8V1v2FgNDH7lGide9d6U-5iXP2n-Rkjla1bQ462DAR_QNj52W8XFkch16Nasu0jNLgq_QVl3Hi6IGTnMBz88rKw6OIomc5gQxDCwGqNci2YmR8jD_VyoOOXly7Esv0PhDI1PGMkwSjpK&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQRdUL7XDuu8V1v2FgNDH7lGide9d6U-5iXP2n-Rkjla1bQ462DAR_QNj52W8XFkch16Nasu0jNLgq_QVl3Hi6IGTnMBz88rKw6OIomc5gQxDCwGqNci2YmR8jD_VyoOOXly7Esv0PhDI1PGMkwSjpK&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=E05F0C60761C5BA3&affID=121962&tsp=4991
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
URLSearchHook: HKLM - (No Name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} -  No File
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=TJ&userid=53114090-7f44-4dd9-b5bc-a28dfdc3eb8c&searchtype=ds&q={searchTerms}&installDate=13/05/2013
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQRdUL7XDuu8V1v2FgNDH7lGide9d6U-5iXP2n-Rkjla1bQ462DAR_QNj52W8XFkch16Nasu0jNLgq_QVl3Hi6IGTnMBz88rKw6OIomc5gQxDCwGqNci2YmR8jD_VyoOOXly7Esv0PhDI1PGMkwSjpK&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1395178955&from=ild&uid=WDCXWD3200BEVT-22ZCT0_WD-WXB0A69J6249J6249&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
BHO: HDvid-Codec V9.0 -> {11111111-1111-1111-1111-110511131156} -> C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-bho.dll (installdaddy)
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: No Name -> {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} ->  No File
BHO: FBDownloader -> {553318DA-D010-469E-84B1-496563CAE1BF} -> C:\Users\Giacomo\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon [2013-02-28]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2013-03-29]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh [2014-03-18]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-15]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-01-19]
CHR Extension: (No Name) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh [2014-09-06]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Giacomo\AppData\Local\funmoods.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Giacomo\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Giacomo\AppData\Local\funmoods-speeddial_sf.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-11-28]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Giacomo\AppData\Local\funmoods.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Giacomo\AppData\Local\funmoods-speeddial_sf.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2012-11-28]
CHR HKCU\...\Chrome\Extension: [nchpfiddbhbdnagofhkjlaiaejmkdcla] - C:\Users\Giacomo\AppData\Local\Temp\nchpfiddbhbdnagofhkjlaiaejmkdcla.crx [2012-11-28]
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S2 OfferBox update service; C:\Program Files\OfferBox\OfferBoxUpdateService.exe [336704 2013-06-20] (Aedge Performance BCN SL)
S2 ServUpdater; C:\Users\Giacomo\AppData\Local\ServUpdater\ServiceUpd.exe [156160 2011-12-16] (ServiceUpd) [File not signed]
S2 SoftwareUpd; C:\Users\Giacomo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [161280 2013-01-25] (SoftwareUpdService) [File not signed]
S2 Update PacFunction; C:\Program Files\PacFunction\updatePacFunction.exe [348960 2014-03-17] ()
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-18] (Cherished Technololgy LIMITED) [File not signed]
S1 qsdhjjqz; \??\C:\Windows\system32\drivers\qsdhjjqz.sys [X]
S1 uhgovgwo; \??\C:\Windows\system32\drivers\uhgovgwo.sys [X]
2014-09-07 06:12 - 2014-03-18 23:44 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-07 06:12 - 2014-01-11 14:45 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Snz
2014-09-07 06:12 - 2013-11-17 13:24 - 00000000 ____D () C:\Users\Giacomo\Downloads\After.Earth.2013.iTALiAN.MD.720p.WEB-DL.x264-TrTd_TeaM
2014-09-07 06:12 - 2013-06-28 16:34 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\OfferBox
2014-09-07 06:12 - 2013-05-19 15:36 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\player
2014-09-07 06:12 - 2013-05-19 15:27 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\BabSolution
2014-09-07 06:12 - 2013-04-01 19:57 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\SCheck
2014-09-07 06:12 - 2013-03-26 16:57 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Intermediate
2014-09-07 06:12 - 2013-03-14 17:51 - 00000000 ____D () C:\Users\Giacomo\Downloads\Sherlock Holmes
2014-09-07 06:12 - 2013-02-28 17:33 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\File Scout
2014-09-07 06:12 - 2012-12-18 22:27 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\SoftDMA
2014-09-07 06:12 - 2012-11-28 19:37 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
2014-09-07 06:12 - 2012-10-22 12:42 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\vlc
2014-09-07 06:12 - 2012-10-09 17:42 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\PowerCinema
2014-09-07 06:11 - 2014-03-18 23:41 - 00000000 ____D () C:\Program Files\PacFunction
2014-09-07 06:11 - 2014-03-18 23:39 - 00000000 ____D () C:\Program Files\HDvid-Codec V9.0
2014-09-07 06:11 - 2014-03-18 23:38 - 00000000 ____D () C:\Program Files\hdvidcodec.com
2014-09-07 06:11 - 2014-03-11 15:13 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\LPT
2014-09-07 06:11 - 2013-05-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
2014-09-07 06:11 - 2013-05-19 15:30 - 00000000 ____D () C:\Program Files\Desk 365
2014-09-07 06:11 - 2013-02-09 23:43 - 00000000 ____D () C:\Program Files\Machinarium
