Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable Virus ?


  • This topic is locked This topic is locked
10 replies to this topic

#1 TeckMike95

TeckMike95

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 31 August 2014 - 12:47 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.60.2
Run by Michele at 19:42:01 on 2014-08-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.4074.2034 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\mqtgsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\spool\DRIVERS\x64\3\E_YARNJJE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
mWinlogon: Userinit = userinit.exe
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe /STARTUP
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\Michele\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Aggiungi a TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: Interfaces\{C2E4C361-13E3-4048-B88F-DDA0E027704D} : DHCPNameServer = 198.211.120.70 8.8.8.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-6-9 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-25 279616]
R2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-6-9 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-6-9 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-6-9 117712]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2011-8-26 27648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-7-21 2544976]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-10-28 1809920]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-7-16 377616]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-28 2656280]
R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-10-28 20592]
R3 debutfilter;Debut Filter Driver v6.10.01;C:\Windows\System32\drivers\debutfilterx64.sys [2013-7-5 32024]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-10-28 38096]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-7-14 141392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 ServUpdater;Serv Updater;C:\Users\Michele\AppData\Local\ServUpdater\ServiceUpd.exe [2012-5-25 156160]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2010-10-18 42096]
S3 hcw66xxx;WinTV HVR-900H;C:\Windows\System32\drivers\hcw66x64.sys [2013-6-15 478720]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-24 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-28 247400]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-26 413800]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-28 54136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-25 1255736]
S4 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-5-4 135824]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-6-5 93040]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-08-31 17:27:05 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC615201-1915-43A5-AA5D-7BD882B9FACB}\mpengine.dll
2014-08-25 16:00:12 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-25 07:44:34 -------- d-----w- C:\Users\Michele\AppData\Roaming\WinBatch
2014-08-25 07:00:26 -------- d-----w- C:\Windows\pss
2014-08-24 22:34:33 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-24 22:34:33 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-24 22:34:33 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-24 22:34:33 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-24 22:34:32 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-24 22:34:32 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-24 22:34:08 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-24 22:34:08 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-24 20:35:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-24 20:35:28 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-24 20:35:06 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-24 20:35:06 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-24 20:35:06 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-24 20:35:06 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-24 20:35:05 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-24 20:35:05 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-24 20:35:05 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-24 20:34:51 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-23 11:43:19 -------- d-----w- C:\ProgramData\Package Cache
2014-08-23 11:40:10 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-23 11:40:10 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-23 11:13:16 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-23 11:13:16 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-23 11:06:16 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-23 11:06:04 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-23 11:06:04 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-23 11:05:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-23 11:05:58 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-23 11:05:58 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-23 11:05:58 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2014-08-26 08:29:45 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-05 07:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 09:02:28 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-16 09:02:25 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-07-11 18:32:12 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-10 10:54:51 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 10:54:51 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:43:14,25 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2011 19:23:09
System Uptime: 31/08/2014 19:17:19 (0 hours ago)
.
Motherboard: TOSHIBA |  | PWWHA
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz | CPU 1 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 103,597 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 136,992 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda miniport WiFi virtuale Microsoft
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B4DCC7D&0&01
Manufacturer: Microsoft
Name: Scheda miniport WiFi virtuale Microsoft
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B4DCC7D&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC301179&REV_05\4&1068A457&0&00E0
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FC301179&REV_05\4&1068A457&0&00E0
Service: RTL8167
.
==== System Restore Points ===================
.
RP629: 23/08/2014 13:05:33 - Windows Update
RP630: 24/08/2014 21:25:20 - Windows Update
RP631: 25/08/2014 00:33:13 - Windows Update
RP632: 25/08/2014 12:24:01 - Installed TOSHIBA ConfigFree.
RP633: 25/08/2014 12:43:44 - Removed TOSHIBA Flash Cards Support Utility
RP634: 25/08/2014 12:46:57 - Installato TOSHIBA Flash Cards Support Utility
RP635: 25/08/2014 14:20:45 - Configurato TOSHIBA Value Added Package
RP636: 25/08/2014 14:24:12 - Installato TOSHIBA Value Added Package
RP638: 25/08/2014 22:18:59 - Windows Defender Checkpoint
RP639: 26/08/2014 20:10:32 - Windows Backup
RP640: 31/08/2014 19:26:13 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08)
Ares 2.2.4
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
µTorrent
aTube Catcher
Avira
Avira Free Antivirus
Bluetooth Stack for Windows by Toshiba
CCleaner
D3DX10
DAEMON Tools Lite
Epson Connect Guide
Epson E-Web Print
Epson Event Manager
Epson FAX Utility
Epson Guida di rete WF-3520 Series
Epson Guida utente WF-3520 Series
EPSON Scan
EPSON WF-3520 Series Printer Uninstall
EpsonNet Print
Galerie de photos Windows Live
GeoGebra 4.2
GIMP 2.8.10
Google Chrome
Google Update Helper
High-Definition Video Playback
IIS 7.5 Express
ImgBurn
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 60
Java 8 Update 5 (64-bit)
Java Auto Updater
JavaFX 2.1.0
Junk Mail filter update
LAME v3.99.3 (for Windows)
LogMeIn Hamachi
Malwarebytes Anti-Malware versione 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (ITA)
Microsoft .NET Framework 4.5.1 (Italiano)
Microsoft Antimalware Service IT-IT Language Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client IT-IT Language Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA
Microsoft VM for Java
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NeroKwikMedia Help (CHM)
NVIDIA Control Panel 268.57
NVIDIA Graphics Driver 268.57
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OpenOffice 4.1.0
PET 1.00
PlayReady PC Runtime amd64
Presto! PageManager 9.03 SE
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Software Updater
SpywareBlaster 5.0
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TRORMCLauncher
Utility Common Driver
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.2
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
.
==== End Of File ===========================

