Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer for no reason. Help me


  • This topic is locked This topic is locked
22 replies to this topic

#1 TeckMike95

TeckMike95

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 12 August 2014 - 10:13 AM

Hello everyone,

 

Before starting to tell you the problem i have to say i have opened another topic,which i had it closed(for my reasons), dealing with another pc.

 

The problem of the present pc is that it is very slow for no particurarly reason. Infact, this computer have few programmes installed and I don' t use this computer to download programmes.

Here the System Specs:

 

Windows 8 Operating system
Intel® Celeron ® CPU 1000M @ 1.80 Ghz 
2GB RAM (1,82 usable)

 

 

I noticed through Task Manager that each time i power up the PC it uses 1,1/1,8 GB RAM  for no reason, even after 30 minutes and over until I shutdown it. However Task Manager don' t state the programme which uses so much memory.

 

 

Another annoying problem is that the audio often doesn' t work. i don' t understand: the audio sometimes works but it suddenly doesn' t work anymore.

 

I have Avast! Antivirus


Edited by TeckMike95, 12 August 2014 - 10:15 AM.


BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:02 PM

Posted 13 August 2014 - 12:54 PM

Hello TeckMike95,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
==========================================================================

Note that the hardware you have listed likely contributes to the slowness of the system.

That is an older processor, combined with 2GB of RAM, you cannot expect stellar performance from the machine.

Having that said, we will make sure it is free of malware. :)

Edited by TheShooter93, 13 August 2014 - 12:55 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 13 August 2014 - 03:48 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by ACER (administrator) on GENERICO on 13-08-2014 22:45:15
Running from C:\Users\ACER\Downloads
Platform: Windows 8 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\WINDOWS\SysWOW64\srvany.exe
() C:\WINDOWS\KMService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Dritek System INC.) C:\WINDOWS\RfBtnSvc64.exe
() C:\Program Files (x86)\ScanTack\updateScanTack.exe
() C:\Program Files (x86)\ScanTack\bin\utilScanTack.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-12-15] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [fst_it_86] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ
SearchScopes: HKLM - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=131&itype=a&ver=13337&tm=351&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {1631550F-191D-4826-B069-D9439253D926} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {d332cff8-358e-4c9e-8af3-a08872ef22c1} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.211.120.70 8.8.8.8
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong2\2.6.14\FF
FF Extension: PriceGong - C:\Program Files (x86)\PriceGong2\2.6.14\FF [2014-04-01]
 
Chrome: 
=======
CHR HomePage: www.google.com
CHR StartupUrls: "www.google.com"
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKCU\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong2\2.6.14\PriceGong2.crx [2014-02-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-05] (AVAST Software)
R3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-09-05] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-12-15] (Dritek System INC.)
R2 Update ScanTack; C:\Program Files (x86)\ScanTack\updateScanTack.exe [350496 2014-04-18] ()
R2 Util ScanTack; C:\Program Files (x86)\ScanTack\bin\utilScanTack.exe [350496 2014-04-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2014-03-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [440672 2014-03-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [41872 2014-07-09] (Aztec Media Inc)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-15] (Dritek System Inc.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 22:45 - 2014-08-13 22:46 - 00017885 _____ () C:\Users\ACER\Downloads\FRST.txt
2014-08-13 22:43 - 2014-08-13 22:45 - 00000000 ____D () C:\FRST
2014-08-13 22:37 - 2014-08-13 22:37 - 02100224 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2014-08-13 09:32 - 2014-08-13 09:48 - 00028160 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2014-08-08 11:34 - 2014-08-08 11:34 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-01 15:51 - 2014-08-01 15:50 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 15:50 - 2014-08-01 15:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 15:22 - 2014-08-01 15:24 - 00000000 ____D () C:\Users\Giuseppe\AppData\Roaming\Apple Computer
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Apple Computer
2014-07-31 16:19 - 2014-07-31 16:20 - 00459472 _____ () C:\WINDOWS\Minidump\073114-25734-01.dmp
2014-07-31 16:19 - 2014-07-31 16:19 - 333270819 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-17 22:09 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-17 22:09 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-17 22:06 - 2014-08-01 16:20 - 00011920 _____ () C:\WINDOWS\PFRO.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 22:46 - 2014-08-13 22:45 - 00017885 _____ () C:\Users\ACER\Downloads\FRST.txt
2014-08-13 22:46 - 2014-02-24 20:18 - 00001164 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 22:45 - 2014-08-13 22:43 - 00000000 ____D () C:\FRST
2014-08-13 22:38 - 2014-07-10 08:54 - 01048634 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-13 22:37 - 2014-08-13 22:37 - 02100224 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2014-08-13 22:05 - 2014-02-24 18:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3016200725-1750829020-4283187960-1001
2014-08-13 22:01 - 2014-02-24 20:18 - 00001160 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-13 09:48 - 2014-08-13 09:32 - 00028160 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2014-08-13 08:49 - 2014-02-24 20:19 - 00002169 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 18:50 - 2014-02-24 19:33 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-08-12 18:19 - 2014-02-24 19:47 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\uTorrent
2014-08-12 18:12 - 2014-02-24 19:27 - 00001372 _____ () C:\Users\ACER\Desktop\Internet Explorer.lnk
2014-08-12 17:29 - 2014-03-22 18:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 16:16 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-12 14:50 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-08-12 14:50 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-08 12:00 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 11:58 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-08 11:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-08 11:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-08 11:56 - 2014-07-10 16:39 - 00000000 ____D () C:\ProgramData\systemk
2014-08-08 11:38 - 2014-07-10 18:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3016200725-1750829020-4283187960-1005
2014-08-08 11:34 - 2014-08-08 11:34 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-08 10:36 - 2012-12-15 05:10 - 00791380 _____ () C:\WINDOWS\system32\perfh010.dat
2014-08-08 10:36 - 2012-12-15 05:10 - 00153214 _____ () C:\WINDOWS\system32\perfc010.dat
2014-08-08 10:36 - 2012-07-26 09:28 - 01781840 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-01 16:20 - 2014-07-17 22:06 - 00011920 _____ () C:\WINDOWS\PFRO.log
2014-08-01 15:51 - 2014-02-24 19:27 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-01 15:50 - 2014-08-01 15:51 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 15:50 - 2014-08-01 15:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 15:50 - 2014-03-05 21:55 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-01 15:50 - 2014-02-24 19:27 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-01 15:24 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Roaming\Apple Computer
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Apple Computer
2014-08-01 15:19 - 2014-07-10 19:41 - 00000000 ____D () C:\Users\Giuseppe\Desktop\Giuseppe
2014-07-31 21:57 - 2014-07-10 18:46 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Packages
2014-07-31 21:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-31 16:20 - 2014-07-31 16:19 - 00459472 _____ () C:\WINDOWS\Minidump\073114-25734-01.dmp
2014-07-31 16:19 - 2014-07-31 16:19 - 333270819 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-31 16:19 - 2014-03-18 23:02 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-31 10:29 - 2014-07-11 15:52 - 00004162 _____ () C:\WINDOWS\setupact.log
2014-07-30 08:36 - 2014-02-24 19:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-30 08:31 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2014-07-18 08:37 - 2014-02-24 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-17 22:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-17 22:02 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
 