2014-09-07 06:11 - 2012-12-27 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-09-07 06:11 - 2012-12-27 23:10 - 00000000 ____D () C:\Program Files\Mobile Partner
2014-09-07 06:11 - 2012-12-18 22:27 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\PlayMovie
2014-09-07 06:11 - 2012-11-28 19:37 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\fbDownloader
2014-09-07 06:11 - 2012-11-26 18:49 - 00000000 ____D () C:\ProgramData\SweetIM
2014-09-07 06:11 - 2012-10-22 12:41 - 00000000 ____D () C:\Program Files\Iminent
2014-09-07 06:11 - 2012-10-16 18:12 - 00000000 ____D () C:\Program Files\OfferBox
2014-09-07 06:11 - 2012-10-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPcCleaner
2014-09-07 06:11 - 2012-10-16 13:02 - 00000000 ____D () C:\Program Files\MyPcCleaner
2014-09-07 06:07 - 2013-05-13 10:47 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\Smartbar
2014-09-07 06:05 - 2013-05-19 15:36 - 00000000 ____D () C:\Program Files\Tuguu SL
2014-09-07 06:05 - 2012-11-26 18:49 - 00000000 ____D () C:\Program Files\SweetIM
2014-09-06 21:23 - 2014-09-06 20:52 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2014-09-06 21:08 - 2014-03-18 23:44 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-09-06 21:07 - 2014-03-18 23:40 - 00003104 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00002402 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00001528 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00001472 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
2014-09-06 21:07 - 2014-03-18 23:40 - 00001362 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
2014-09-02 14:32 - 2012-11-28 19:37 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\DataMgr
C:\Users\Giacomo\AppData\Local\Temp\77053uninstall.exe
C:\Users\Giacomo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\chatzum_aff50_nt_s.exe
C:\Users\Giacomo\AppData\Local\Temp\crt2379.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Giacomo\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Giacomo\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Giacomo\AppData\Local\Temp\fft6C0C.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\iet8046.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\InnoSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\Installer.exe
C:\Users\Giacomo\AppData\Local\Temp\MyPcCleanerSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\OB.exe
C:\Users\Giacomo\AppData\Local\Temp\OfferBoxSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Giacomo\AppData\Local\Temp\SetupEmoticoons.exe
C:\Users\Giacomo\AppData\Local\Temp\Shortcut_sweetimsetup.exe
C:\Users\Giacomo\AppData\Local\Temp\Shortcut_WinRARSDM.exe
C:\Users\Giacomo\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Giacomo\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Giacomo\AppData\Local\Temp\tbedrs.dll
C:\Users\Giacomo\AppData\Local\Temp\TB_3FC2.exe
C:\Users\Giacomo\AppData\Local\Temp\uninst1.exe
C:\Users\Giacomo\AppData\Local\Temp\update.exe
C:\Users\Giacomo\AppData\Local\Temp\utt6E2F.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\utt8718.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\utt97E4.tmp.exe
C:\Users\Giacomo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Giacomo\AppData\Local\Temp\wajam_install.exe
C:\Users\Giacomo\AppData\Local\Temp\WhiteLabelSetup.exe
C:\Users\Giacomo\AppData\Local\Temp\{BFB39A76-E6AC-47BE-BAF6-B1700C4BC74E}-33.0.1750.146_chrome_installer.exe
Task: {1A4C6AF8-65EF-4876-8659-74ED8DF47F27} - System32\Tasks\HDvid-Codec V9.0-updater => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F7AE11A-5D6A-451A-BC38-7B939048605E} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: {23276746-0E7A-4E8E-80A3-8C7102961EE2} - System32\Tasks\HDvid-Codec V9.0-codedownloader => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {65AA3E2C-92B1-445F-9C7E-6EA2E1420E88} - System32\Tasks\HDvid-Codec V9.0-chromeinstaller => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {A0DCE2AC-0CB1-4749-AB69-B85E6A4D4B54} - System32\Tasks\HDvid-Codec V9.0-firefoxinstaller => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: {A7F6093E-76DB-48C4-8B8D-1A03EB93E1B9} - System32\Tasks\HDvid-Codec V9.0-enabler => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe [2014-03-18] (installdaddy) <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid-Codec V9.0-updater.job => C:\Program Files\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe <==== ATTENTION
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator => Value not found.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TU => value deleted successfully.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DataMgr => value deleted successfully.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SSync => value deleted successfully.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OMESupervisor => value deleted successfully.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck => value deleted successfully.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Snoozer => value deleted successfully.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Intermediate => value deleted successfully.
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => Value not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4091645661-1459223416-1861246005-1000" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4091645661-1459223416-1861246005-1000" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0db7f736-4ee1-11e2-ba5f-001f16c6b45d}" => Key deleted successfully.
