Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Media Dashboard adware!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Simone Bruno

Simone Bruno

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 August 2014 - 08:31 AM

Hi everyone, 2 months ago i started hearing ads, music, even youtube videos from this strange thing in my mixer called "Media Dashboard". There was another user with my same problem (http://www.bleepingcomputer.com/forums/t/486037/media-dashboard-virus/), so i decided to write a new topic about this strange virus. 

This is the HijackThis log:
 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:30:28, on 06/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Users\Simone Bruno\AppData\Local\Akamai\netsession_win.exe
F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\Steam.exe
C:\Users\Simone Bruno\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\Simone Bruno\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\mmrtkrnl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Genius\Gila\mousehid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Genius\Gila\trayicon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Genius\Gila\OSD.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Simone Bruno\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Simone Bruno\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 101.44.1.108:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Gila] C:\Program Files (x86)\Genius\Gila\mousehid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Simone Bruno\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Steam] "F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\steam.exe" -silent
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Simone Bruno\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Controllo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDF36D4C-8016-4D2F-BA6F-281B057B1C23}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Licensing Console -                                                                                                      - C:\Windows\SysWOW64\lnsecsl.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Servizio Kaspersky Anti-Virus (avp) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
O23 - Service: SCP DS3 Service (Ds3Service) - Scarlet.Crush Productions - C:\Program Files\PS3 Controller\ScpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 17104 bytes
 


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 06 August 2014 - 09:59 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Simone Bruno

Simone Bruno
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 August 2014 - 11:14 AM

I have a problem with aswMBR. Avast! antirootkit stops working and close the whole program. I can still paste FRST.txt and Addition.txt