Some content of TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\MouseKeyboardCenterx64_1040.exe
C:\Users\ACER\AppData\Local\Temp\OffertzSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-29 23:56
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by ACER at 2014-08-13 22:46:59
Running from C:\Users\ACER\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3009 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3007 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
Acer Registration (HKLM\...\{64E785C9-B1F9-4889-B199-5FFC69224C60}) (Version: 2.00.3001 - Acer Incorporated)
Adobe Reader XI (11.0.07) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Centro gestione Mouse e Tastiere Microsoft (Version: 2.3.188.0 - Microsoft Corporation) Hidden
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft Access MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office OSM MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-07-2014 10:56:32 Windows Update
01-08-2014 12:30:47 Windows Update
08-08-2014 08:32:57 Windows Update
12-08-2014 11:08:09 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2B09265B-253F-4309-BB2E-A9A1243EAF94} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-10-09] (Acer Incorporated)
Task: {2FFEBAFE-1CB9-4B11-B9EE-AF84C925672C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {49CDBF86-C13F-458E-95D3-15E17B663DFB} - System32\Tasks\GREGTask => C:\Program Files\Acer\Acer Registration\GREGLauncher.exe [2012-08-28] ()
Task: {5343D23F-4A9D-434A-8B59-349FF270370B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6D699984-0C89-4937-8625-C0815D382461} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-09-05] (Acer Incorporated)
Task: {77D85ED8-3056-4C1F-9B46-2DBA11235FB0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {80343C41-F9F3-4F73-A6BC-1343FB98BAC1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {813CAA46-DCEC-4169-9F3B-15A91F25E718} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {85D4448D-F875-42F7-AF7E-CCCB6979A7E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {8976A716-B1FE-402A-BE81-29683CE9C0B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {8A03B847-7F00-4984-B330-C2332A3A1BE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-30] (Microsoft Corporation)
Task: {8A7C3A4A-4758-4AC6-BED0-B4B60CEDC2F4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9AB9C3A6-B922-439A-AC67-D06ECFA45F6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7EA5607-2A23-4AFF-A1A7-9E7E8CAC6B07} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C62035B4-DF70-4F51-B455-019D75C82CCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F2CB69F0-414C-4E4A-81F3-35E1B2A7343E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA7C48C6-8A65-410F-AFEB-AEA3918E93B3} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd [2013-03-19] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-18 20:32 - 2014-04-13 11:03 - 00665104 ____N () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2014-02-24 19:18 - 2010-06-16 02:44 - 00008192 _____ () C:\WINDOWS\SysWOW64\srvany.exe
2014-02-24 19:18 - 2013-03-07 04:24 - 00261174 _____ () C:\WINDOWS\KMService.exe
2014-03-29 01:27 - 2014-04-18 11:17 - 00350496 _____ () C:\Program Files (x86)\ScanTack\updateScanTack.exe
2014-04-03 00:20 - 2014-04-24 22:06 - 00350496 _____ () C:\Program Files (x86)\ScanTack\bin\utilScanTack.exe
2014-02-26 18:06 - 2014-02-26 18:07 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-09 07:59 - 2012-10-23 20:37 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2014-07-10 16:39 - 2014-07-09 17:04 - 00489488 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-08-01 15:50 - 2014-08-01 15:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-08 11:17 - 2014-08-08 11:17 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080800\algo.dll
2014-08-13 09:33 - 2014-08-13 09:33 - 02786304 _____ () C:\Program Files\AVAST Software\Avast\defs\14081203\algo.dll
2012-12-15 05:26 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-01 15:50 - 2014-08-01 15:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-10 16:39 - 2014-07-09 17:04 - 00019472 _____ () C:\Program Files (x86)\Settings Manager\systemk\smdmfldr.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/13/2014 10:47:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:27:27Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:46:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:26:57Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:46:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:27:26Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:45:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:26:56Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:45:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:27:26Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:44:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:26:56Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:44:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:27:26Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:44:04 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=5FD2232FDD9944D4BEE350501AA9B335;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\9618bfab-7eef-400f-9585-347190651787.dmp
 
Error: (08/13/2014 10:43:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:26:56Z. Codice errore: 0x80041316.
 
Error: (08/13/2014 10:43:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-12T20:27:26Z. Codice errore: 0x80041316.
 
 
System errors:
=============
Error: (08/12/2014 11:24:01 PM) (Source: DCOM) (EventID: 10010) (User: GENERICO)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
 
Error: (08/12/2014 06:03:47 PM) (Source: DCOM) (EventID: 10010) (User: GENERICO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (08/12/2014 06:03:47 PM) (Source: DCOM) (EventID: 10010) (User: GENERICO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (08/12/2014 06:03:47 PM) (Source: DCOM) (EventID: 10010) (User: GENERICO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (08/12/2014 06:03:47 PM) (Source: DCOM) (EventID: 10010) (User: GENERICO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (08/12/2014 02:32:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento della protezione per Windows 8 per sistemi basati su x64 (KB2926765).
 
Error: (08/08/2014 00:00:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio avast! Firewall non è stato avviato per il seguente errore: 
%%1053
 
Error: (08/08/2014 00:00:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio avast! Firewall.
 
Error: (08/08/2014 11:59:00 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (08/08/2014 11:57:24 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Il servizio Windows Update non è stato arrestato correttamente dopo la ricezione di un controllo di pre-arresto del sistema.
 
 
Microsoft Office Sessions:
=========================
Error: (08/13/2014 10:47:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:27:27Z
 
Error: (08/13/2014 10:46:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:26:57Z
 
Error: (08/13/2014 10:46:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:27:26Z
 
Error: (08/13/2014 10:45:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:26:56Z
 
Error: (08/13/2014 10:45:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:27:26Z
 
Error: (08/13/2014 10:44:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:26:56Z
 
Error: (08/13/2014 10:44:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:27:26Z
 
Error: (08/13/2014 10:44:04 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=5FD2232FDD9944D4BEE350501AA9B335;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\9618bfab-7eef-400f-9585-347190651787.dmp
 
Error: (08/13/2014 10:43:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:26:56Z
 
Error: (08/13/2014 10:43:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-12T20:27:26Z
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 75%
Total physical RAM: 1863.27 MB
Available physical RAM: 465.38 MB
Total Pagefile: 4226.45 MB
Available Pagefile: 2303.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:283.41 GB) (Free:193.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F20CF5EE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 13 August 2014 - 03:50 PM

However, thanks for your reply  :) 

 

But what about the audio problem ?


Edited by TeckMike95, 13 August 2014 - 03:51 PM.


#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:02 PM

Posted 14 August 2014 - 12:34 PM

Hello TeckMike95,
 
Your computer does have a slight amount of adware on it, so let's take care of that.
 