"HKCR\CLSID\{0db7f736-4ee1-11e2-ba5f-001f16c6b45d}" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0db7f742-4ee1-11e2-ba5f-001e101f305f}" => Key deleted successfully.
"HKCR\CLSID\{0db7f742-4ee1-11e2-ba5f-001e101f305f}" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c802290-5802-11e2-818b-001e101f1ed9}" => Key deleted successfully.
"HKCR\CLSID\{5c802290-5802-11e2-818b-001e101f1ed9}" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64a8539c-4956-11e2-9362-001f16c6b45d}" => Key deleted successfully.
"HKCR\CLSID\{64a8539c-4956-11e2-9362-001f16c6b45d}" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9340c8f6-616a-11e2-a95d-001e101f3315}" => Key deleted successfully.
"HKCR\CLSID\{9340c8f6-616a-11e2-a95d-001e101f3315}" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ac0d47-11fc-11e2-a2c0-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{e1ac0d47-11fc-11e2-a2c0-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ac0e25-11fc-11e2-a2c0-001f16c6b45d}" => Key deleted successfully.
"HKCR\CLSID\{e1ac0e25-11fc-11e2-a2c0-001f16c6b45d}" => Key not found.
"C:\PROGRA~1\SupTab\SEARCH~1.DLL" => Value Data removed successfully.
C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files\MyPC Backup\MyPC Backup.exe not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} => value deleted successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131156}" => Key not found.
"HKCR\CLSID\{11111111-1111-1111-1111-110511131156}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}" => Key deleted successfully.
"HKCR\CLSID\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}" => Key deleted successfully.
"HKCR\CLSID\{553318DA-D010-469E-84B1-496563CAE1BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}" => Key deleted successfully.
"HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.
"HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} => value deleted successfully.
"HKCR\CLSID\{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} => value deleted successfully.
"HKCR\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully.
"HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Moved successfully.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon => Moved successfully.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj => Moved successfully.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk => Moved successfully.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh directory not found.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn => Moved successfully.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl directory not found.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Moved successfully.
C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" => Key deleted successfully.
C:\Users\Giacomo\AppData\Local\funmoods.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon" => Key deleted successfully.
C:\Users\Giacomo\AppData\Roaming\SpeedanAlysis\speedanalysis.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj" => Key deleted successfully.
C:\Users\Giacomo\AppData\Local\funmoods-speeddial_sf.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn" => Key deleted successfully.
"C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key not found.
"C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => Key deleted successfully.
"C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => Key deleted successfully.
"C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh" => Key deleted successfully.
"C:\Users\Giacomo\AppData\Local\funmoods.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj" => Key deleted successfully.
"C:\Users\Giacomo\AppData\Local\funmoods-speeddial_sf.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk" => Key deleted successfully.
"C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla" => Key deleted successfully.
"C:\Users\Giacomo\AppData\Local\Temp\nchpfiddbhbdnagofhkjlaiaejmkdcla.crx" => File/Directory not found.
BackupStack => Service not found.
IePluginService => Service stopped successfully.
IePluginService => Service deleted successfully.
OfferBox update service => Service not found.
ServUpdater => Service deleted successfully.
SoftwareUpd => Service deleted successfully.
Update PacFunction => Service not found.
Wpm => Service not found.
qsdhjjqz => Service deleted successfully.
uhgovgwo => Service deleted successfully.
"C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup" => File/Directory not found.
C:\Users\Giacomo\AppData\Roaming\Snz => Moved successfully.
C:\Users\Giacomo\Downloads\After.Earth.2013.iTALiAN.MD.720p.WEB-DL.x264-TrTd_TeaM => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\OfferBox => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\player => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\BabSolution => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\SCheck => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\Intermediate => Moved successfully.
C:\Users\Giacomo\Downloads\Sherlock Holmes => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\File Scout => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\SoftDMA => Moved successfully.
"C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader" => File/Directory not found.
C:\Users\Giacomo\AppData\Roaming\vlc => Moved successfully.