 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Simone Bruno (administrator) on S1M0N3420 on 06-08-2014 17:57:58
Running from C:\Users\Simone Bruno\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(                                                                                                    ) C:\Windows\Temp\mrtC2B2.tmp\stdrt.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Scarlet.Crush Productions) C:\Program Files\PS3 Controller\ScpService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Simone Bruno\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\Steam.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\Simone Bruno\AppData\Roaming\BitTorrent\BitTorrent.exe
(Akamai Technologies, Inc.) C:\Users\Simone Bruno\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AlcaTech) C:\Windows\SysWOW64\mmrtkrnl.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
() C:\Program Files (x86)\Genius\Gila\mousehid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Genius\Gila\trayicon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(OSD) C:\Program Files (x86)\Genius\Gila\OSD.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [477600 2013-01-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Gila] => C:\Program Files (x86)\Genius\Gila\mousehid.exe [307712 2012-08-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Simone Bruno\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [Steam] => F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [Google Update] => C:\Users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-24] (Google Inc.)
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [BitTorrent] => C:\Users\Simone Bruno\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-30] (BitTorrent Inc.)
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\MountPoints2: L - L:\setup.exe
HKU\S-1-5-21-1218816752-1585885018-1708835945-1000\...\MountPoints2: {e0074a95-89bb-11e2-adc6-e840f25ebece} - L:\RunGame.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 101.44.1.108:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 bir3yk.net 
Tcpip\..\Interfaces\{CDF36D4C-8016-4D2F-BA6F-281B057B1C23}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Simone Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\cy5o6hzo.default
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @fxinteractive.com/fxplanet -> C:\ProgramData\FXWebPlayer\npfxplanet.dll (FX Interactive)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Simone Bruno\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Simone Bruno\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Simone Bruno\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Simone Bruno\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Simone Bruno\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Simone Bruno\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-06]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha4979.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4979\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4979\ff [2014-03-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Simone Bruno\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Documenti Google) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-26]
CHR Extension: (Google Drive) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26]
CHR Extension: (MEGA) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-07-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26]
CHR Extension: (Ricerca Google) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26]
CHR Extension: (AdBlock) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-13]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-06-25]
CHR Extension: (FVD Downloader) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Simone Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [lkddfhcndbkojlafacpmjdnlfgcpjffj] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4979\ch\MediaViewV1alpha4979.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2013-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [905154 2013-09-09] (                                                                                                    ) [File not signed]
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-15] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files\PS3 Controller\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-10] (DT Soft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [30112 2013-02-14] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-10] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-03-10] (Kaspersky Lab ZAO)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-08] (Duplex Secure Ltd.)
U3 ae54esq8; C:\Windows\System32\Drivers\ae54esq8.sys [0 ] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-06 17:58 - 2014-08-06 17:58 - 05185536 _____ (AVAST Software) C:\Users\Simone Bruno\Downloads\aswmbr.exe
2014-08-06 17:57 - 2014-08-06 17:58 - 00031712 _____ () C:\Users\Simone Bruno\Downloads\FRST.txt
2014-08-06 17:57 - 2014-08-06 17:58 - 00000000 ____D () C:\FRST
2014-08-06 17:57 - 2014-08-06 17:57 - 02094080 _____ (Farbar) C:\Users\Simone Bruno\Downloads\FRST64.exe
2014-08-06 15:30 - 2014-08-06 15:30 - 00017106 _____ () C:\Users\Simone Bruno\Downloads\hijackthis.log
2014-08-06 15:24 - 2014-08-06 15:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Simone Bruno\Downloads\HijackThis.exe
2014-08-06 15:17 - 2014-08-06 15:17 - 00854410 _____ () C:\Users\Simone Bruno\Downloads\SecurityCheck.exe
2014-08-06 15:17 - 2014-08-06 15:17 - 00854410 _____ () C:\Users\Simone Bruno\Desktop\SecurityCheck.exe
2014-08-04 17:16 - 2014-08-04 17:30 - 460762350 _____ () C:\Users\Simone Bruno\Downloads\Crash Bandicoot.7z
2014-08-04 17:14 - 2014-08-04 17:14 - 00241675 _____ () C:\Users\Simone Bruno\Downloads\SCPH7003.zip
2014-08-04 04:03 - 2014-08-04 04:03 - 00000227 _____ () C:\Users\Simone Bruno\Downloads\3091E6FB (1).pnach
2014-08-04 04:00 - 2014-08-04 04:00 - 00000264 _____ () C:\Users\Simone Bruno\Downloads\DF659E77.pnach
2014-08-04 03:59 - 2014-08-04 04:00 - 00000227 _____ () C:\Users\Simone Bruno\Downloads\3091E6FB.pnach
2014-08-01 10:48 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 10:48 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 10:48 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 10:48 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 10:48 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 10:48 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 10:48 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 10:48 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 10:48 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 10:48 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 10:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 10:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 10:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 10:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 03:32 - 2014-07-31 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2014-07-31 02:59 - 2014-07-31 03:04 - 00000000 ____D () C:\Users\Simone Bruno\Downloads\NEED.FOR.SPEED.UNDERGROUND+NO-CD.CRACK+PATCH+KEY
2014-07-31 02:58 - 2014-07-31 02:58 - 00028216 _____ () C:\Users\Simone Bruno\Downloads\[kickass.to]need.for.speed.underground.no.cd.crack.patch.key.torrent
2014-07-31 02:47 - 2014-07-31 02:50 - 00000000 ____D () C:\Users\Simone Bruno\Downloads\Need For Speed Underground 2003 PC Game {Highly Compressed} #IGI
2014-07-31 02:47 - 2014-07-31 02:47 - 00013935 _____ () C:\Users\Simone Bruno\Downloads\[kickass.to]need.for.speed.underground.2003.pc.game.highly.compress.igi.torrent
2014-07-30 20:15 - 2014-07-30 20:41 - 1336141584 _____ () C:\Users\Simone Bruno\Downloads\Crash Twinsanity (Europe) (En,Fr,De,Es,It).7z
2014-07-30 19:36 - 2014-07-30 19:37 - 10031422 _____ () C:\Users\Simone Bruno\Downloads\Playstation-2-Bios-Pack (1).7z
2014-07-30 19:31 - 2014-07-30 19:34 - 04042455 _____ () C:\Users\Simone Bruno\Downloads\Playstation-2-Bios-Pack.7z
2014-07-30 19:30 - 2014-07-30 20:05 - 00000000 ____D () C:\Users\Simone Bruno\Documents\PCSX2
2014-07-30 14:31 - 2014-07-30 14:31 - 00178514 _____ () C:\Users\Simone Bruno\Downloads\FCB7FFE8243C6EBFE411F0241A42E1FBF7486C1B.torrent
2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-07-30 14:29 - 2014-07-30 14:30 - 10658408 _____ () C:\Users\Simone Bruno\Downloads\pcsx2-1.2.1-r5875-setup.exe
2014-07-30 14:19 - 2014-07-30 14:20 - 00031478 _____ () C:\Users\Simone Bruno\Downloads\Super Mario Bros..zip
2014-07-29 19:28 - 2014-07-29 19:28 - 00064946 _____ () C:\Users\Simone Bruno\Downloads\Legend of Zelda.zip
2014-07-29 19:27 - 2014-07-29 19:27 - 00454137 _____ () C:\Users\Simone Bruno\Downloads\jnes_1_1_1.zip
2014-07-28 12:48 - 2014-08-06 17:27 - 00145107 _____ () C:\Windows\SysWOW64\key.dat
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 _____ () C:\Windows\SysWOW64\sho59C4.tmp
2014-07-26 21:07 - 2014-07-26 21:07 - 00000000 _____ () C:\Windows\SysWOW64\sho3065.tmp
2014-07-25 17:50 - 2014-07-25 17:50 - 00022016 ___SH () C:\Users\Gang Beasts_Data\Thumbs.db
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data\Resources
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data\Mono
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data\Managed
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data
2014-07-25 17:50 - 2014-04-05 21:53 - 25430308 _____ () C:\Users\Gang Beasts_Data\sharedassets1.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 17333496 _____ () C:\Users\Gang Beasts_Data\resources.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 11467496 _____ () C:\Users\Gang Beasts_Data\sharedassets11.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 11283968 _____ () C:\Users\Gang Beasts.exe
2014-07-25 17:50 - 2014-04-05 21:53 - 10956268 _____ () C:\Users\Gang Beasts_Data\sharedassets8.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 08334672 _____ () C:\Users\Gang Beasts_Data\sharedassets3.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 08119571 _____ () C:\Users\Gang Beasts_Data\sharedassets2.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 06806788 _____ () C:\Users\Gang Beasts_Data\sharedassets4.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 05427716 _____ () C:\Users\Gang Beasts_Data\sharedassets9.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 05142948 _____ () C:\Users\Gang Beasts_Data\sharedassets6.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 04446704 _____ () C:\Users\Gang Beasts_Data\sharedassets10.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 04393844 _____ () C:\Users\Gang Beasts_Data\sharedassets5.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 03188896 _____ () C:\Users\Gang Beasts_Data\level10
2014-07-25 17:50 - 2014-04-05 21:53 - 02578448 _____ () C:\Users\Gang Beasts_Data\level5
2014-07-25 17:50 - 2014-04-05 21:53 - 02193144 _____ () C:\Users\Gang Beasts_Data\sharedassets0.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 02187872 _____ () C:\Users\Gang Beasts_Data\level8
2014-07-25 17:50 - 2014-04-05 21:53 - 01572918 _____ () C:\Users\Gang Beasts_Data\ScreenSelector.bmp