======================================================

AdwCleaner by Xplode - Delete Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • A logfile should automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt if needed.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 15 August 2014 - 03:12 PM

# AdwCleaner v3.306 - Rapporto creato 15/08/2014 in 22:04:20
# Aggiornato 15/08/2014 di Xplode
# Sistema operativo : Windows 8  (64 bits)
# Nome utente : ACER - GENERICO
# In esecuzione da : C:\Users\ACER\Downloads\AdwCleaner.exe
# Opzione : Scansiona
 
***** [ Servizi ] *****
 
Servizio Trovato : F06DEFF2-5B9C-490D-910F-35D3A9119622
Servizio Trovato : Update ScanTack
Servizio Trovato : Util ScanTack
 
***** [ File / Cartelle ] *****
 
Cartella Trovato : C:\Program Files (x86)\IminentToolbar
Cartella Trovato : C:\Program Files (x86)\Nosibay
Cartella Trovato : C:\Program Files (x86)\predm
Cartella Trovato : C:\Program Files (x86)\PriceGong2
Cartella Trovato : C:\Program Files (x86)\ScanTack
Cartella Trovato : C:\Program Files (x86)\Settings Manager
Cartella Trovato : C:\Program Files (x86)\SupTab
Cartella Trovato : C:\ProgramData\IePluginService
Cartella Trovato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong2
Cartella Trovato : C:\ProgramData\systemk
Cartella Trovato : C:\ProgramData\WPM
Cartella Trovato : C:\Users\ACER\AppData\Local\lollipop
Cartella Trovato : C:\Users\ACER\AppData\LocalLow\DataMngr
Cartella Trovato : C:\Users\ACER\AppData\LocalLow\IminentToolbar
Cartella Trovato : C:\Users\ACER\AppData\LocalLow\PriceGong2
Cartella Trovato : C:\Users\ACER\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Cartella Trovato : C:\Users\ACER\AppData\Roaming\IminentToolbar
Cartella Trovato : C:\Users\ACER\AppData\Roaming\Nosibay
Cartella Trovato : C:\Users\ACER\AppData\Roaming\OpenCandy
Cartella Trovato : C:\Users\ACER\AppData\Roaming\SupTab
Cartella Trovato : C:\Users\ACER\Documents\Optimizer Pro
Cartella Trovato : C:\Users\Giuseppe\AppData\LocalLow\DataMngr
Cartella Trovato : C:\Users\Giuseppe\AppData\LocalLow\PriceGong2
File Trovato : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Trovato : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Trovato : C:\Users\ACER\AppData\Roaming\Bubble Dock.boostrap.log
File Trovato : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
 
***** [ Compiti ] *****
 
 
***** [ Collegamenti ] *****
 
Collegamento Trovato : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ )
 
***** [ Registro ] *****
 
Chiave Trovati : HKCU\Software\AnyProtect
Chiave Trovati : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Trovati : HKCU\Software\AppDataLow\Software\PriceGong2
Chiave Trovati : HKCU\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Chiave Trovati : HKCU\Software\Linkey
Chiave Trovati : HKCU\Software\lollipop
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Chiave Trovati : HKCU\Software\Nosibay
Chiave Trovati : HKCU\Software\powerpack
Chiave Trovati : HKCU\Software\ScanTack
Chiave Trovati : HKCU\Software\Softonic
Chiave Trovati : HKCU\Software\SystemK
Chiave Trovati : HKCU\Software\TutoTag
Chiave Trovati : [x64] HKCU\Software\AnyProtect
Chiave Trovati : [x64] HKCU\Software\Linkey
Chiave Trovati : [x64] HKCU\Software\lollipop
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Chiave Trovati : [x64] HKCU\Software\Nosibay
Chiave Trovati : [x64] HKCU\Software\powerpack
Chiave Trovati : [x64] HKCU\Software\ScanTack
Chiave Trovati : [x64] HKCU\Software\Softonic
Chiave Trovati : [x64] HKCU\Software\SystemK
Chiave Trovati : [x64] HKCU\Software\TutoTag
Chiave Trovati : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Trovati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Trovati : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Trovati : HKLM\SOFTWARE\Classes\Iminent
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Trovati : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chiave Trovati : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chiave Trovati : HKLM\SOFTWARE\Classes\speedupmypc
Chiave Trovati : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chiave Trovati : HKLM\SOFTWARE\free_soft_to_day
Chiave Trovati : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chiave Trovati : HKLM\SOFTWARE\IePlugin
Chiave Trovati : HKLM\SOFTWARE\Iminent
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock Update_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock Update_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_nero-2014_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\Uninstall Bubble Dock_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\Uninstall Bubble Dock_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chiave Trovati : HKLM\SOFTWARE\qone8Software
Chiave Trovati : HKLM\SOFTWARE\ScanTack
Chiave Trovati : HKLM\SOFTWARE\SupTab
Chiave Trovati : HKLM\SOFTWARE\supWPM
Chiave Trovati : HKLM\SOFTWARE\SystemK
Chiave Trovati : HKLM\SOFTWARE\Tutorials
Chiave Trovati : HKLM\SOFTWARE\Uniblue
Chiave Trovati : HKLM\SOFTWARE\Uniblue\DriverScanner
Chiave Trovati : HKLM\SOFTWARE\Wpm
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Trovati : [x64] HKLM\SOFTWARE\Iminent
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Dato Trovati : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ
Valore Trovati : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valore Trovati : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Valore Trovati : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valore Trovati : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Valore Trovati : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Valore Trovati : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
 
***** [ Browser ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.qone8.com/web/?type=ds&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ&q={searchTerms}
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://start.qone8.com/?type=hp&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.qone8.com/?type=hp&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.qone8.com/web/?type=ds&ts=1396371355&from=nsbit&uid=ST320LT020-9YG142_W0Q7ASRJXXXXW0Q7ASRJ&q={searchTerms}
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Trovato [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
Trovato [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
 
[ File : C:\Users\Giuseppe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13492 octets] - [15/08/2014 22:04:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13553 octets] ##########


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:02 PM

Posted 16 August 2014 - 03:08 PM

Hi TeckMike95,

TheShooter is not available at the moment, so I will work with you from now on.

Please open AdwCleaner again, click on Search, then please click on the Clean Button.

After that, please perform a fresh scan with FRST and post the logfile in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 17 August 2014 - 02:00 PM

# AdwCleaner v3.306 - Rapporto creato 17/08/2014 in 19:41:35
# Aggiornato 15/08/2014 di Xplode
# Sistema operativo : Windows 8  (64 bits)
# Nome utente : ACER - GENERICO
# In esecuzione da : C:\Users\ACER\Downloads\AdwCleaner.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
Servizio Eliminato : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Servizio Eliminato : Update ScanTack
[#] Servizio Eliminato : Util ScanTack
 