"C:\Users\Giacomo\AppData\Roaming\PowerCinema" directory move:

C:\Users\Giacomo\AppData\Roaming\PowerCinema\MovieSetting.ini => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\Setting.ini => Moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\ShareSetting.ini => Moved successfully.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_ALBUMART.db" => Scheduled to move on reboot.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_INFO.db" => Scheduled to move on reboot.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_LARGE.db" => Scheduled to move on reboot.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_MEDIUM.db" => Scheduled to move on reboot.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_MINI.db" => Scheduled to move on reboot.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_SMALL.db" => Scheduled to move on reboot.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_VSCENE.db" => Scheduled to move on reboot.
Could not move "C:\Users\Giacomo\AppData\Roaming\PowerCinema" directory. => Scheduled to move on reboot.

"C:\Program Files\PacFunction" => File/Directory not found.
"C:\Program Files\HDvid-Codec V9.0" => File/Directory not found.
C:\Program Files\hdvidcodec.com => Moved successfully.
"C:\Users\Giacomo\AppData\Local\LPT" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer" => File/Directory not found.
C:\Program Files\Desk 365 => Moved successfully.
"C:\Program Files\Machinarium" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner => Moved successfully.
"C:\Program Files\Mobile Partner" => File/Directory not found.
C:\Users\Giacomo\AppData\Local\PlayMovie => Moved successfully.
"C:\Users\Giacomo\AppData\Local\fbDownloader" => File/Directory not found.
"C:\ProgramData\SweetIM" => File/Directory not found.
C:\Program Files\Iminent => Moved successfully.
"C:\Program Files\OfferBox" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPcCleaner => Moved successfully.
C:\Program Files\MyPcCleaner => Moved successfully.
C:\Users\Giacomo\AppData\Local\Smartbar => Moved successfully.
"C:\Program Files\Tuguu SL" => File/Directory not found.
"C:\Program Files\SweetIM" => File/Directory not found.
C:\ProgramData\OnlineUpdate => Moved successfully.
"C:\Program Files\MyPC Backup" => File/Directory not found.
"C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job" => File/Directory not found.
"C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job" => File/Directory not found.
"C:\Windows\Tasks\HDvid-Codec V9.0-updater.job" => File/Directory not found.
"C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job" => File/Directory not found.
"C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job" => File/Directory not found.
C:\Users\Giacomo\AppData\Roaming\DataMgr => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\77053uninstall.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\chatzum_aff50_nt_s.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\crt2379.tmp.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\dotNetFx40_Client_setup.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\drm_dialogs.dll => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\drm_dyndata_7330017.dll => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\fft6C0C.tmp.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\iet8046.tmp.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\InnoSetup.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\Installer.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\MyPcCleanerSetup.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\OB.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\OfferBoxSetup.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\SetupEmoticoons.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\Shortcut_sweetimsetup.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\Shortcut_WinRARSDM.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\SIMEEI2Installer.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\SIMEEIInstaller.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\TB_3FC2.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\update.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\utt6E2F.tmp.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\utt8718.tmp.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\utt97E4.tmp.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\wajam_install.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\WhiteLabelSetup.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\{BFB39A76-E6AC-47BE-BAF6-B1700C4BC74E}-33.0.1750.146_chrome_installer.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4C6AF8-65EF-4876-8659-74ED8DF47F27}" => Key not found.
C:\Windows\System32\Tasks\HDvid-Codec V9.0-updater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-updater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\TMM => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F7AE11A-5D6A-451A-BC38-7B939048605E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7AE11A-5D6A-451A-BC38-7B939048605E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23276746-0E7A-4E8E-80A3-8C7102961EE2}" => Key not found.
C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-codedownloader" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AA3E2C-92B1-445F-9C7E-6EA2E1420E88}" => Key not found.
C:\Windows\System32\Tasks\HDvid-Codec V9.0-chromeinstaller not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-chromeinstaller" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0DCE2AC-0CB1-4749-AB69-B85E6A4D4B54}" => Key not found.
C:\Windows\System32\Tasks\HDvid-Codec V9.0-firefoxinstaller not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-firefoxinstaller" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F6093E-76DB-48C4-8B8D-1A03EB93E1B9}" => Key not found.
C:\Windows\System32\Tasks\HDvid-Codec V9.0-enabler not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-enabler" => Key not found.
C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job not found.
C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job not found.
C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job not found.
C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job not found.
C:\Windows\Tasks\HDvid-Codec V9.0-updater.job not found.
EmptyTemp: => Removed 2.1 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-08 16:45:57)<=