2014-07-25 17:50 - 2014-04-05 21:53 - 01520392 _____ () C:\Users\Gang Beasts_Data\level7
2014-07-25 17:50 - 2014-04-05 21:53 - 01287104 _____ () C:\Users\Gang Beasts_Data\sharedassets7.assets
2014-07-25 17:50 - 2014-04-05 21:53 - 01260936 _____ () C:\Users\Gang Beasts_Data\level2
2014-07-25 17:50 - 2014-04-05 21:53 - 00847648 _____ () C:\Users\Gang Beasts_Data\level4
2014-07-25 17:50 - 2014-04-05 21:53 - 00746912 _____ () C:\Users\Gang Beasts_Data\level6
2014-07-25 17:50 - 2014-04-05 21:53 - 00579016 _____ () C:\Users\Gang Beasts_Data\level1
2014-07-25 17:50 - 2014-04-05 21:53 - 00572592 _____ () C:\Users\Gang Beasts_Data\level9
2014-07-25 17:50 - 2014-04-05 21:53 - 00421840 _____ () C:\Users\Gang Beasts_Data\level3
2014-07-25 17:50 - 2014-04-05 21:53 - 00030304 _____ () C:\Users\Gang Beasts_Data\mainData
2014-07-25 17:50 - 2014-04-05 21:53 - 00013056 _____ () C:\Users\Gang Beasts_Data\level0
2014-07-25 17:50 - 2014-04-05 21:53 - 00000022 _____ () C:\Users\Gang Beasts_Data\PlayerConnectionConfigFile
2014-07-25 17:49 - 2014-07-25 17:49 - 00000000 ____D () C:\Users\Public\Grand Theft Auto IV
2014-07-25 17:34 - 2014-07-25 17:34 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVMP
2014-07-25 17:33 - 2014-07-25 17:33 - 00000792 _____ () C:\Windows\SysWOW64\ivmp-svr.log
2014-07-25 17:31 - 2010-04-03 16:00 - 00510432 _____ () C:\Users\Public\IVMP-0.1-Alpha-1-Client.zip
2014-07-25 17:31 - 2010-04-03 16:00 - 00180394 _____ () C:\Users\Public\IVMP-0.1-Alpha-1-Server.zip
2014-07-25 02:26 - 2014-07-25 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halo CE Cracked Setup
2014-07-25 01:46 - 2014-07-25 01:44 - 00000950 _____ () C:\Users\Public\Keymaps.ini
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\Users\Simone Bruno\Documents\Rockstar Games
2014-07-24 23:17 - 2014-07-24 23:17 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-24 23:17 - 2014-07-24 23:17 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\Rockstar Games
2014-07-24 22:58 - 2014-08-01 19:38 - 00037684 _____ () C:\Windows\DirectX.log
2014-07-24 16:47 - 2014-07-28 12:40 - 00003264 _____ () C:\Windows\PFRO.log
2014-07-24 13:10 - 2014-08-06 14:05 - 00003118 _____ () C:\Windows\setupact.log
2014-07-24 13:10 - 2014-07-24 13:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-24 00:04 - 2014-07-24 00:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-24 00:04 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-24 00:04 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-24 00:04 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-24 00:04 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 00:02 - 2014-07-24 00:04 - 00006467 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-24 00:02 - 2014-07-24 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-24 00:02 - 2014-07-24 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 23:25 - 2014-07-23 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-23 23:25 - 2014-07-23 23:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-23 20:23 - 2014-07-23 20:23 - 00000000 _____ () C:\Windows\SysWOW64\sho11C2.tmp
2014-07-23 18:59 - 2014-07-27 16:46 - 00003038 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-07-23 00:28 - 2014-07-23 00:28 - 00007602 _____ () C:\Users\Simone Bruno\AppData\Local\Resmon.ResmonCfg
2014-07-22 17:45 - 2014-07-22 17:45 - 00000000 ____D () C:\Archivos de programa
2014-07-22 11:25 - 2014-07-22 11:26 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\MegaDownloader
2014-07-21 21:18 - 2014-07-21 21:18 - 00000000 _____ () C:\Windows\SysWOW64\sho43D5.tmp
2014-07-18 18:34 - 2014-07-18 18:34 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\FalloutNV
2014-07-18 17:59 - 2014-07-18 17:59 - 00000000 ____D () C:\Program Files\Bethesda Softworks
2014-07-13 19:35 - 2014-07-13 19:35 - 00000000 ____D () C:\Users\Simone Bruno\Documents\CyberLink
2014-07-13 18:02 - 2014-07-13 18:02 - 00000000 ____D () C:\Users\Simone Bruno\Documents\DVDVideoSoft
2014-07-13 18:01 - 2014-07-27 17:07 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-13 18:00 - 2014-07-27 17:07 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\DVDVideoSoft
2014-07-09 23:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 23:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 23:21 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 23:21 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 23:21 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 23:21 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 23:21 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 23:21 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 23:21 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 23:21 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 23:21 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 23:21 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 23:21 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 23:21 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 23:21 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 23:21 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 23:21 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 23:21 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 23:21 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 23:21 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 23:21 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 23:21 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 23:21 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 23:21 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 23:21 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 23:21 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 23:21 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 23:21 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 23:21 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 23:21 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 23:21 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 23:21 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 23:21 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 23:21 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 23:21 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 23:21 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 23:21 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 23:21 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 23:21 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 23:21 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 23:21 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 23:21 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 23:21 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 23:21 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 23:21 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 23:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 23:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 23:21 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 23:21 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 23:21 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 23:21 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 23:21 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 23:21 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 23:21 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 23:21 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 23:21 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 23:21 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 23:21 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 23:21 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 23:21 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 23:21 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 23:21 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 23:21 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 23:21 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 23:21 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 23:20 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 23:20 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 23:20 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 23:20 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 23:20 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 23:20 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 23:20 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 23:20 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 23:20 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 23:20 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 23:20 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 23:20 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 23:20 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 23:18 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 23:18 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 23:18 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 18:14 - 2014-07-07 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreadOut
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-06 17:58 - 2014-08-06 17:58 - 05185536 _____ (AVAST Software) C:\Users\Simone Bruno\Downloads\aswmbr.exe
2014-08-06 17:58 - 2014-08-06 17:57 - 00031712 _____ () C:\Users\Simone Bruno\Downloads\FRST.txt
2014-08-06 17:58 - 2014-08-06 17:57 - 00000000 ____D () C:\FRST
2014-08-06 17:57 - 2014-08-06 17:57 - 02094080 _____ (Farbar) C:\Users\Simone Bruno\Downloads\FRST64.exe
2014-08-06 17:57 - 2013-04-22 13:32 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\BitTorrent
2014-08-06 17:34 - 2013-01-17 19:27 - 00001162 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 17:29 - 2013-11-12 21:05 - 00000384 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-08-06 17:27 - 2014-07-28 12:48 - 00145107 _____ () C:\Windows\SysWOW64\key.dat
2014-08-06 17:10 - 2013-09-24 21:37 - 00001188 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000UA.job
2014-08-06 15:30 - 2014-08-06 15:30 - 00017106 _____ () C:\Users\Simone Bruno\Downloads\hijackthis.log
2014-08-06 15:26 - 2014-08-06 15:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Simone Bruno\Downloads\HijackThis.exe
2014-08-06 15:17 - 2014-08-06 15:17 - 00854410 _____ () C:\Users\Simone Bruno\Downloads\SecurityCheck.exe
2014-08-06 15:17 - 2014-08-06 15:17 - 00854410 _____ () C:\Users\Simone Bruno\Desktop\SecurityCheck.exe
2014-08-06 14:16 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 14:16 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 14:12 - 2012-03-21 22:27 - 01620089 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 14:11 - 2013-01-18 04:17 - 00000000 ____D () C:\ProgramData\clear.fi
2014-08-06 14:09 - 2013-01-28 11:00 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\Adobe
2014-08-06 14:08 - 2013-03-15 20:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-06 14:08 - 2013-01-17 19:27 - 00001158 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 14:06 - 2013-10-26 23:21 - 00000000 ____D () C:\Program Files\PS3 Controller
2014-08-06 14:05 - 2014-07-24 13:10 - 00003118 _____ () C:\Windows\setupact.log