***** [ File / Cartelle ] *****
 
Cartella Eliminato : C:\ProgramData\IePluginService
Cartella Eliminato : C:\ProgramData\systemk
Cartella Eliminato : C:\ProgramData\WPM
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong2
Cartella Eliminato : C:\Program Files (x86)\IminentToolbar
Cartella Eliminato : C:\Program Files (x86)\Nosibay
Cartella Eliminato : C:\Program Files (x86)\predm
Cartella Eliminato : C:\Program Files (x86)\PriceGong2
Cartella Eliminato : C:\Program Files (x86)\ScanTack
Cartella Eliminato : C:\Program Files (x86)\Settings Manager
Cartella Eliminato : C:\Program Files (x86)\SupTab
Cartella Eliminato : C:\Users\ACER\AppData\Local\lollipop
Cartella Eliminato : C:\Users\ACER\AppData\LocalLow\DataMngr
Cartella Eliminato : C:\Users\ACER\AppData\LocalLow\IminentToolbar
Cartella Eliminato : C:\Users\ACER\AppData\LocalLow\PriceGong2
Cartella Eliminato : C:\Users\ACER\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Cartella Eliminato : C:\Users\ACER\AppData\Roaming\IminentToolbar
Cartella Eliminato : C:\Users\ACER\AppData\Roaming\Nosibay
Cartella Eliminato : C:\Users\ACER\AppData\Roaming\OpenCandy
Cartella Eliminato : C:\Users\ACER\AppData\Roaming\SupTab
Cartella Eliminato : C:\Users\ACER\Documents\Optimizer Pro
Cartella Eliminato : C:\Users\Giuseppe\AppData\LocalLow\DataMngr
Cartella Eliminato : C:\Users\Giuseppe\AppData\LocalLow\PriceGong2
File Eliminato : C:\Users\ACER\AppData\Roaming\Bubble Dock.boostrap.log
File Eliminato : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
File Eliminato : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Eliminato : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
 
***** [ Compiti ] *****
 
 
***** [ Collegamenti ] *****
 
Collegamento Disinfetatti : C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registro ] *****
 
Valore Eliminati : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Chiave Eliminati : HKCU\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chiave Eliminati : HKLM\SOFTWARE\Classes\Iminent
Chiave Eliminati : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chiave Eliminati : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\speedupmypc
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock Update_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock Update_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Uninstall Bubble Dock_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Uninstall Bubble Dock_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Valore Eliminati : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valore Eliminati : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_nero-2014_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Dato Ripristinati : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chiave Eliminati : HKCU\Software\AnyProtect
Chiave Eliminati : HKCU\Software\Linkey
Chiave Eliminati : HKCU\Software\lollipop
Chiave Eliminati : HKCU\Software\Nosibay
Chiave Eliminati : HKCU\Software\powerpack
Chiave Eliminati : HKCU\Software\ScanTack
Chiave Eliminati : HKCU\Software\Softonic
Chiave Eliminati : HKCU\Software\SystemK
Chiave Eliminati : HKCU\Software\TutoTag
Chiave Eliminati : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKCU\Software\AppDataLow\Software\PriceGong2
Chiave Eliminati : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminati : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chiave Eliminati : HKLM\SOFTWARE\free_soft_to_day
Chiave Eliminati : HKLM\SOFTWARE\IePlugin
Chiave Eliminati : HKLM\SOFTWARE\Iminent
Chiave Eliminati : HKLM\SOFTWARE\qone8Software
Chiave Eliminati : HKLM\SOFTWARE\ScanTack
Chiave Eliminati : HKLM\SOFTWARE\SupTab
Chiave Eliminati : HKLM\SOFTWARE\supWPM
Chiave Eliminati : HKLM\SOFTWARE\SystemK
Chiave Eliminati : HKLM\SOFTWARE\Tutorials
Chiave Eliminati : HKLM\SOFTWARE\Uniblue
Chiave Eliminati : HKLM\SOFTWARE\Wpm
Chiave Eliminati : [x64] HKLM\SOFTWARE\Iminent
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browser ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Eliminati [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
Eliminati [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
 
[ File : C:\Users\Giuseppe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13722 octets] - [15/08/2014 22:04:20]
AdwCleaner[R1].txt - [13783 octets] - [17/08/2014 19:31:24]
AdwCleaner[S0].txt - [11776 octets] - [17/08/2014 19:41:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11837 octets] ##########


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:02 PM

Posted 17 August 2014 - 04:54 PM

 

After that, please perform a fresh scan with FRST and post the logfile in your next reply.

Please do this now :)