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 02 September 2014 - 09:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 04 September 2014 - 02:54 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data scansione: 04/09/2014
Ora scansione: 09:06:27
File di log: VIRUS 2.txt
Amministratore: Si
 
Versione: 2.00.2.1012
Database malware: v2014.09.03.08
Database rootkit: v2014.08.21.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata
 
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Michele
 
Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 407072
Tempo impiegato: 26 min, 57 sec
 
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Heuristics: Attivata
PUP: Avviso
PUM: Attivata
 
Processi: 0
(No malicious items detected)
 
Moduli: 0
(No malicious items detected)
 
Chiavi di registro: 0
(No malicious items detected)
 
Valori di registro: 0
(No malicious items detected)
 
Dati di registro: 0
(No malicious items detected)
 
Cartelle: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Settori fisici: 0
(No malicious items detected)
 
 
(end)
 
 
MBAM has detected 1 virus but it hasn' t state in the log because while MBAM was scanning Avira detected the same virus, but firstly. So i moved it into the quarantine and MBAM couldn' t removed it.
 
 
Here the Avira log.
 
Tipo: File
Fonte: C:\Users\Michele\Downloads\File.Download__2299_i1225477004_il2.exe
Stato: Infetta
Oggetto in quarantena: 51fdb75b.qua
Ripristinato: NO
Upload effettuato in Avira: NO
Sistema operativo: Windows XP/VISTA Workstation/Windows 7
Motore di ricerca: 8.03.24.20
File di definizione dei virus: 8.11.170.208
Rilevamento: ADWARE/Amonetize.tzw
Data/Ora: 04/09/2014, 09:23
 
 
# AdwCleaner v3.309 - Rapporto creato 04/09/2014 in 09:37:58
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Michele - MICHELE-TOSH
# In esecuzione da : C:\Users\Michele\Downloads\adwcleaner_3.309.exe
# Opzione : Scansiona
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
File Trovato : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpi
 
***** [ Compiti ] *****
 
Compito Trovati : Desk 365 RunAsStdUser
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1059 octets] - [26/12/2013 14:39:26]
AdwCleaner[R1].txt - [2538 octets] - [04/09/2014 09:37:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2598 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Michele (administrator) on MICHELE-TOSH on 04-09-2014 09:42:29
Running from C:\Users\Michele\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Michele\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [561152 2011-04-20] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1253568964-3819609821-2818974366-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1253568964-3819609821-2818974366-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1253568964-3819609821-2818974366-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 198.211.120.70 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-05-14]
 