2014-08-06 14:05 - 2012-03-21 22:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-06 14:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 03:15 - 2013-01-17 21:14 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\Skype
2014-08-06 00:31 - 2013-02-28 15:42 - 00000000 ___RD () C:\Users\Simone Bruno\Desktop\s1m0n3420
2014-08-06 00:10 - 2013-09-24 21:37 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000Core.job
2014-08-04 21:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-04 17:30 - 2014-08-04 17:16 - 460762350 _____ () C:\Users\Simone Bruno\Downloads\Crash Bandicoot.7z
2014-08-04 17:30 - 2014-04-11 19:56 - 00000000 ____D () C:\Users\Simone Bruno\Documents\My Games
2014-08-04 17:14 - 2014-08-04 17:14 - 00241675 _____ () C:\Users\Simone Bruno\Downloads\SCPH7003.zip
2014-08-04 16:07 - 2013-07-10 16:07 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-04 04:03 - 2014-08-04 04:03 - 00000227 _____ () C:\Users\Simone Bruno\Downloads\3091E6FB (1).pnach
2014-08-04 04:00 - 2014-08-04 04:00 - 00000264 _____ () C:\Users\Simone Bruno\Downloads\DF659E77.pnach
2014-08-04 04:00 - 2014-08-04 03:59 - 00000227 _____ () C:\Users\Simone Bruno\Downloads\3091E6FB.pnach
2014-08-01 19:38 - 2014-07-24 22:58 - 00037684 _____ () C:\Windows\DirectX.log
2014-07-31 03:32 - 2014-07-31 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2014-07-31 03:04 - 2014-07-31 02:59 - 00000000 ____D () C:\Users\Simone Bruno\Downloads\NEED.FOR.SPEED.UNDERGROUND+NO-CD.CRACK+PATCH+KEY
2014-07-31 02:58 - 2014-07-31 02:58 - 00028216 _____ () C:\Users\Simone Bruno\Downloads\[kickass.to]need.for.speed.underground.no.cd.crack.patch.key.torrent
2014-07-31 02:50 - 2014-07-31 02:47 - 00000000 ____D () C:\Users\Simone Bruno\Downloads\Need For Speed Underground 2003 PC Game {Highly Compressed} #IGI
2014-07-31 02:47 - 2014-07-31 02:47 - 00013935 _____ () C:\Users\Simone Bruno\Downloads\[kickass.to]need.for.speed.underground.2003.pc.game.highly.compress.igi.torrent
2014-07-30 20:41 - 2014-07-30 20:15 - 1336141584 _____ () C:\Users\Simone Bruno\Downloads\Crash Twinsanity (Europe) (En,Fr,De,Es,It).7z
2014-07-30 20:05 - 2014-07-30 19:30 - 00000000 ____D () C:\Users\Simone Bruno\Documents\PCSX2
2014-07-30 19:37 - 2014-07-30 19:36 - 10031422 _____ () C:\Users\Simone Bruno\Downloads\Playstation-2-Bios-Pack (1).7z
2014-07-30 19:34 - 2014-07-30 19:31 - 04042455 _____ () C:\Users\Simone Bruno\Downloads\Playstation-2-Bios-Pack.7z
2014-07-30 18:05 - 2013-10-09 16:58 - 00000000 ____D () C:\ProgramData\Origin
2014-07-30 14:31 - 2014-07-30 14:31 - 00178514 _____ () C:\Users\Simone Bruno\Downloads\FCB7FFE8243C6EBFE411F0241A42E1FBF7486C1B.torrent
2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-07-30 14:30 - 2014-07-30 14:29 - 10658408 _____ () C:\Users\Simone Bruno\Downloads\pcsx2-1.2.1-r5875-setup.exe
2014-07-30 14:30 - 2013-03-02 00:32 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-30 14:20 - 2014-07-30 14:19 - 00031478 _____ () C:\Users\Simone Bruno\Downloads\Super Mario Bros..zip
2014-07-29 19:28 - 2014-07-29 19:28 - 00064946 _____ () C:\Users\Simone Bruno\Downloads\Legend of Zelda.zip
2014-07-29 19:27 - 2014-07-29 19:27 - 00454137 _____ () C:\Users\Simone Bruno\Downloads\jnes_1_1_1.zip
2014-07-29 19:19 - 2013-06-28 22:40 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\.minecraft
2014-07-29 12:55 - 2013-09-06 14:16 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-29 12:55 - 2013-06-10 10:42 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-29 12:51 - 2013-06-10 10:40 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-29 01:58 - 2013-10-09 16:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-28 21:34 - 2013-01-20 12:40 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\vlc
2014-07-28 18:59 - 2014-05-11 17:02 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\Spotify
2014-07-28 18:58 - 2014-06-20 14:00 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\LogMeIn Hamachi
2014-07-28 18:55 - 2013-03-11 03:11 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\PMB Files
2014-07-28 12:48 - 2012-03-16 17:55 - 00758288 _____ () C:\Windows\system32\perfh010.dat
2014-07-28 12:48 - 2012-03-16 17:55 - 00153390 _____ () C:\Windows\system32\perfc010.dat
2014-07-28 12:48 - 2009-07-14 07:13 - 01697978 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 12:40 - 2014-07-24 16:47 - 00003264 _____ () C:\Windows\PFRO.log
2014-07-28 04:03 - 2014-07-28 04:03 - 00000000 _____ () C:\Windows\SysWOW64\sho59C4.tmp
2014-07-28 01:19 - 2013-03-12 16:08 - 00001236 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-07-27 17:11 - 2013-06-24 02:12 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-07-27 17:07 - 2014-07-13 18:01 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-27 17:07 - 2014-07-13 18:00 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\DVDVideoSoft
2014-07-27 17:06 - 2013-05-14 18:52 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-27 17:06 - 2012-01-12 05:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-27 17:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-27 16:59 - 2013-05-11 15:22 - 00000000 ____D () C:\Program Files\WinPcap
2014-07-27 16:55 - 2013-09-02 03:14 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\Samsung
2014-07-27 16:55 - 2013-09-02 03:14 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\Samsung
2014-07-27 16:55 - 2013-09-02 03:12 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-27 16:54 - 2013-09-02 03:00 - 00000000 ____D () C:\ProgramData\Samsung
2014-07-27 16:49 - 2014-03-23 14:47 - 00000148 _____ () C:\Windows\QIII.INI
2014-07-27 16:49 - 2013-08-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bitComposer Games
2014-07-27 16:48 - 2014-05-28 20:59 - 00000000 ____D () C:\Program Files (x86)\Nitro PDF
2014-07-27 16:47 - 2014-04-01 16:48 - 00000000 ____D () C:\Program Files (x86)\Nv GPU Pro
2014-07-27 16:46 - 2014-07-23 18:59 - 00003038 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-07-27 16:46 - 2014-04-01 16:48 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\Nv GPU Pro
2014-07-27 16:42 - 2013-06-10 10:42 - 00000000 ____D () C:\ProgramData\Orbit
2014-07-26 21:07 - 2014-07-26 21:07 - 00000000 _____ () C:\Windows\SysWOW64\sho3065.tmp
2014-07-25 17:50 - 2014-07-25 17:50 - 00022016 ___SH () C:\Users\Gang Beasts_Data\Thumbs.db
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data\Resources
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data\Mono
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data\Managed
2014-07-25 17:50 - 2014-07-25 17:50 - 00000000 ____D () C:\Users\Gang Beasts_Data
2014-07-25 17:49 - 2014-07-25 17:49 - 00000000 ____D () C:\Users\Public\Grand Theft Auto IV
2014-07-25 17:34 - 2014-07-25 17:34 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVMP
2014-07-25 17:33 - 2014-07-25 17:33 - 00000792 _____ () C:\Windows\SysWOW64\ivmp-svr.log
2014-07-25 14:22 - 2013-03-14 22:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 14:22 - 2013-03-14 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 04:01 - 2013-08-25 15:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-25 04:01 - 2013-08-25 15:49 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-25 04:01 - 2013-08-25 15:49 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-07-25 04:00 - 2014-05-12 17:55 - 00003554 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-07-25 03:01 - 2013-03-14 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 02:26 - 2014-07-25 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halo CE Cracked Setup
2014-07-25 01:44 - 2014-07-25 01:46 - 00000950 _____ () C:\Users\Public\Keymaps.ini
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\Users\Simone Bruno\Documents\Rockstar Games
2014-07-24 23:17 - 2014-07-24 23:17 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-24 23:17 - 2014-07-24 23:17 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\Rockstar Games
2014-07-24 20:56 - 2013-03-10 21:53 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Roaming\DAEMON Tools Lite
2014-07-24 16:53 - 2014-05-11 17:03 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\Spotify
2014-07-24 13:10 - 2014-07-24 13:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-24 01:50 - 2013-02-11 22:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-24 00:04 - 2014-07-24 00:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-24 00:04 - 2014-07-24 00:02 - 00006467 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-24 00:04 - 2013-04-14 19:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-24 00:02 - 2014-07-24 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-24 00:02 - 2014-07-24 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 23:25 - 2014-07-23 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-23 23:25 - 2014-07-23 23:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-23 23:01 - 2013-01-18 07:26 - 01690284 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-23 20:33 - 2012-01-12 06:06 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-23 20:23 - 2014-07-23 20:23 - 00000000 _____ () C:\Windows\SysWOW64\sho11C2.tmp
2014-07-23 18:38 - 2014-02-04 19:11 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-07-23 18:38 - 2014-02-04 19:11 - 00000000 ____D () C:\Program Files\Autodesk
2014-07-23 18:38 - 2014-02-04 18:39 - 00000000 ____D () C:\ProgramData\Autodesk
2014-07-23 00:28 - 2014-07-23 00:28 - 00007602 _____ () C:\Users\Simone Bruno\AppData\Local\Resmon.ResmonCfg
2014-07-22 17:45 - 2014-07-22 17:45 - 00000000 ____D () C:\Archivos de programa
2014-07-22 11:26 - 2014-07-22 11:25 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\MegaDownloader
2014-07-21 23:05 - 2014-02-12 22:45 - 00000000 ____D () C:\ProgramData\GFACE
2014-07-21 21:18 - 2014-07-21 21:18 - 00000000 _____ () C:\Windows\SysWOW64\sho43D5.tmp
2014-07-18 18:34 - 2014-07-18 18:34 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\FalloutNV
2014-07-18 17:59 - 2014-07-18 17:59 - 00000000 ____D () C:\Program Files\Bethesda Softworks
2014-07-18 17:59 - 2013-02-13 00:24 - 00000032 _____ () C:\Windows\CD_Start.INI
2014-07-16 17:28 - 2014-04-14 18:13 - 00000000 ____D () C:\Users\Simone Bruno\AppData\Local\Ubisoft
2014-07-13 19:35 - 2014-07-13 19:35 - 00000000 ____D () C:\Users\Simone Bruno\Documents\CyberLink
2014-07-13 18:02 - 2014-07-13 18:02 - 00000000 ____D () C:\Users\Simone Bruno\Documents\DVDVideoSoft
2014-07-11 03:02 - 2014-07-24 00:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-24 00:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-24 00:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-24 00:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 23:26 - 2014-07-01 23:57 - 00000000 ____D () C:\Program Files (x86)\Outlast
2014-07-10 11:23 - 2009-07-14 06:45 - 05084712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 06:51 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 06:51 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 06:22 - 2013-09-29 21:32 - 07454764 ____N () C:\Users\Simone Bruno\AppData\Local\Tempmusic.ogg
2014-07-10 03:04 - 2014-02-12 01:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2014-02-12 01:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 18:14 - 2014-07-07 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreadOut
 