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 18 August 2014 - 10:50 AM

Oh, sorry !  :rolleyes: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by ACER (administrator) on GENERICO on 18-08-2014 17:31:30
Running from C:\Users\ACER\Downloads
Platform: Windows 8 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\WINDOWS\SysWOW64\srvany.exe
() C:\WINDOWS\KMService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Dritek System INC.) C:\WINDOWS\RfBtnSvc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-12-15] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [fst_it_86] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.211.120.70 8.8.8.8
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: www.google.com
CHR StartupUrls: "www.google.com"
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-05] (AVAST Software)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-09-05] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-12-15] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2014-03-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [440672 2014-03-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-15] (Dritek System Inc.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 17:31 - 2014-08-18 17:31 - 00000000 ____D () C:\Users\ACER\Downloads\FRST-OlderVersion
2014-08-17 20:42 - 2014-08-02 02:15 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-17 20:42 - 2014-08-02 02:15 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 20:40 - 2014-08-17 20:41 - 00423080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-17 19:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-17 19:00 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 19:00 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 18:15 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-17 18:15 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-17 18:15 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-17 18:15 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-17 18:15 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 18:15 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 18:15 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 18:15 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-17 18:15 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-08-17 18:14 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-17 18:14 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-17 18:14 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-17 18:14 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-17 18:14 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-17 18:14 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-08-17 18:01 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-17 18:01 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-15 22:10 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-08-15 22:10 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-08-15 22:03 - 2014-08-18 16:49 - 00000000 ____D () C:\AdwCleaner
2014-08-15 22:00 - 2014-08-15 22:00 - 01361203 _____ () C:\Users\ACER\Downloads\AdwCleaner.exe
2014-08-13 22:46 - 2014-08-13 22:47 - 00021333 _____ () C:\Users\ACER\Downloads\Addition.txt
2014-08-13 22:45 - 2014-08-18 17:32 - 00012957 _____ () C:\Users\ACER\Downloads\FRST.txt
2014-08-13 22:43 - 2014-08-18 17:31 - 00000000 ____D () C:\FRST
2014-08-13 22:37 - 2014-08-18 17:31 - 02101760 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2014-08-13 09:32 - 2014-08-13 09:48 - 00028160 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2014-08-08 11:34 - 2014-08-08 11:34 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-01 15:51 - 2014-08-01 15:50 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 15:50 - 2014-08-01 15:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 15:22 - 2014-08-01 15:24 - 00000000 ____D () C:\Users\Giuseppe\AppData\Roaming\Apple Computer
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Apple Computer
2014-07-31 16:19 - 2014-07-31 16:20 - 00459472 _____ () C:\WINDOWS\Minidump\073114-25734-01.dmp
2014-07-31 16:19 - 2014-07-31 16:19 - 333270819 _____ () C:\WINDOWS\MEMORY.DMP
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 17:32 - 2014-08-13 22:45 - 00012957 _____ () C:\Users\ACER\Downloads\FRST.txt
2014-08-18 17:31 - 2014-08-18 17:31 - 00000000 ____D () C:\Users\ACER\Downloads\FRST-OlderVersion
2014-08-18 17:31 - 2014-08-13 22:43 - 00000000 ____D () C:\FRST
2014-08-18 17:31 - 2014-08-13 22:37 - 02101760 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2014-08-18 17:03 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-18 17:01 - 2014-07-10 08:54 - 01850532 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-18 16:53 - 2014-02-24 18:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3016200725-1750829020-4283187960-1001
2014-08-18 16:49 - 2014-08-15 22:03 - 00000000 ____D () C:\AdwCleaner
2014-08-18 16:47 - 2014-02-24 20:18 - 00001164 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 16:42 - 2014-02-24 20:18 - 00001160 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 22:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-17 20:41 - 2014-08-17 20:40 - 00423080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-17 20:41 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-17 20:40 - 2014-07-17 22:06 - 00013550 _____ () C:\WINDOWS\PFRO.log
2014-08-17 20:39 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-17 20:35 - 2014-02-24 19:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-17 20:35 - 2014-02-24 19:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 20:35 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-17 20:33 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-17 20:28 - 2014-03-08 23:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-17 20:24 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-17 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-08-17 18:53 - 2014-02-24 20:19 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 22:00 - 2014-08-15 22:00 - 01361203 _____ () C:\Users\ACER\Downloads\AdwCleaner.exe
2014-08-14 09:35 - 2012-12-15 05:10 - 00791380 _____ () C:\WINDOWS\system32\perfh010.dat
2014-08-14 09:35 - 2012-12-15 05:10 - 00153214 _____ () C:\WINDOWS\system32\perfc010.dat
2014-08-14 09:35 - 2012-07-26 09:28 - 01781840 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-14 09:34 - 2014-07-11 15:52 - 00004943 _____ () C:\WINDOWS\setupact.log
2014-08-13 22:47 - 2014-08-13 22:46 - 00021333 _____ () C:\Users\ACER\Downloads\Addition.txt
2014-08-13 09:48 - 2014-08-13 09:32 - 00028160 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2014-08-12 18:50 - 2014-02-24 19:33 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-08-12 18:19 - 2014-02-24 19:47 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\uTorrent
2014-08-12 18:12 - 2014-02-24 19:27 - 00001372 _____ () C:\Users\ACER\Desktop\Internet Explorer.lnk
2014-08-12 17:29 - 2014-03-22 18:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-08 11:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-08 11:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-08 11:38 - 2014-07-10 18:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3016200725-1750829020-4283187960-1005
2014-08-08 11:34 - 2014-08-08 11:34 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-02 02:15 - 2014-08-17 20:42 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2014-08-17 20:42 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:51 - 2014-02-24 19:27 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-01 15:50 - 2014-08-01 15:51 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 15:50 - 2014-08-01 15:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 15:50 - 2014-03-05 21:55 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-01 15:50 - 2014-02-24 19:27 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-01 15:24 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Roaming\Apple Computer
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Apple Computer
2014-08-01 15:19 - 2014-07-10 19:41 - 00000000 ____D () C:\Users\Giuseppe\Desktop\Giuseppe
2014-07-31 23:41 - 2014-03-08 23:47 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-31 21:57 - 2014-07-10 18:46 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Packages
2014-07-31 21:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-31 16:20 - 2014-07-31 16:19 - 00459472 _____ () C:\WINDOWS\Minidump\073114-25734-01.dmp
2014-07-31 16:19 - 2014-07-31 16:19 - 333270819 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-31 16:19 - 2014-03-18 23:02 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-30 08:31 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2014-07-24 14:11 - 2014-08-17 18:14 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-24 14:10 - 2014-08-17 18:15 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-24 14:10 - 2014-08-17 18:15 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-24 14:10 - 2014-08-17 18:15 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-07-24 14:10 - 2014-08-17 18:14 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 19279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 15399936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-24 14:09 - 2014-08-17 18:15 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-24 12:52 - 2014-08-17 18:15 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-24 12:52 - 2014-08-17 18:15 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-24 12:52 - 2014-08-17 18:14 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 14371328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-24 12:51 - 2014-08-17 18:15 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-24 12:33 - 2014-08-17 18:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-24 12:29 - 2014-08-17 18:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-24 10:03 - 2014-08-17 18:14 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
 
Some content of TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\MouseKeyboardCenterx64_1040.exe
C:\Users\ACER\AppData\Local\Temp\OffertzSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-15 20:03
 

 

==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by ACER at 2014-08-18 17:33:05
Running from C:\Users\ACER\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3009 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3007 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
Acer Registration (HKLM\...\{64E785C9-B1F9-4889-B199-5FFC69224C60}) (Version: 2.00.3001 - Acer Incorporated)
Adobe Reader XI (11.0.08) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Centro gestione Mouse e Tastiere Microsoft (Version: 2.3.188.0 - Microsoft Corporation) Hidden
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft Access MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office OSM MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
01-08-2014 12:30:47 Windows Update
08-08-2014 08:32:57 Windows Update
12-08-2014 11:08:09 Windows Update
15-08-2014 17:42:06 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2FFEBAFE-1CB9-4B11-B9EE-AF84C925672C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {49CDBF86-C13F-458E-95D3-15E17B663DFB} - System32\Tasks\GREGTask => C:\Program Files\Acer\Acer Registration\GREGLauncher.exe [2012-08-28] ()
Task: {5343D23F-4A9D-434A-8B59-349FF270370B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6D699984-0C89-4937-8625-C0815D382461} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-09-05] (Acer Incorporated)
Task: {77D85ED8-3056-4C1F-9B46-2DBA11235FB0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {80343C41-F9F3-4F73-A6BC-1343FB98BAC1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {813CAA46-DCEC-4169-9F3B-15A91F25E718} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {85D4448D-F875-42F7-AF7E-CCCB6979A7E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {8976A716-B1FE-402A-BE81-29683CE9C0B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {8A7C3A4A-4758-4AC6-BED0-B4B60CEDC2F4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9AB9C3A6-B922-439A-AC67-D06ECFA45F6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7EA5607-2A23-4AFF-A1A7-9E7E8CAC6B07} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {AB229FF5-A470-41A9-9EF2-9C331879FDC6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {AB91FB0E-3E73-4484-B591-A2807FFAAA50} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {AEBD50AE-94D1-44DD-9DAF-27C72F9F8A6C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-31] (Microsoft Corporation)
Task: {C62035B4-DF70-4F51-B455-019D75C82CCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F2CB69F0-414C-4E4A-81F3-35E1B2A7343E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA7C48C6-8A65-410F-AFEB-AEA3918E93B3} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd [2013-03-19] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-24 19:18 - 2010-06-16 02:44 - 00008192 _____ () C:\WINDOWS\SysWOW64\srvany.exe
2014-02-24 19:18 - 2013-03-07 04:24 - 00261174 _____ () C:\WINDOWS\KMService.exe
2014-02-26 18:06 - 2014-02-26 18:07 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-09 07:59 - 2012-10-23 20:37 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2014-08-01 15:50 - 2014-08-01 15:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-17 19:06 - 2014-08-17 19:06 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081700\algo.dll
2012-12-15 05:26 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-01 15:50 - 2014-08-01 15:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 23:51 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2014 05:33:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:36Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:33:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:06Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:36Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:06Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:36Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:31:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:06Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:30:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:36Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:30:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:06Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:29:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:36Z. Codice errore: 0x80041316.
 