Chrome: 
=======
CHR Profile: C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-21] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 ServUpdater; C:\Users\Michele\AppData\Local\ServUpdater\ServiceUpd.exe [156160 2011-12-16] (ServiceUpd) [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [480256 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [32024 2013-07-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-25] (DT Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [478720 2008-05-28] (Hauppauge Computer Works, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 09:42 - 2014-09-04 09:43 - 00019786 _____ () C:\Users\Michele\Downloads\FRST.txt
2014-09-04 09:42 - 2014-09-04 09:42 - 00000000 ____D () C:\FRST
2014-09-04 09:41 - 2014-09-04 09:41 - 02104832 _____ (Farbar) C:\Users\Michele\Downloads\FRST64 (1).exe
2014-09-04 09:34 - 2014-09-04 09:34 - 00001163 _____ () C:\Users\Michele\Desktop\VIRUS 2.txt
2014-09-03 21:22 - 2014-09-03 21:22 - 02104832 _____ (Farbar) C:\Users\Michele\Downloads\FRST64.exe
2014-09-03 21:21 - 2014-09-03 21:22 - 01370467 _____ () C:\Users\Michele\Downloads\adwcleaner_3.309.exe
2014-09-03 21:05 - 2014-09-03 21:05 - 00001912 _____ () C:\Users\Michele\Desktop\VIRUS.txt
2014-09-02 12:26 - 2014-09-02 12:37 - 00000000 ____D () C:\Users\Michele\Desktop\Nuova cartella (2)
2014-08-31 19:48 - 2014-08-31 19:49 - 00000000 ____D () C:\Users\Michele\Desktop\Nuova cartella
2014-08-31 19:41 - 2014-08-31 19:41 - 00688992 ____R (Swearware) C:\Users\Michele\Downloads\dds.com
2014-08-25 14:32 - 2014-08-25 14:32 - 00000000 ____D () C:\ProgramData\Toshiba
2014-08-25 09:44 - 2014-08-25 09:44 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\WinBatch
2014-08-25 09:00 - 2014-08-25 09:25 - 00000000 ____D () C:\Windows\pss
2014-08-25 00:34 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 00:34 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-25 00:34 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-25 00:34 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 00:34 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 00:34 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 00:34 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-25 00:34 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-24 23:26 - 2014-08-25 00:32 - 00000246 _____ () C:\Users\Michele\Desktop\Nuovo documento di testo.txt
2014-08-24 22:55 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-24 22:55 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-24 22:55 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-24 22:55 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-24 22:55 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-24 22:55 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-24 22:55 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-24 22:55 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-24 22:55 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-24 22:55 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-24 22:55 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-24 22:55 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-24 22:55 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-24 22:55 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-24 22:55 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-24 22:55 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-24 22:55 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-24 22:55 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-24 22:55 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-24 22:55 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-24 22:55 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-24 22:55 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-24 22:55 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-24 22:55 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-24 22:55 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-24 22:55 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-24 22:55 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-24 22:55 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-24 22:55 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-24 22:55 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-24 22:55 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-24 22:55 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-24 22:55 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-24 22:55 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-24 22:55 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-24 22:55 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-24 22:55 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-24 22:55 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-24 22:55 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-24 22:55 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-24 22:55 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-24 22:55 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-24 22:55 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-24 22:55 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-24 22:55 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-24 22:55 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-24 22:55 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-24 22:55 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-24 22:55 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-24 22:55 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-24 22:55 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-24 22:55 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-24 22:55 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-24 22:55 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-24 22:55 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-24 22:55 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-24 22:35 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-24 22:35 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-24 22:35 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-24 22:35 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-24 22:35 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-24 22:35 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-24 22:35 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-24 22:35 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-24 22:35 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-24 22:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-24 22:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-24 22:34 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 13:43 - 2014-08-23 13:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 13:40 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 13:40 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-23 13:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-23 13:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-23 13:06 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 13:06 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 13:06 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 13:06 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 13:06 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 13:06 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 13:06 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 13:06 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 13:06 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 13:06 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-23 13:05 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 13:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 13:05 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 13:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-08 10:23 - 2014-08-08 10:23 - 436469498 _____ () C:\Windows\MEMORY.DMP
2014-08-08 10:23 - 2014-08-08 10:23 - 00283480 _____ () C:\Windows\Minidump\080814-36831-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 09:43 - 2014-09-04 09:42 - 00019786 _____ () C:\Users\Michele\Downloads\FRST.txt
2014-09-04 09:42 - 2014-09-04 09:42 - 00000000 ____D () C:\FRST
2014-09-04 09:42 - 2014-07-08 18:07 - 01220822 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 09:41 - 2014-09-04 09:41 - 02104832 _____ (Farbar) C:\Users\Michele\Downloads\FRST64 (1).exe
2014-09-04 09:38 - 2013-12-26 14:38 - 00000000 ____D () C:\AdwCleaner
2014-09-04 09:37 - 2014-07-07 21:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 09:34 - 2014-09-04 09:34 - 00001163 _____ () C:\Users\Michele\Desktop\VIRUS 2.txt
2014-09-04 09:05 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 09:05 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 09:02 - 2011-02-11 10:40 - 00901014 _____ () C:\Windows\system32\perfh010.dat
2014-09-04 09:02 - 2011-02-11 10:40 - 00209614 _____ () C:\Windows\system32\perfc010.dat
2014-09-04 09:02 - 2009-07-14 07:13 - 02094096 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 08:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-09-04 08:57 - 2014-05-04 13:14 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\.oit
2014-09-04 08:57 - 2011-08-26 11:49 - 00001160 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 08:56 - 2014-07-22 11:13 - 00122928 _____ () C:\Windows\PFRO.log
2014-09-04 08:56 - 2014-07-08 18:04 - 00005544 _____ () C:\Windows\setupact.log
2014-09-04 08:56 - 2013-06-14 21:29 - 00000204 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-04 08:56 - 2011-08-26 11:49 - 00001164 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 08:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 22:38 - 2013-08-17 16:47 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 21:23 - 2013-08-16 22:56 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-03 21:23 - 2013-08-16 22:56 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-03 21:22 - 2014-09-03 21:22 - 02104832 _____ (Farbar) C:\Users\Michele\Downloads\FRST64.exe
2014-09-03 21:22 - 2014-09-03 21:21 - 01370467 _____ () C:\Users\Michele\Downloads\adwcleaner_3.309.exe
2014-09-03 21:05 - 2014-09-03 21:05 - 00001912 _____ () C:\Users\Michele\Desktop\VIRUS.txt
2014-09-03 21:05 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-09-03 20:27 - 2014-07-08 18:04 - 00454096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 13:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-02 12:37 - 2014-09-02 12:26 - 00000000 ____D () C:\Users\Michele\Desktop\Nuova cartella (2)
2014-08-31 19:49 - 2014-08-31 19:48 - 00000000 ____D () C:\Users\Michele\Desktop\Nuova cartella
2014-08-31 19:41 - 2014-08-31 19:41 - 00688992 ____R (Swearware) C:\Users\Michele\Downloads\dds.com
2014-08-27 00:39 - 2011-11-24 22:50 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-26 14:49 - 2012-06-01 19:00 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\Audacity
2014-08-25 14:32 - 2014-08-25 14:32 - 00000000 ____D () C:\ProgramData\Toshiba
2014-08-25 14:26 - 2011-11-24 20:27 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\Toshiba
2014-08-25 14:26 - 2011-08-26 11:18 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-08-25 14:26 - 2011-08-26 11:13 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-08-25 14:21 - 2011-11-24 20:26 - 00000000 ____D () C:\Users\Michele\AppData\Local\TOSHIBA
2014-08-25 13:19 - 2011-08-26 11:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-08-25 13:19 - 2011-08-26 11:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-25 09:44 - 2014-08-25 09:44 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\WinBatch
2014-08-25 09:25 - 2014-08-25 09:00 - 00000000 ____D () C:\Windows\pss
2014-08-25 09:14 - 2011-11-27 13:58 - 00007623 _____ () C:\Users\Michele\AppData\Local\Resmon.ResmonCfg
2014-08-25 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 00:46 - 2013-07-20 14:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-25 00:42 - 2011-12-25 20:13 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 00:32 - 2014-08-24 23:26 - 00000246 _____ () C:\Users\Michele\Desktop\Nuovo documento di testo.txt
2014-08-24 21:26 - 2014-05-03 23:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-23 13:43 - 2014-08-23 13:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 13:43 - 2013-06-09 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 13:43 - 2013-06-09 10:40 - 00000000 ____D () C:\ProgramData\Avira
2014-08-23 13:43 - 2013-06-09 10:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 10:23 - 2014-08-08 10:23 - 436469498 _____ () C:\Windows\MEMORY.DMP
2014-08-08 10:23 - 2014-08-08 10:23 - 00283480 _____ () C:\Windows\Minidump\080814-36831-01.dmp
2014-08-08 10:23 - 2012-02-29 18:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 04:06 - 2014-08-23 13:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-23 13:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Michele\AppData\Local\Temp\avgnt.exe
C:\Users\Michele\AppData\Local\Temp\jre-8u11-windows-au.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-02 13:36
 