Some content of TEMP:
====================
C:\Users\Simone Bruno\AppData\Local\Temp\AutoRun.exe
C:\Users\Simone Bruno\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Simone Bruno\AppData\Local\Temp\CmdLineExtInstallerExe.exe
C:\Users\Simone Bruno\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Simone Bruno\AppData\Local\Temp\jak x combat racing iso__3515_i1124715538_il3122676.exe
C:\Users\Simone Bruno\AppData\Local\Temp\MX_SWinst.exe
C:\Users\Simone Bruno\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Simone Bruno\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Simone Bruno\AppData\Local\Temp\sfareca00002.dll
C:\Users\Simone Bruno\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Simone Bruno\AppData\Local\Temp\Uninstaller-5496.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-06 17:39
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Simone Bruno at 2014-08-06 17:59:17
Running from C:\Users\Simone Bruno\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
 clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0708.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7943 - DsNET Corp)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2428.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2428.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Gila Gaming Mouse (HKLM-x32\...\{FB3A54A3-F867-456E-971F-712CC13DC830}}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Halo CE Cracked Setup (HKLM-x32\...\{DC525714-3134-4749-A39F-E3216A4FF9BD}) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HWiNFO64 Version 4.12 (HKLM\...\HWiNFO64_is1) (Version: 4.12 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Imperivm - Le Grandi Bataglie di Roma (HKLM-x32\...\Imperivm - Le Grandi Bataglie di Roma) (Version:  - FX Interactive)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Lanzador de juegos de FX Interactive (HKLM-x32\...\FXWebPlayer) (Version:  - FX Interactive) <==== ATTENTION
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Media View (HKLM-x32\...\MediaViewV1alpha4979) (Version: 1.1 - Media View) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office a portata di clic 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need For Speed Underground (HKLM-x32\...\{A99968BE-C155-474C-0089-33239DEE1CE2}) (Version:  - )
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NET Render Client 11.514 (HKLM\...\MAXONF02E79F8) (Version: 11.514 - MAXON Computer GmbH)
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.6 - Black Tree Gaming)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.2 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
NVIDIA Driver audio HD 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Driver grafico 286.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 286.03 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.48.261 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.8603 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (x32 Version: 6.5 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{C5EFC8F0-2EDE-4A4D-A4DA-75596405D1FB}) (Version: 4.10.9764 - Apache Software Foundation)
OPERATION7 (HKLM-x32\...\OPERATION7) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pacchetto driver Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Pacchetto driver Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Pannello di controllo NVIDIA 286.03 (Version: 286.03 - NVIDIA Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PS_AIO_03_C4400_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Remote Mouse version 2.54 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.54 - Remote Mouse)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Ski Challenge 14 (HKCU\...\sc14-GAMETWIST_MAIN) (Version:  - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vegas Pro 10.0 (HKLM-x32\...\{5AC11070-A1CB-11E0-A0DC-0013D3D69929}) (Version: 10.0.737 - Sony)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3505 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe No File
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\it-IT\acadficn.dll No File
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1218816752-1585885018-1708835945-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Simone Bruno\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
29-07-2014 13:45:00 Windows Update
01-08-2014 08:47:01 Windows Update
01-08-2014 17:37:08 DirectX installato
05-08-2014 21:38:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2013-08-19 01:51 - 00000850 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 bir3yk.net 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {062976AB-9D35-4B73-82D2-878D886F3FF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17] (Google Inc.)
Task: {093B8000-80BA-42D7-BFB3-227E9CA2516A} - System32\Tasks\{8400D2C6-8A7D-4D96-AFCB-45C833FFE44C} => L:\autorun.exe
Task: {109FD6C9-5E3D-4AC0-98EA-525410DB9F16} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {118641D6-B529-4F4E-A918-3E5E0E14C928} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {2BA30C7A-8095-44F5-B4EC-5C11C020A2F5} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-12-28] (CyberLink)
Task: {2FA72A8C-F372-4FCE-A3B7-2969FD0FFF4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {429CADA3-4C4C-4AD4-AA1F-E0A2F2C8BAAC} - System32\Tasks\{2F45FAC1-C34A-4778-90C2-B0E7C3FC7298} => C:\Program Files (x86)\Midway Home Entertainment\AREA-51\A51.exe
Task: {5F723D89-9E80-4F48-BB0A-082062CC0609} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {7699949B-5802-4626-A84E-45553095CC77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000UA => C:\Users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {77C2B735-2E9A-419D-83A5-AD0208B7B80E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {8264313F-B815-4FF5-BF03-FCDDA4A59D3D} - System32\Tasks\{90EE4F5E-F4D4-4572-A9F3-FD21951CCC5C} => F:\Download\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
Task: {890FBEC7-70C7-464E-9136-AB5CBF308965} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-09-06] (Acer)
Task: {B3D3DF27-535B-4B1C-A8CB-727A63615187} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17] (Google Inc.)
Task: {C341F67F-6978-4A4B-BE71-795B4869BEE9} - \AmiUpdXp No Task File <==== ATTENTION
Task: {CE1FFCAC-9C34-4CB2-9899-765EBDB9F407} - System32\Tasks\{CDFCF7FC-E25B-44C5-8E6D-E7C45AB25CD9} => L:\autorun.exe
Task: {D2B7A8B7-7406-4EA7-ACA8-6F29C8BE5437} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-12-28] (Acer Incorporated)
Task: {E039CB49-A37F-4FD2-B1AA-48C806D256E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000Core => C:\Users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {EEAB3514-8F3E-4D2F-B7A1-AB878EFB873B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F17C3648-25A2-4A94-94BA-1D70C9BB054E} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {F8388407-E138-420C-AAF0-9260A0C34726} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-12-28] (CyberLink Corp.)
Task: {FEE514A2-65F0-4C35-86EA-CEEB8367D2F8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Simone Bruno\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000Core.job => C:\Users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000UA.job => C:\Users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-16 19:30 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-06 14:15 - 2014-06-28 13:40 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-08-11 05:58 - 2011-08-11 05:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2013-12-27 01:08 - 2012-08-17 20:45 - 00307712 _____ () C:\Program Files (x86)\Genius\Gila\mousehid.exe
2013-12-27 01:08 - 2012-06-10 20:01 - 00222720 _____ () C:\Program Files (x86)\Genius\Gila\trayicon.exe
2014-08-06 14:05 - 2014-08-06 14:05 - 00307200 _____ () C:\Windows\TEMP\mrtC2B2.tmp\MMFS2.dll
2014-08-06 14:05 - 2014-08-06 14:05 - 00012800 _____ () C:\Windows\TEMP\mrtC2B2.tmp\Get.mfx
2014-08-06 14:05 - 2014-08-06 14:05 - 00059392 _____ () C:\Windows\TEMP\mrtC2B2.tmp\Yaso.mfx
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2012-03-21 22:52 - 2011-12-28 04:47 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-05-21 21:49 - 2014-07-12 02:53 - 01116672 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\libavcodec-55.dll
2014-04-23 14:31 - 2014-07-12 02:53 - 00438784 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\libavutil-53.dll
2014-05-21 21:49 - 2014-07-12 02:53 - 00399360 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\libavformat-55.dll
2014-01-16 17:31 - 2014-07-12 02:53 - 00331264 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\libavresample-1.dll
2013-07-01 08:20 - 2014-06-27 00:40 - 00764416 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\SDL2.dll
2014-05-21 21:49 - 2014-07-16 04:28 - 02139328 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\video.dll
2014-05-21 21:49 - 2014-04-29 02:37 - 00519168 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\libswscale-2.dll
2013-07-09 13:45 - 2014-07-16 04:28 - 01116864 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\bin\chromehtml.DLL
2013-07-09 13:45 - 2014-05-02 01:35 - 20628160 _____ () F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\bin\libcef.dll
2011-08-11 05:57 - 2011-08-11 05:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-12-27 01:08 - 2011-09-05 10:41 - 00061440 _____ () C:\Program Files (x86)\Genius\Gila\HidDevice.dll
2014-02-13 16:11 - 2014-02-13 16:11 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-03-21 22:40 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-03-21 22:41 - 2012-02-07 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-20 20:49 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-20 20:49 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-20 20:49 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 20:49 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 20:49 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-20 20:49 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 22:46 - 2011-09-21 22:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\Simone Bruno\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desura => C:\Program Files (x86)\Desura\desura.exe -autostart
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Simone Bruno\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Simone Bruno\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/06/2014 02:07:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2014 02:45:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Impossibile trovare l'assembly dipendente Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.
 