Error: (08/18/2014 05:29:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-17T14:41:06Z. Codice errore: 0x80041316.
 
 
System errors:
=============
Error: (08/17/2014 10:50:47 PM) (Source: DCOM) (EventID: 10010) (User: GENERICO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (08/17/2014 10:50:47 PM) (Source: DCOM) (EventID: 10010) (User: GENERICO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (08/17/2014 08:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio avast! Firewall non è stato avviato per il seguente errore: 
%%1053
 
Error: (08/17/2014 08:41:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio avast! Firewall.
 
Error: (08/17/2014 08:39:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (08/17/2014 07:51:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento della protezione per Windows 8 per sistemi basati su x64 (KB2982791).
 
Error: (08/17/2014 07:51:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento della sicurezza per Microsoft .NET Framework 3.5 per Windows 8 e Windows Server 2012 per sistemi basati su x64 (KB2966825).
 
Error: (08/17/2014 07:50:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento per Windows 8 per sistemi x64 (KB2976978).
 
Error: (08/17/2014 07:50:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento per Windows 8 per sistemi x64 (KB2962407).
 
Error: (08/17/2014 07:50:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento per Windows 8 per sistemi x64 (KB2973544).
 
 
Microsoft Office Sessions:
=========================
Error: (08/18/2014 05:33:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:36Z
 
Error: (08/18/2014 05:33:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:06Z
 
Error: (08/18/2014 05:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:36Z
 
Error: (08/18/2014 05:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:06Z
 
Error: (08/18/2014 05:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:36Z
 
Error: (08/18/2014 05:31:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:06Z
 
Error: (08/18/2014 05:30:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:36Z
 
Error: (08/18/2014 05:30:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:06Z
 
Error: (08/18/2014 05:29:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:36Z
 
Error: (08/18/2014 05:29:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-17T14:41:06Z
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 68%
Total physical RAM: 1863.27 MB
Available physical RAM: 580.38 MB
Total Pagefile: 3783.27 MB
Available Pagefile: 1934.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:283.41 GB) (Free:191.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F20CF5EE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:02 PM

Posted 18 August 2014 - 07:36 PM

Hello TeckMike95,
 
Sorry for the confusion about my temporary absence -- it was not planned.
 
Looks like AdwCleaner found some malware on your machine. To follow-up, please do the following things:
 
=========================================

Malwarebytes Antimalware

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

=========================================
 
ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.

=========================================

Lastly, how are things running now?  :) 


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#12 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 20 August 2014 - 04:16 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 20/08/2014
Scan Time: 12.46.53
Logfile: VIRUS.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.20.03
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: ACER
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329450
Time Elapsed: 32 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 11
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3016200725-1750829020-4283187960-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1631550F-191D-4826-B069-D9439253D926}, Quarantined, [9a39b4145c1f93a3860ccba4d42ec937], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\PriceFactorIE.PriceGong2BHO, Quarantined, [9a39b4145c1f93a3860ccba4d42ec937], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\PriceFactorIE.PriceGong2BHO.1, Quarantined, [9a39b4145c1f93a3860ccba4d42ec937], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceFactorIE.PriceGong2BHO, Quarantined, [9a39b4145c1f93a3860ccba4d42ec937], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceFactorIE.PriceGong2BHO.1, Quarantined, [9a39b4145c1f93a3860ccba4d42ec937], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3016200725-1750829020-4283187960-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1631550F-191D-4826-B069-D9439253D926}, Quarantined, [9a39b4145c1f93a3860ccba4d42ec937], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3016200725-1750829020-4283187960-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [a52e299f562592a4086d09697a88837d], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3016200725-1750829020-4283187960-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [a52e299f562592a4086d09697a88837d], 
PUP.Optional.ScanTack.A, HKU\S-1-5-21-3016200725-1750829020-4283187960-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}, Quarantined, [c3109d2b96e5ed498233db960ef4ac54], 
PUP.Optional.ScanTack.A, HKU\S-1-5-21-3016200725-1750829020-4283187960-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}, Quarantined, [c3109d2b96e5ed498233db960ef4ac54], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-3016200725-1750829020-4283187960-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [795ad7f1671454e204c08e728281827e], 
 
Registry Values: 1
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_it_86, Quarantined, [10c3ffc94f2cdd591f431de14cb615eb], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong2\2.6.14\PriceGong2.crx.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong2\2.6.14\PriceGong2IE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong2\2.6.14\FF\plugins\npPriceGong_FF.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\ScanTackBHO.dll.vir a variant of Win32/BrowseFox.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\updateScanTack.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\bin\utilScanTack.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\smdmf.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\smdmfldr.dll.vir a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\smdmfldr_u.dll.vir a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkbho.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkmgrc2.cfg.vir a variant of Win32/AdWare.Bandoo.AG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\SystemkService.exe.vir probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemku.exe.vir a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\smdmf.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\smdmfldr.dll.vir Win64/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\smdmfldr_u.dll.vir Win64/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg.vir a variant of Win64/Adware.Bandoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir a variant of Win32/Thinknice.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ACER\AppData\Roaming\SupTab\SupTab.dll.vir Win32/Thinknice.A potentially unwanted application deleted - quarantined
C:\Users\ACER\AppData\Local\nsi9B37.tmp Win32/AnyProtect.D potentially unwanted application deleted - quarantined
C:\Users\ACER\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Giuseppe\Downloads\aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Giuseppe\Downloads\aTube_Catcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\WINDOWS\KMService.exe a variant of Win32/HackTool.KMSAuto.A potentially unsafe application deleted (after the next restart) - quarantined
 


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:02 PM

Posted 22 August 2014 - 10:58 AM

Hello TeckMike95,

 

Looks like ESET took care of some entries.

 

How is your computer running now?

 

===================================

 