C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_ALBUMART.db => Is moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_INFO.db => Is moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_LARGE.db => Is moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_MEDIUM.db => Is moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_MINI.db => Is moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_SMALL.db => Is moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema\CLML\CLDB_SUB_VSCENE.db => Is moved successfully.
C:\Users\Giacomo\AppData\Roaming\PowerCinema => Is moved successfully.

==== End of Fixlog ====

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Giacomo on 08/09/2014 at 17.00.02,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4091645661-1459223416-1861246005-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131156}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/09/2014 at 17.03.10,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v3.309 - Rapporto creato 08/09/2014 in 16:51:43
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Nome utente : Giacomo - PC-GIACOMO
# In esecuzione da : C:\Users\Giacomo\Desktop\Problema\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\apn
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\ProgramData\clsoft ltd
Cartella Eliminato : C:\ProgramData\IBUpdaterService
Cartella Eliminato : C:\ProgramData\IePluginService
Cartella Eliminato : C:\ProgramData\Tarma Installer
Cartella Eliminato : C:\ProgramData\WPM
Cartella Eliminato : C:\Program Files\ChatZum Toolbar
Cartella Eliminato : C:\Program Files\DAEMON Tools Toolbar
Cartella Eliminato : C:\Program Files\DomaIQ Uninstaller
Cartella Eliminato : C:\Program Files\SupTab
Cartella Eliminato : C:\Program Files\Common Files\337
Cartella Eliminato : C:\Users\Giacomo\AppData\Local\SoftwareUpdater
Cartella Eliminato : C:\Users\Giacomo\AppData\LocalLow\Claro LTD
Cartella Eliminato : C:\Users\Giacomo\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Giacomo\AppData\LocalLow\Funmoods
Cartella Eliminato : C:\Users\Giacomo\AppData\LocalLow\holasearch
Cartella Eliminato : C:\Users\Giacomo\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\Giacomo\AppData\LocalLow\SweetIM
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\Common\LuaRT
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\Desk 365
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\HMN
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\PerformerSoft
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\SDIV 2.0
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\SpeedanAlysis
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\SSync
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\SupTab
Cartella Eliminato : C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Eliminato : C:\chatzum_nt.exe
File Eliminato : C:\END
File Eliminato : C:\Windows\system32\roboot.exe
File Eliminato : C:\Users\Giacomo\AppData\Local\omesuperv.exe
File Eliminato : C:\Users\Giacomo\AppData\Roaming\speedanalysis.ico

***** [ Compiti ] *****

***** [ Collegamenti ] *****

Collegamento Disinfetatti : C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Collegamento Disinfetatti : C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Collegamento Disinfetatti : C:\Users\Giacomo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registro ] *****