Error: (08/06/2014 02:45:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Impossibile trovare l'assembly dipendente Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.
 
Error: (08/06/2014 01:39:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (08/06/2014 00:30:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma iw5mp.exe versione 0.0.0.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 1594
 
Ora di avvio: 01cfb0fcd8b874cf
 
Ora di chiusura: 9
 
Percorso applicazione: F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
 
ID segnalazione: 282a1e25-1cf0-11e4-a58f-e840f25ebece
 
Error: (08/05/2014 01:39:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (08/04/2014 08:56:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Impossibile trovare l'assembly dipendente Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.
 
Error: (08/04/2014 08:56:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Impossibile trovare l'assembly dipendente Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.
 
Error: (08/04/2014 01:39:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (08/03/2014 11:48:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma iw5mp.exe versione 0.0.0.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 1e48
 
Ora di avvio: 01cfaf646edb707f
 
Ora di chiusura: 13
 
Percorso applicazione: F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
 
ID segnalazione: e0153586-1b57-11e4-a58f-e840f25ebece
 
 
System errors:
=============
Error: (08/06/2014 02:07:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio LogMeIn Hamachi Tunneling Engine non è stato avviato per il seguente errore: 
%%1053
 
Error: (08/06/2014 02:07:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio LogMeIn Hamachi Tunneling Engine.
 
Error: (08/06/2014 02:06:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Adobe Licensing Console non è stato avviato per il seguente errore: 
%%1053
 
Error: (08/06/2014 02:06:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Adobe Licensing Console.
 
Error: (08/06/2014 02:05:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Precedente arresto del sistema inatteso a 03:22:46 su ‎06/‎08/‎2014.
 
Error: (08/02/2014 01:58:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio ShellHWDetection.
 
Error: (07/29/2014 03:18:15 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Inizializzazione non riuscita. Il trasporto non ha aperto gli indirizzi iniziali.
 
Error: (07/28/2014 09:26:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Le copie shadow del volume C: sono state interrotte. Impossibile espandere l'archivio delle copie shadow a causa di un limite imposto da un utente.
 
Error: (07/28/2014 00:41:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Adobe Licensing Console non è stato avviato per il seguente errore: 
%%1053
 
Error: (07/28/2014 00:41:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Adobe Licensing Console.
 
 
Microsoft Office Sessions:
=========================
Error: (08/06/2014 02:07:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2014 02:45:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\Acer\screensaver\VistaGetS3S4Reg.exe
 
Error: (08/06/2014 02:45:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\Acer\screensaver\run_Acer.exe
 
Error: (08/06/2014 01:39:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (08/06/2014 00:30:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iw5mp.exe0.0.0.0159401cfb0fcd8b874cf9F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe282a1e25-1cf0-11e4-a58f-e840f25ebece
 
Error: (08/05/2014 01:39:39 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (08/04/2014 08:56:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\Acer\screensaver\VistaGetS3S4Reg.exe
 
Error: (08/04/2014 08:56:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\Acer\screensaver\run_Acer.exe
 
Error: (08/04/2014 01:39:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (08/03/2014 11:48:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iw5mp.exe0.0.0.01e4801cfaf646edb707f13F:\Left 4 Dead 2  V2.0.2.7  Full-Rip  {blaze69}\Left 4 Dead 2\bin\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exee0153586-1b57-11e4-a58f-e840f25ebece
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-06 02:46:25.664
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-06 02:46:25.662
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-06 02:46:25.608
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-06 02:46:25.597
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-06 02:46:25.595
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-06 02:46:25.593
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-04 20:57:13.906
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-04 20:57:13.905
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-04 20:57:13.888
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2014-08-04 20:57:13.866
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 66%
Total physical RAM: 8157.3 MB
Available physical RAM: 2735.88 MB
Total Pagefile: 16312.77 MB
Available Pagefile: 10048.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:456.45 GB) (Free:81.37 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.96 GB) (Free:91.18 GB) NTFS
Drive e: (GTA_LCS) (CDROM) (Total:3.74 GB) (Free:0 GB) CDFS
Drive f: () (Fixed) (Total:232.88 GB) (Free:49.12 GB) NTFS
Drive h: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:239.64 GB) NTFS
Drive l: (N.F.S.U. CD-2) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BA1746B4)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: E9119878)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: E3BA5DB5)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 07 August 2014 - 02:09 AM

Skip aswMBR:

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Simone Bruno

Simone Bruno
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 07 August 2014 - 06:47 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-07 13:46:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.51.0 931,51GB
Running: 927hcz4w.exe; Driver: C:\Users\SIMONE~1\AppData\Local\Temp\pxdyapog.sys
 
 
---- Devices - GMER 2.1 ----
 
Device  \Driver\abm2bsxy \Device\Scsi\abm2bsxy1                                                                                                      fffffa800a0362c0
Device  \Driver\abm2bsxy \Device\Scsi\abm2bsxy1Port1Path0Target0Lun0                                                                                 fffffa800a0362c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                                       fffffa80070142c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{6EB40331-4164-424B-BB68-00BA4FB5CADF}                                                                     fffffa800702d2c0
Device  \Driver\USBSTOR \Device\0000009e                                                                                                             fffffa800b8932c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                                             fffffa800a30c2c0
Device  \Driver\cdrom \Device\CdRom0                                                                                                                 fffffa8009f142c0
Device  \Driver\USBSTOR \Device\000000aa                                                                                                             fffffa800b8932c0
Device  \Driver\cdrom \Device\CdRom1                                                                                                                 fffffa8009f142c0
Device  \Driver\USBSTOR \Device\000000a8                                                                                                             fffffa800b8932c0
Device  \Driver\cdrom \Device\CdRom2                                                                                                                 fffffa8009f142c0
Device  \Driver\dtsoftbus01 \Device\00000075                                                                                                         fffffa8009e642c0
Device  \Driver\usbehci \Device\USBFDO-0                                                                                                             fffffa800a30c2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{CDF36D4C-8016-4D2F-BA6F-281B057B1C23}                                                                     fffffa800702d2c0
Device  \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                                     fffffa8009e642c0
Device  \Driver\USBSTOR \Device\00000095                                                                                                             fffffa800b8932c0
Device  \Driver\USBSTOR \Device\000000a9                                                                                                             fffffa800b8932c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                                             fffffa800a30c2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{71F459AA-7231-42FC-B93F-0E1D3D236002}                                                                     fffffa800702d2c0
Device  \Driver\USBSTOR \Device\00000096                                                                                                             fffffa800b8932c0
Device  \Driver\USBSTOR \Device\000000a6                                                                                                             fffffa800b8932c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{2E0931E2-D924-4457-977F-BEB065CD53ED}                                                                     fffffa800702d2c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                      fffffa800702d2c0
Device  \Driver\usbehci \Device\USBPDO-0                                                                                                             fffffa800a30c2c0
Device  \Driver\abm2bsxy \Device\ScsiPort1                                                                                                           fffffa800a0362c0
Device  \Driver\USBSTOR \Device\000000a7                                                                                                             fffffa800b8932c0
 