Also, if you can please include a fresh FRST log in your next post.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 23 August 2014 - 02:30 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
Ran by ACER at 2014-08-23 09:17:44
Running from C:\Users\ACER\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3009 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3007 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
Acer Registration (HKLM\...\{64E785C9-B1F9-4889-B199-5FFC69224C60}) (Version: 2.00.3001 - Acer Incorporated)
Adobe Reader XI (11.0.08) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Centro gestione Mouse e Tastiere Microsoft (Version: 2.3.188.0 - Microsoft Corporation) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office OSM MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (Italian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (Italian) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-08-2014 17:42:06 Windows Update
20-08-2014 10:11:44 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {042F35FF-99E7-4FD8-9094-244FE52649DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-31] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2FFEBAFE-1CB9-4B11-B9EE-AF84C925672C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {49CDBF86-C13F-458E-95D3-15E17B663DFB} - System32\Tasks\GREGTask => C:\Program Files\Acer\Acer Registration\GREGLauncher.exe [2012-08-28] ()
Task: {5343D23F-4A9D-434A-8B59-349FF270370B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6D699984-0C89-4937-8625-C0815D382461} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-09-05] (Acer Incorporated)
Task: {77D85ED8-3056-4C1F-9B46-2DBA11235FB0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {80343C41-F9F3-4F73-A6BC-1343FB98BAC1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {813CAA46-DCEC-4169-9F3B-15A91F25E718} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {85D4448D-F875-42F7-AF7E-CCCB6979A7E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {8976A716-B1FE-402A-BE81-29683CE9C0B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {8A7C3A4A-4758-4AC6-BED0-B4B60CEDC2F4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9AB9C3A6-B922-439A-AC67-D06ECFA45F6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7EA5607-2A23-4AFF-A1A7-9E7E8CAC6B07} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {AB229FF5-A470-41A9-9EF2-9C331879FDC6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\WINDOWS\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {AB91FB0E-3E73-4484-B591-A2807FFAAA50} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {C62035B4-DF70-4F51-B455-019D75C82CCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F2CB69F0-414C-4E4A-81F3-35E1B2A7343E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4A6AE99-9E4C-4E10-89D5-76A44ECE6AC9} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {FA7C48C6-8A65-410F-AFEB-AEA3918E93B3} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd [2013-03-19] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-09 07:59 - 2012-10-23 20:37 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2014-08-01 15:50 - 2014-08-01 15:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-20 16:07 - 2014-08-20 16:07 - 02800128 _____ () C:\Program Files\AVAST Software\Avast\defs\14082000\algo.dll
2014-08-23 09:13 - 2014-08-23 09:13 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082201\algo.dll
2012-12-15 05:26 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-01 15:50 - 2014-08-01 15:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2014 08:53:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma chrome.exe versione 36.0.1985.125 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 13bc
 
Ora di avvio: 01cfbe9dfa686216
 
Ora di chiusura: 3156
 
Percorso applicazione: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
ID segnalazione: 0efd688e-2a92-11e4-bea7-2089844e3af1
 
Nome completo pacchetto che ha generato l'errore: 
 
ID applicazione relativo al pacchetto che ha generato l'errore:
 
Error: (08/23/2014 08:43:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:19:39Z. Codice errore: 0x80041316.
 
Error: (08/23/2014 08:43:09 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:19:09Z. Codice errore: 0x80041316.
 
Error: (08/23/2014 08:42:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:19:39Z. Codice errore: 0x80041316.
 
Error: (08/21/2014 09:14:55 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:18:55Z. Codice errore: 0x80041316.
 
Error: (08/21/2014 09:14:25 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:19:25Z. Codice errore: 0x80041316.
 
Error: (08/21/2014 09:13:55 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:18:55Z. Codice errore: 0x80041316.
 
Error: (08/21/2014 09:13:25 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:19:25Z. Codice errore: 0x80041316.
 
Error: (08/21/2014 09:12:55 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:18:55Z. Codice errore: 0x80041316.
 
Error: (08/21/2014 09:12:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Impossibile pianificare il riavvio del servizio di protezione software per le ore 2014-09-19T19:19:24Z. Codice errore: 0x80041316.
 
 
System errors:
=============
Error: (08/23/2014 09:03:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento per Windows 8 per sistemi x64 (KB2962407).
 
Error: (08/21/2014 08:42:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x800f0902: Aggiornamento della protezione per Windows 8 per sistemi basati su x64 (KB2918614).
 
Error: (08/20/2014 11:19:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio avast! Firewall non è stato avviato per il seguente errore: 
%%1053
 
Error: (08/20/2014 11:19:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio avast! Firewall.
 
Error: (08/20/2014 11:18:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (08/20/2014 07:57:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio TimeBroker.
 
Error: (08/20/2014 07:57:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio upnphost.
 
Error: (08/20/2014 07:56:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio TimeBroker.
 
Error: (08/20/2014 07:56:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio upnphost.
 
Error: (08/20/2014 04:43:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio NlaSvc.
 
 
Microsoft Office Sessions:
=========================
Error: (08/23/2014 08:53:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.12513bc01cfbe9dfa6862163156C:\Program Files (x86)\Google\Chrome\Application\chrome.exe0efd688e-2a92-11e4-bea7-2089844e3af1
 
Error: (08/23/2014 08:43:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:19:39Z
 
Error: (08/23/2014 08:43:09 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:19:09Z
 
Error: (08/23/2014 08:42:39 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:19:39Z
 
Error: (08/21/2014 09:14:55 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:18:55Z
 
Error: (08/21/2014 09:14:25 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:19:25Z
 
Error: (08/21/2014 09:13:55 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:18:55Z
 
Error: (08/21/2014 09:13:25 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:19:25Z
 
Error: (08/21/2014 09:12:55 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:18:55Z
 