Valore Eliminati : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Valore Eliminati : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Chiave Eliminati : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chiave Eliminati : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\FBDownloader.BHO
Chiave Eliminati : HKLM\SOFTWARE\Classes\FBDownloader.BHO.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto
Chiave Eliminati : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Chiave Eliminati : HKLM\SOFTWARE\Classes\iesmartbar.bho
Chiave Eliminati : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Chiave Eliminati : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Chiave Eliminati : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Chiave Eliminati : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Chiave Eliminati : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Chiave Eliminati : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminati : HKLM\SOFTWARE\Classes\speedupmypc
Chiave Eliminati : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Chiave Eliminati : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Chiave Eliminati : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive
Chiave Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chiave Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chiave Eliminati : HKCU\Software\e6db8fe73ebe15
Chiave Eliminati : HKLM\SOFTWARE\e6db8fe73ebe15
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{598B7D72-2C44-4351-BBC8-3DACE2A10CB6}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{05E242CB-338E-4A4F-A726-80BAB386D079}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{671F1846-80F2-4ED8-B183-A921E6A4D5D4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553318DA-D010-469E-84B1-496563CAE1BF}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chiave Eliminati : HKCU\Software\1ClickDownload
Chiave Eliminati : HKCU\Software\BABSOLUTION
Chiave Eliminati : HKCU\Software\ChatZum Toolbar
Chiave Eliminati : HKCU\Software\DataMngr
[#] Chiave Eliminati : HKCU\Software\DataMngr_Toolbar
Chiave Eliminati : HKCU\Software\filescout
Chiave Eliminati : HKCU\Software\Funmoods
Chiave Eliminati : HKCU\Software\Iminent
Chiave Eliminati : HKCU\Software\lollipop
Chiave Eliminati : HKCU\Software\Offerbox
Chiave Eliminati : HKCU\Software\OfferMosquito
Chiave Eliminati : HKCU\Software\performersoft llc
Chiave Eliminati : HKCU\Software\Protector
Chiave Eliminati : HKCU\Software\SmartBar
Chiave Eliminati : HKCU\Software\Softonic
Chiave Eliminati : HKCU\Software\SweetIM
Chiave Eliminati : HKCU\Software\V9
Chiave Eliminati : HKCU\Software\AppDataLow\Toolbar
Chiave Eliminati : HKCU\Software\AppDataLow\Software\Crossrider
Chiave Eliminati : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Eliminati : HKLM\SOFTWARE\awesomehpSoftware
Chiave Eliminati : HKLM\SOFTWARE\Babylon
Chiave Eliminati : HKLM\SOFTWARE\ChatZum Toolbar
Chiave Eliminati : HKLM\SOFTWARE\DataMngr
Chiave Eliminati : HKLM\SOFTWARE\Desksvc
Chiave Eliminati : HKLM\SOFTWARE\DomaIQ
Chiave Eliminati : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Chiave Eliminati : HKLM\SOFTWARE\eSafeSecControl
Chiave Eliminati : HKLM\SOFTWARE\hdcode
Chiave Eliminati : HKLM\SOFTWARE\IePlugin
Chiave Eliminati : HKLM\SOFTWARE\Iminent
Chiave Eliminati : HKLM\SOFTWARE\Offerbox
Chiave Eliminati : HKLM\SOFTWARE\SupTab
Chiave Eliminati : HKLM\SOFTWARE\supWPM
Chiave Eliminati : HKLM\SOFTWARE\SweetIM
Chiave Eliminati : HKLM\SOFTWARE\Tarma Installer
Chiave Eliminati : HKLM\SOFTWARE\Uniblue
Chiave Eliminati : HKLM\SOFTWARE\V9
Chiave Eliminati : HKLM\SOFTWARE\Wpm
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChatZum Toolbar
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lollipop
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6001.18639

Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [21770 octets] - [08/09/2014 16:50:09]
AdwCleaner[S0].txt - [20762 octets] - [08/09/2014 16:51:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20823 octets] ##########



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:34 AM

Posted 08 September 2014 - 02:01 PM

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
Please download aswMBR from one of the links below and save it to your Desktop.
 

Download Mirror #1

  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Next,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 09 September 2014 - 12:41 AM

Where is the fixfile ?



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:34 AM

Posted 09 September 2014 - 03:16 AM

I'm so sorry - forget to attach it. It is attached in this post now.

Attached Files


Edited by Machiavelli, 09 September 2014 - 03:16 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 10 September 2014 - 02:00 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Giacomo at 2014-09-09 17:13:41 Run:2
Running from C:\Users\Giacomo\Desktop\Problema
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [X]
C:\Users\Giacomo\AppData\Local\Temp\Quarantine.exe
C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe
EmptyTemp:
*****************

"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4091645661-1459223416-1861246005-1000" => Key not found.
"HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4091645661-1459223416-1861246005-1000" => Key not found.
"HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\Giacomo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll not found.
Mobile Partner. RunOuc => Service deleted successfully.
C:\Users\Giacomo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
EmptyTemp: => Removed 28.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-09 17:22:48
-----------------------------
17:22:48.037    OS Version: Windows 6.0.6001 Service Pack 1
17:22:48.037    Number of processors: 2 586 0x170A
17:22:48.037    ComputerName: PC-GIACOMO  UserName: Giacomo
17:23:05.790    Initialize success
17:23:05.821    VM: initialized successfully
17:23:05.836    VM: Intel CPU virtualization not supported
17:25:48.691    AVAST engine defs: 14090900
17:26:17.192    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:26:17.207    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
17:26:17.317    Disk 0 MBR read successfully
17:26:17.332    Disk 0 MBR scan
17:26:17.332    Disk 0 unknown MBR code
17:26:17.348    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
17:26:17.363    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       259432 MB offset 20482048
17:26:17.410    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        35810 MB offset 551798784
17:26:17.410    Disk 0 scanning sectors +625137664
17:26:17.488    Disk 0 scanning C:\Windows\system32\drivers
17:26:29.266    Service scanning
17:26:47.861    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:26:54.398    Modules scanning
17:26:58.173    Disk 0 trace - called modules:
17:26:58.220    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spfs.sys hal.dll >>UNKNOWN [0x858d7938]<<
17:26:58.235    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8599c968]
17:26:58.251    3 CLASSPNP.SYS[8aba6745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x859ab028]
17:26:59.577    AVAST engine scan C:\Windows
17:27:04.070    AVAST engine scan C:\Windows\system32
17:31:12.593    AVAST engine scan C:\Windows\system32\drivers
17:31:28.443    AVAST engine scan C:\Users\Giacomo
17:34:33.272    File: C:\Users\Giacomo\Desktop\MUSICA MACCHINA\GoPlayer.exe  **INFECTED** Win32:Adware-BEM [Adw]
17:34:55.065    AVAST engine scan C:\ProgramData
17:35:45.032    Scan finished successfully
17:42:18.557    Disk 0 MBR has been saved successfully to "C:\Users\Giacomo\Desktop\Problema\MBR.dat"
17:42:18.589    The log file has been saved successfully to "C:\Users\Giacomo\Desktop\Problema\aswMBR.txt"