---- Modules - GMER 2.1 ----
 
Module  \SystemRoot\System32\Drivers\abm2bsxy.SYS                                                                                                    fffff88008200000-fffff88008251000 (331776 bytes)
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:2900]                                                                                                    000000000009301f
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:4040]                                                                                                    000000006a1a6c50
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:4880]                                                                                                    00000000685c1120
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:2908]                                                                                                    000000006a6858bd
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:5128]                                                                                                    0000000071ef62ee
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:5888]                                                                                                    0000000067b1f6c8
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:5900]                                                                                                    0000000067b1f6c8
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6684]                                                                                                    0000000063b83ce3
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6836]                                                                                                    0000000063b83ce3
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6900]                                                                                                    0000000063b83ce3
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6916]                                                                                                    00000000609b975d
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6932]                                                                                                    000000005fd36b60
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6936]                                                                                                    000000005fd36b60
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6940]                                                                                                    000000005fd80320
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6996]                                                                                                    0000000067b1f6c8
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:4184]                                                                                                    00000000639ef9c0
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:2736]                                                                                                    0000000063b83ce3
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6872]                                                                                                    0000000063b83ce3
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:2960]                                                                                                    0000000063b83ce3
Thread  C:\Windows\SysWOW64\ntdll.dll [2896:6984]                                                                                                    0000000063b83ce3
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3980:6184]                                                                               000007fefb5c2bf8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3980:6852]                                                                               000007feddd94830
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3980:6740]                                                                               000007fee8095124
Thread   [2880:6116]                                                                                                                                 000000006e317950
Thread   [2880:2228]                                                                                                                                 0000000077662e65
Thread   [2880:6024]                                                                                                                                 000000006e55c59c
Thread   [2880:1952]                                                                                                                                 000000006e55c59c
Thread   [2880:5504]                                                                                                                                 000000006e55c59c
Thread   [2880:5956]                                                                                                                                 000000006e55c59c
Thread   [2880:6240]                                                                                                                                 00000000660a0dc7
Thread   [2880:6248]                                                                                                                                 00000000661536af
Thread   [2880:6672]                                                                                                                                 00000000661536af
Thread   [2880:6352]                                                                                                                                 00000000610bb73e
Thread   [2880:1536]                                                                                                                                 000000006e55c59c
Thread   [2880:5984]                                                                                                                                 0000000077663e85
Thread  C:\Windows\SysWOW64\ntdll.dll [3404:3440]                                                                                                    000000000041d350
Thread  C:\Windows\SysWOW64\ntdll.dll [3404:5404]                                                                                                    0000000000405860
Thread  C:\Windows\SysWOW64\ntdll.dll [3404:5444]                                                                                                    000000007c3493a3
Thread  C:\Windows\SysWOW64\ntdll.dll [3404:5428]                                                                                                    00000000100075d0
Thread  C:\Windows\SysWOW64\ntdll.dll [3404:5356]                                                                                                    000000007c3493a3
Thread  C:\Windows\SysWOW64\ntdll.dll [3404:5348]                                                                                                    000000007c3493a3
Thread  C:\Windows\System32\svchost.exe [4580:2808]                                                                                                  000007fee1f39688
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{31DE3A35-7FCC-43A5-B64C-3749271F1219}\Connection@Name  isatap.{2E0931E2-D924-4457-977F-BEB065CD53ED}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{A0335AA4-D3CC-40F2-90E9-D05D98B4A49B}?\Device\{001C5214-A636-41C3-9D55-C423F156ED2B}?\Device\{1B903000-D6A8-4B11-889E-C6E7DF73D06B}?\Device\{8F33EB32-5CEB-4CE4-8286-53F16BA3EDEF}?\Device\{31DE3A35-7FCC-43A5-B64C-3749271F1219}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{A0335AA4-D3CC-40F2-90E9-D05D98B4A49B}"?"{001C5214-A636-41C3-9D55-C423F156ED2B}"?"{1B903000-D6A8-4B11-889E-C6E7DF73D06B}"?"{8F33EB32-5CEB-4CE4-8286-53F16BA3EDEF}"?"{31DE3A35-7FCC-43A5-B64C-3749271F1219}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{A0335AA4-D3CC-40F2-90E9-D05D98B4A49B}?\Device\TCPIP6TUNNEL_{001C5214-A636-41C3-9D55-C423F156ED2B}?\Device\TCPIP6TUNNEL_{1B903000-D6A8-4B11-889E-C6E7DF73D06B}?\Device\TCPIP6TUNNEL_{8F33EB32-5CEB-4CE4-8286-53F16BA3EDEF}?\Device\TCPIP6TUNNEL_{31DE3A35-7FCC-43A5-B64C-3749271F1219}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\Adobe Licensing Console@Loaded                                                                        237
Reg     HKLM\SYSTEM\CurrentControlSet\services\Adobe Licensing Console@Refresh2                                                                      37
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{31DE3A35-7FCC-43A5-B64C-3749271F1219}@InterfaceName                       isatap.{2E0931E2-D924-4457-977F-BEB065CD53ED}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{31DE3A35-7FCC-43A5-B64C-3749271F1219}@ReusableType                        0
Reg     HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision                                                                 80824774
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                       0xC1 0xF0 0x05 0x95 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                          0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                       0x5F 0xDF 0x1A 0x65 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                 0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0x37 0x20 0x03 0xC5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                         0xB3 0xFD 0xAB 0xAD ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                         
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                              1
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                           0xC1 0xF0 0x05 0x95 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                              C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                              0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                           0x5F 0xDF 0x1A 0x65 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                     0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                  0x37 0x20 0x03 0xC5 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                             0xB3 0xFD 0xAB 0xAD ...
 
---- EOF - GMER 2.1 ----


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 07 August 2014 - 07:08 AM

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Simone Bruno

Simone Bruno
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 07 August 2014 - 08:58 AM

I got stuck in "stage_48"

#8 Simone Bruno

Simone Bruno
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 07 August 2014 - 09:02 AM

And internet doesn't work anymore on my computer, i need to reply from my phone

#9 Simone Bruno

Simone Bruno
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 07 August 2014 - 09:45 AM

Ok, it's working again. Sorry for all these replies. When combofix finish, i will send the log.