Error: (08/21/2014 09:12:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162014-09-19T19:19:24Z
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 47%
Total physical RAM: 1863.27 MB
Available physical RAM: 973.65 MB
Total Pagefile: 3783.27 MB
Available Pagefile: 2469.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:283.41 GB) (Free:195.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F20CF5EE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
Ran by ACER (administrator) on GENERICO on 23-08-2014 09:08:39
Running from C:\Users\ACER\Downloads
Platform: Windows 8 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Dritek System INC.) C:\WINDOWS\RfBtnSvc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\sdclt.exe
(Microsoft Corporation) C:\WINDOWS\System32\wsqmcons.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\NotificationUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-12-15] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {E7C28903-169B-4F03-BA5B-F1A9C68097E9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.211.120.70 8.8.8.8
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: www.google.com
CHR StartupUrls: "www.google.com"
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-05] (AVAST Software)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-09-05] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-12-15] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2014-03-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [440672 2014-03-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-15] (Dritek System Inc.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-20 16:37 - 2014-08-20 16:37 - 00000626 _____ () C:\WINDOWS\PFRO.log
2014-08-20 14:56 - 2014-08-20 14:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-20 14:55 - 2014-08-20 14:56 - 02347384 _____ (ESET) C:\Users\ACER\Downloads\esetsmartinstaller_enu.exe
2014-08-20 13:45 - 2014-08-20 13:45 - 00003451 _____ () C:\Users\ACER\Desktop\VIRUS.txt
2014-08-20 12:38 - 2014-08-20 12:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 12:38 - 2014-08-20 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 12:37 - 2014-08-20 12:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-20 12:37 - 2014-08-20 12:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 12:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-20 12:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-20 12:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-20 12:26 - 2014-08-20 12:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ACER\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-18 19:22 - 2014-08-23 09:15 - 01093591 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-18 17:31 - 2014-08-23 09:08 - 00000000 ____D () C:\Users\ACER\Downloads\FRST-OlderVersion
2014-08-17 20:42 - 2014-08-02 02:15 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-17 20:42 - 2014-08-02 02:15 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 20:40 - 2014-08-17 20:41 - 00423080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-17 19:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-17 19:00 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 19:00 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 18:15 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-17 18:15 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-17 18:15 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-17 18:15 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-08-17 18:15 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-17 18:15 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 18:15 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 18:15 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-08-17 18:15 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 18:15 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-17 18:15 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-08-17 18:14 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-17 18:14 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-17 18:14 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-17 18:14 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-17 18:14 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-17 18:14 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-17 18:14 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-17 18:14 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-08-17 18:01 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-17 18:01 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-15 22:10 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-08-15 22:10 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-08-15 22:03 - 2014-08-18 16:49 - 00000000 ____D () C:\AdwCleaner
2014-08-15 22:00 - 2014-08-15 22:00 - 01361203 _____ () C:\Users\ACER\Downloads\AdwCleaner.exe
2014-08-13 22:46 - 2014-08-18 17:34 - 00021198 _____ () C:\Users\ACER\Downloads\Addition.txt
2014-08-13 22:45 - 2014-08-23 09:16 - 00013198 _____ () C:\Users\ACER\Downloads\FRST.txt
2014-08-13 22:43 - 2014-08-23 09:09 - 00000000 ____D () C:\FRST
2014-08-13 22:37 - 2014-08-23 09:08 - 02102784 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2014-08-13 09:32 - 2014-08-13 09:48 - 00028160 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2014-08-08 11:34 - 2014-08-08 11:34 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-01 15:51 - 2014-08-01 15:50 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 15:50 - 2014-08-01 15:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 15:22 - 2014-08-01 15:24 - 00000000 ____D () C:\Users\Giuseppe\AppData\Roaming\Apple Computer
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Apple Computer
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 09:17 - 2014-02-24 19:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-23 09:16 - 2014-08-13 22:45 - 00013198 _____ () C:\Users\ACER\Downloads\FRST.txt
2014-08-23 09:16 - 2014-02-24 19:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-23 09:15 - 2014-08-18 19:22 - 01093591 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-23 09:09 - 2014-08-13 22:43 - 00000000 ____D () C:\FRST
2014-08-23 09:09 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-23 09:08 - 2014-08-18 17:31 - 00000000 ____D () C:\Users\ACER\Downloads\FRST-OlderVersion
2014-08-23 09:08 - 2014-08-13 22:37 - 02102784 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2014-08-23 08:46 - 2014-02-24 20:18 - 00001164 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 08:41 - 2014-02-24 20:18 - 00001160 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 08:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-20 23:19 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-20 23:18 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-20 23:16 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-20 16:37 - 2014-08-20 16:37 - 00000626 _____ () C:\WINDOWS\PFRO.log
2014-08-20 14:56 - 2014-08-20 14:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-20 14:56 - 2014-08-20 14:55 - 02347384 _____ (ESET) C:\Users\ACER\Downloads\esetsmartinstaller_enu.exe
2014-08-20 13:45 - 2014-08-20 13:45 - 00003451 _____ () C:\Users\ACER\Desktop\VIRUS.txt
2014-08-20 12:40 - 2014-08-20 12:38 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 12:38 - 2014-08-20 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 12:37 - 2014-08-20 12:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-20 12:37 - 2014-08-20 12:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 12:29 - 2014-08-20 12:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ACER\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-18 19:28 - 2014-02-24 18:48 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3016200725-1750829020-4283187960-1001
2014-08-18 18:15 - 2014-03-18 23:02 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-18 18:07 - 2014-02-24 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 18:07 - 2014-02-24 19:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-18 17:34 - 2014-08-13 22:46 - 00021198 _____ () C:\Users\ACER\Downloads\Addition.txt
2014-08-18 16:49 - 2014-08-15 22:03 - 00000000 ____D () C:\AdwCleaner
2014-08-17 20:41 - 2014-08-17 20:40 - 00423080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-17 20:35 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-17 20:28 - 2014-03-08 23:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-17 20:24 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-17 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-08-17 18:53 - 2014-02-24 20:19 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 22:00 - 2014-08-15 22:00 - 01361203 _____ () C:\Users\ACER\Downloads\AdwCleaner.exe
2014-08-14 09:35 - 2012-12-15 05:10 - 00791380 _____ () C:\WINDOWS\system32\perfh010.dat
2014-08-14 09:35 - 2012-12-15 05:10 - 00153214 _____ () C:\WINDOWS\system32\perfc010.dat
2014-08-14 09:35 - 2012-07-26 09:28 - 01781840 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-13 09:48 - 2014-08-13 09:32 - 00028160 ___SH () C:\Users\ACER\Desktop\Thumbs.db
2014-08-12 18:50 - 2014-02-24 19:33 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-08-12 18:19 - 2014-02-24 19:47 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\uTorrent
2014-08-12 18:12 - 2014-02-24 19:27 - 00001372 _____ () C:\Users\ACER\Desktop\Internet Explorer.lnk
2014-08-12 17:29 - 2014-03-22 18:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-08 11:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-08 11:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-08 11:38 - 2014-07-10 18:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3016200725-1750829020-4283187960-1005
2014-08-08 11:34 - 2014-08-08 11:34 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-08 11:33 - 2014-08-08 11:33 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-02 02:15 - 2014-08-17 20:42 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2014-08-17 20:42 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:51 - 2014-02-24 19:27 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-01 15:50 - 2014-08-01 15:51 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 15:50 - 2014-08-01 15:50 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 15:50 - 2014-03-05 21:55 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-01 15:50 - 2014-02-24 19:27 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-01 15:50 - 2014-02-24 19:27 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-01 15:24 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Roaming\Apple Computer
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Apple Computer
2014-08-01 15:19 - 2014-07-10 19:41 - 00000000 ____D () C:\Users\Giuseppe\Desktop\Giuseppe
2014-07-31 23:41 - 2014-03-08 23:47 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-31 21:57 - 2014-07-10 18:46 - 00000000 ____D () C:\Users\Giuseppe\AppData\Local\Packages
2014-07-31 21:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-30 08:31 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2014-07-24 14:11 - 2014-08-17 18:14 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-24 14:10 - 2014-08-17 18:15 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-24 14:10 - 2014-08-17 18:15 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-24 14:10 - 2014-08-17 18:15 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-07-24 14:10 - 2014-08-17 18:14 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 19279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 15399936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-24 14:09 - 2014-08-17 18:15 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-24 14:09 - 2014-08-17 18:15 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-24 14:09 - 2014-08-17 18:14 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-24 12:52 - 2014-08-17 18:15 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-24 12:52 - 2014-08-17 18:15 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-24 12:52 - 2014-08-17 18:14 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 14371328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-24 12:51 - 2014-08-17 18:15 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-24 12:51 - 2014-08-17 18:15 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-24 12:51 - 2014-08-17 18:14 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-24 12:33 - 2014-08-17 18:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-24 12:29 - 2014-08-17 18:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-24 10:03 - 2014-08-17 18:14 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-18 19:29
 
==================== End Of Log ============================


#15 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 23 August 2014 - 02:38 AM

However, on the square the computer run like originally.

 

I did the screenshoot of task manager. I think it isn' t normal.

I did the sreen without  running other programmes.

 

 

Attached File  Prestazioni.PNG   11.74KB   0 downloads

 

 

 

Moreover the problem with the audio haven' t changed:

 

when i start the computer the audio work, but not always.

Few minutes later, the audio doesn' t work anymore. 


Edited by TeckMike95, 23 August 2014 - 02:45 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users