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Giacomo (administrator) on PC-GIACOMO on 10-09-2014 08:55:48
Running from C:\Users\Giacomo\Desktop\Problema
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor Corp.) C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-11] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-05-13] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [uTorrent] => C:\Users\Giacomo\Desktop\uTorrent-3-2-1-28086.exe [963984 2012-10-14] (BitTorrent, Inc.)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ares] => "C:\Program Files\Ares\Ares.exe" -h
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-4091645661-1459223416-1861246005-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Guida per l'accesso a Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 198.211.120.70 8.8.8.8
Tcpip\..\Interfaces\{5B116E61-A613-4523-9038-A3E3DA53DD45}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-09]
FF HKLM\...\Firefox\Extensions: [emoticoons-toolbar@emoticoons.com] - C:\Users\Public\Documents\Emoticoons\emoticoons-toolbar@emoticoons.com
FF Extension: Findeer - C:\Users\Public\Documents\Emoticoons\emoticoons-toolbar@emoticoons.com [2012-10-16]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "https://www.google.it/"
CHR CustomProfile: C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Default
CHR CustomProfile: C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Documenti Google) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Ricerca Google) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Giacomo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2012-12-18] () [File not signed]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:59 - 2014-09-08 16:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 16:50 - 2014-09-08 16:51 - 00000000 ____D () C:\AdwCleaner
2014-09-08 16:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-08 16:46 - 2014-09-08 16:46 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\PowerCinema
2014-09-08 10:05 - 2014-09-10 08:47 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\uTorrent
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\IO.SYS
2014-09-06 21:29 - 2014-09-10 08:55 - 00000000 ____D () C:\Users\Giacomo\Desktop\Problema
2014-09-06 20:52 - 2014-09-08 09:18 - 00000000 ____D () C:\ProgramData\log
2014-09-06 20:51 - 2014-09-06 20:51 - 00135896 _____ () C:\Windows\Minidump\Mini090614-01.dmp
2014-09-06 18:26 - 2014-09-06 18:29 - 00033189 _____ () C:\Users\Giacomo\Downloads\Addition.txt
2014-09-06 18:25 - 2014-09-06 18:29 - 00028835 _____ () C:\Users\Giacomo\Downloads\FRST.txt
2014-09-06 18:09 - 2014-09-10 08:55 - 00000000 ____D () C:\FRST
2014-09-03 10:54 - 2014-09-03 10:54 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Oracle
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\Windows\Sun
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-03 10:45 - 2014-09-03 10:45 - 00000000 ____D () C:\Program Files\Java
2014-09-03 10:25 - 2014-09-03 15:57 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\.minecraft
2014-09-03 10:25 - 2014-09-03 10:37 - 00000000 ____D () C:\Users\Giacomo\Desktop\Minecraft
2014-09-03 10:25 - 2014-07-24 22:27 - 00369758 _____ () C:\Users\Giacomo\Desktop\Minecraft.jar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 08:55 - 2014-09-06 21:29 - 00000000 ____D () C:\Users\Giacomo\Desktop\Problema
2014-09-10 08:55 - 2014-09-06 18:09 - 00000000 ____D () C:\FRST
2014-09-10 08:53 - 2012-10-09 12:29 - 01275608 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 08:47 - 2014-09-08 10:05 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\uTorrent
2014-09-10 08:47 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 08:47 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 08:47 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 17:44 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 17:16 - 2008-01-21 04:47 - 00258156 _____ () C:\Windows\PFRO.log
2014-09-09 07:47 - 2013-07-13 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-09 07:47 - 2009-02-25 03:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-08 16:59 - 2014-09-08 16:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 16:51 - 2014-09-08 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-08 16:51 - 2013-03-26 16:56 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Common