#10 Simone Bruno

Simone Bruno
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 07 August 2014 - 10:12 AM

 
 
 
 
ComboFix 14-08-06.02 - Simone Bruno 07/08/2014  15:03:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.8157.5519 [GMT 2:00]
Eseguito da: c:\users\Simone Bruno\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\MediaViewV1
c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\ff\chrome.manifest
c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\ff\chrome\content\ffMediaViewV1alpha4979.js
c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\ff\chrome\content\icons\default\MediaViewV1alpha4979_32.png
c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\ff\chrome\content\overlay.xul
c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\ff\install.rdf
c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\uninstall.exe
c:\program files (x86)\WebexpEnhancedV1
c:\users\Simone Bruno\Documents\~WRL1777.tmp
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Adobe Licensing Console
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-07-07 al 2014-08-07  )))))))))))))))))))))))))))))))))))
.
.
2014-08-07 14:43 . 2014-08-07 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-06 15:57 . 2014-08-06 16:00 -------- d-----w- C:\FRST
2014-08-05 21:39 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6365F034-37B5-4775-A1CE-B99E805EE8EA}\mpengine.dll
2014-08-01 08:48 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 08:48 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 08:48 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 08:48 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 08:48 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 08:48 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 08:48 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 08:48 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 08:48 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 08:48 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 08:47 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 08:47 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 08:47 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-01 08:47 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-07-31 01:31 . 2014-07-31 01:31 -------- d-----w- c:\program files (x86)\EA GAMES
2014-07-30 12:30 . 2014-07-30 12:30 -------- d-----w- c:\program files (x86)\PCSX2 1.2.1
2014-07-28 02:03 . 2014-07-28 02:03 0 ----a-w- c:\windows\SysWow64\sho59C4.tmp
2014-07-27 14:18 . 2014-07-27 14:17 3266496 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloce-patch-1.0.10.exe
2014-07-26 19:07 . 2014-07-26 19:07 0 ----a-w- c:\windows\SysWow64\sho3065.tmp
2014-07-25 15:50 . 2014-07-25 15:50 -------- d-----w- c:\users\Gang Beasts_Data
2014-07-25 15:50 . 2014-04-05 19:53 11283968 ----a-w- c:\users\Gang Beasts.exe
2014-07-25 15:49 . 2014-07-25 15:49 -------- d-----w- c:\users\Public\Grand Theft Auto IV
2014-07-25 00:26 . 2014-07-25 00:26 4406472 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\Uninstall.exe
2014-07-24 21:17 . 2014-07-24 21:17 -------- d-sh--w- c:\programdata\SecuROM
2014-07-24 21:17 . 2014-07-24 21:17 -------- d-----w- c:\users\Simone Bruno\AppData\Local\Rockstar Games
2014-07-23 22:04 . 2014-07-23 22:04 -------- d-----w- c:\programdata\Oracle
2014-07-23 22:04 . 2014-07-23 22:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-23 22:04 . 2014-07-11 01:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-23 21:25 . 2014-07-23 21:25 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-23 18:25 . 2014-07-23 18:25 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-07-23 18:23 . 2014-07-23 18:23 0 ----a-w- c:\windows\SysWow64\sho11C2.tmp
2014-07-22 15:45 . 2014-07-22 15:45 -------- d-----w- C:\Archivos de programa
2014-07-22 09:25 . 2014-07-22 09:26 -------- d-----w- c:\users\Simone Bruno\AppData\Local\MegaDownloader
2014-07-21 19:18 . 2014-07-21 19:18 0 ----a-w- c:\windows\SysWow64\sho43D5.tmp
2014-07-18 16:34 . 2014-07-18 16:34 -------- d-----w- c:\users\Simone Bruno\AppData\Local\FalloutNV
2014-07-18 15:59 . 2014-07-18 15:59 -------- d-----w- c:\program files\Bethesda Softworks
2014-07-13 16:01 . 2014-07-27 15:07 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2014-07-13 16:00 . 2014-07-27 15:07 -------- d-----w- c:\users\Simone Bruno\AppData\Roaming\DVDVideoSoft
2014-07-09 21:20 . 2014-06-19 00:42 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-07-09 21:18 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 21:18 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 21:18 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-29 10:55 . 2013-09-06 12:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-29 10:55 . 2013-06-10 08:42 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-29 10:51 . 2013-06-10 08:40 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-07-10 01:02 . 2014-02-11 23:18 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-30 18:35 . 2014-06-30 18:35 0 ----a-w- c:\windows\SysWow64\sho5F0C.tmp
2014-06-28 11:40 . 2013-09-06 12:15 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-06-20 09:35 . 2013-09-18 05:00 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-19 22:23 . 2014-06-19 22:23 0 ----a-w- c:\windows\SysWow64\sho744C.tmp
2014-06-17 15:49 . 2014-06-17 15:49 0 ----a-w- c:\windows\SysWow64\shoDB85.tmp
2014-05-19 09:01 . 2014-05-19 09:01 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2014-05-19 09:01 . 2014-05-19 09:01 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-05-19 09:01 . 2014-05-19 09:01 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2014-05-19 09:01 . 2014-05-19 09:01 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-09-04 19:39 . 2014-07-01 21:57 82 ----a-w- c:\program files (x86)\update-Outlast.bat
2013-05-01 19:06 . 2014-03-30 21:01 84 ----a-w- c:\program files (x86)\update-MEdge.bat
2012-10-11 13:26 . 2013-08-18 23:11 73 ----a-w- c:\program files (x86)\update-L4D2.bat
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-18 12:07 222712 ----a-w- c:\users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-18 12:07 222712 ----a-w- c:\users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-18 12:07 222712 ----a-w- c:\users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Simone Bruno\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Steam"="f:\left 4 dead 2  v2.0.2.7  full-rip  {blaze69}\Left 4 Dead 2\bin\steam.exe" [2014-07-16 1753280]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"BitTorrent"="c:\users\Simone Bruno\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-07-30 1267032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Realtime Audio Engine"="mmrtkrnl.exe" [2011-02-25 46592]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Gila"="c:\program files (x86)\Genius\Gila\mousehid.exe" [2012-08-17 307712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 ClickToRunSvc;Servizio A portata di clic di Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Ds3Service;SCP DS3 Service;c:\program files\PS3 Controller\ScpService.exe;c:\program files\PS3 Controller\ScpService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-20 18:48 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 17:27]
.
2014-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 17:27]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000Core.job
- c:\users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-24 19:37]
.
2014-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218816752-1585885018-1708835945-1000UA.job
- c:\users\Simone Bruno\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-24 19:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-18 12:07 261624 ----a-w- c:\users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-18 12:07 261624 ----a-w- c:\users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-18 12:07 261624 ----a-w- c:\users\Simone Bruno\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-20 09:38 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-20 09:38 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-20 09:38 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-01-24 477600]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 101.44.1.108:80
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{CDF36D4C-8016-4D2F-BA6F-281B057B1C23}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Bruteforce Save Data - c:\program files (x86)\Bruteforce Save Data\Uninstall.exe
AddRemove-HxD Hex Editor_is1 - c:\program files (x86)\HxD\unins000.exe
AddRemove-Imperivm - Le Grandi Bataglie di Roma - c:\program files (x86)\FX Uninstall Information\Disinstallazione_Imperivm_GBR.exe
AddRemove-MediaViewV1alpha4979 - c:\program files (x86)\MediaViewV1\MediaViewV1alpha4979\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\Simone Bruno\AppData\Local\SwvUpdater\Updater.exe
AddRemove-sc14-GAMETWIST_MAIN - c:\games\Ski Challenge 14\uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1218816752-1585885018-1708835945-1000\Software\SecuROM\License information*]
"datasecu"=hex:d9,b2,f1,76,0d,08,0c,32,58,ab,c6,aa,a4,14,c7,83,1d,65,ef,ed,8e,
   a8,8f,8c,a9,1f,ff,31,ea,90,4f,24,98,09,49,f0,61,76,51,d8,2f,ca,35,d6,bd,44,\
"rkeysecu"=hex:f9,4f,a9,ba,96,86,1e,53,2c,e6,d7,d8,c4,e6,c2,98
.
[HKEY_USERS\S-1-5-21-1218816752-1585885018-1708835945-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="3"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\mmrtkrnl.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2014-08-07  17:04:02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2014-08-07 15:03
.
Pre-Run: 83.969.032.192 byte disponibili
Post-Run: 83.755.601.920 byte disponibili
.
- - End Of File - - EDC96C7C7A5CD68D7C6FB7049E8E8352


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 08 August 2014 - 09:12 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 08 September 2014 - 09:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users