2014-09-08 16:51 - 2012-10-09 17:42 - 00000929 _____ () C:\Users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 16:46 - 2014-09-08 16:46 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\PowerCinema
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-08 10:05 - 2014-09-08 10:05 - 00000000 __RSH () C:\IO.SYS
2014-09-08 09:51 - 2012-10-09 22:21 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-08 09:50 - 2012-12-27 23:08 - 00000000 ____D () C:\ProgramData\DatacardService
2014-09-08 09:49 - 2012-10-10 17:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-08 09:48 - 2012-10-09 17:42 - 00000000 ____D () C:\Users\Giacomo\AppData\Local\Google
2014-09-08 09:36 - 2009-02-25 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-08 09:36 - 2009-02-25 03:27 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-08 09:33 - 2012-10-10 17:39 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Skype
2014-09-08 09:25 - 2012-10-16 18:04 - 00000000 ____D () C:\Program Files\Ares
2014-09-08 09:21 - 2012-10-22 12:41 - 00000000 ____D () C:\Users\Giacomo\Tracing
2014-09-08 09:18 - 2014-09-06 20:52 - 00000000 ____D () C:\ProgramData\log
2014-09-07 06:12 - 2014-03-24 10:39 - 00000000 ____D () C:\Users\Giacomo\Desktop\MUSICA MACCHINA
2014-09-07 06:12 - 2012-12-31 00:45 - 00000000 ____D () C:\Users\Giacomo\Desktop\NDS
2014-09-07 06:12 - 2012-12-19 00:44 - 00000000 ____D () C:\Users\Giacomo\Documents\SimCity Societies
2014-09-07 06:12 - 2012-10-09 21:48 - 00000000 ____D () C:\Users\Public\Documents\Acer
2014-09-07 06:12 - 2012-10-09 17:40 - 00000000 ____D () C:\Users\Giacomo
2014-09-07 06:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-07 06:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-07 06:12 - 2006-11-02 12:22 - 36438016 _____ () C:\Windows\system32\config\software_previous
2014-09-07 06:12 - 2006-11-02 12:22 - 27000832 _____ () C:\Windows\system32\config\system_previous
2014-09-07 06:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-09-07 06:08 - 2013-11-17 13:11 - 00000000 ____D () C:\Users\Giacomo\Desktop\Film
2014-09-07 06:08 - 2013-02-23 23:10 - 00000000 ____D () C:\Users\Giacomo\Desktop\MUSICA
2014-09-07 06:08 - 2012-12-18 21:10 - 00000000 ____D () C:\Users\Giacomo\Desktop\PS1
2014-09-07 05:59 - 2006-11-02 12:22 - 39583744 _____ () C:\Windows\system32\config\components_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-07 05:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-09-06 20:51 - 2014-09-06 20:51 - 00135896 _____ () C:\Windows\Minidump\Mini090614-01.dmp
2014-09-06 20:51 - 2012-11-02 20:06 - 154722936 _____ () C:\Windows\MEMORY.DMP
2014-09-06 20:51 - 2012-11-02 20:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 18:29 - 2014-09-06 18:26 - 00033189 _____ () C:\Users\Giacomo\Downloads\Addition.txt
2014-09-06 18:29 - 2014-09-06 18:25 - 00028835 _____ () C:\Users\Giacomo\Downloads\FRST.txt
2014-09-06 17:16 - 2012-10-09 18:09 - 00007836 _____ () C:\Users\Giacomo\AppData\Local\d3d9caps.dat
2014-09-03 15:57 - 2014-09-03 10:25 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\.minecraft
2014-09-03 10:54 - 2014-09-03 10:54 - 00000000 ____D () C:\Users\Giacomo\AppData\Roaming\Oracle
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\Windows\Sun
2014-09-03 10:53 - 2014-09-03 10:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\ProgramData\Sun
2014-09-03 10:47 - 2014-09-03 10:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-03 10:45 - 2014-09-03 10:45 - 00000000 ____D () C:\Program Files\Java
2014-09-03 10:37 - 2014-09-03 10:25 - 00000000 ____D () C:\Users\Giacomo\Desktop\Minecraft
2014-08-25 06:53 - 2012-10-09 22:31 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Giacomo\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-10 08:52

==================== End Of Log ============================


Edited by TeckMike95, 10 September 2014 - 02:03 AM.


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:34 AM

Posted 10 September 2014 - 03:56 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users