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Michele at 2014-09-04 09:44:02
Running from C:\Users\Michele\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Ares 2.2.4 (HKLM-x32\...\Ares) (Version: 2.2.4-Build#3048 - Ares Development Group)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1347 - DsNET Corp)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Guida di rete WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version:  - )
Epson Guida utente WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.24.0 - International GeoGebra Institute)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
IIS 7.5 Express (HKLM-x32\...\{4D81B0E7-2F76-472A-9A8C-5240A3404BC3}) (Version: 7.5.1190 - Microsoft Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service IT-IT Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Client IT-IT Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA (Version: 10.0.50701 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
NVIDIA Control Panel 268.57 (Version: 268.57 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 268.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.57 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.80.1 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C5EFC8F0-2EDE-4A4D-A4DA-75596405D1FB}) (Version: 4.10.9764 - Apache Software Foundation)
PET 1.00 (HKLM-x32\...\PET 1.00) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Nome società)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.34C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.15.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.15.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.15.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1253568964-3819609821-2818974366-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
 
==================== Restore Points  =========================
 
24-08-2014 22:33:13 Windows Update
25-08-2014 10:24:01 Installed TOSHIBA ConfigFree.
25-08-2014 10:43:44 Removed TOSHIBA Flash Cards Support Utility
25-08-2014 10:46:57 Installato TOSHIBA Flash Cards Support Utility
25-08-2014 12:20:45 Configurato TOSHIBA Value Added Package
25-08-2014 12:24:12 Installato TOSHIBA Value Added Package
25-08-2014 20:18:59 Windows Defender Checkpoint
26-08-2014 18:10:32 Windows Backup
31-08-2014 17:26:13 Windows Update
02-09-2014 10:13:23 Removed LogMeIn Hamachi
02-09-2014 13:34:52 Windows Update
04-09-2014 07:02:01 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-06-02 20:14 - 2013-08-11 19:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AAF246D-2D9E-4FCA-8C57-886CE32F0227} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {11A454DF-C959-422C-B2DA-4330E92AAB90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26] (Google Inc.)
Task: {1E28184E-162E-48DF-893C-034AE6ECB074} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {212A9F0E-A900-4859-B39C-B9C111FE1D51} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1253568964-3819609821-2818974366-1000
Task: {2CE0BE37-3F5A-4350-B3B7-0DC00E0C635D} - System32\Tasks\{9BD15BE5-8092-4CBC-9410-654147C0C24B} => F:\Setup.exe
Task: {52D66D27-6BA6-4A29-80D6-3B9BD1324E6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26] (Google Inc.)
Task: {5D6BF543-929A-4C72-8DE7-0608E3851DA3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {5F742EDC-A58E-4E39-9A5D-C161DA1E7CCD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {665704B0-9901-4366-BC73-4503C0C4A3E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {98B71FC2-B6BB-4DB1-9F84-6584869AE0F1} - System32\Tasks\{6F2AA751-1260-4FD2-A52D-D138802FF4B0} => F:\Setup.exe
Task: {E1A91ADD-9B3C-442A-8680-1EB12323C43F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-08-26 11:25 - 2011-02-18 14:09 - 00564088 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\it\Humphrey.resources.dll
2014-08-25 13:19 - 2011-12-15 15:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\it\TosDILangPack.resources.dll
2014-08-25 13:19 - 2011-12-15 15:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2010-12-08 15:42 - 2010-12-08 15:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-23 13:43 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\Michele\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-04 13:10 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2014-05-04 13:10 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2014-05-04 13:10 - 2010-12-23 13:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2014-05-04 13:10 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2014-05-04 13:10 - 2010-12-29 17:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2014-05-04 13:10 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2014-05-04 13:10 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2014-05-04 13:10 - 2011-03-11 10:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2014-05-04 13:10 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2014-05-04 13:10 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2014-05-04 13:10 - 2010-11-30 16:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2014-05-04 13:10 - 2010-10-22 10:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2014-05-04 13:10 - 2010-12-29 18:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2014-05-04 13:10 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2014-05-04 13:10 - 2010-09-09 18:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2014-05-04 13:10 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2014-05-04 13:10 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2014-05-04 13:10 - 2010-09-08 17:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2014-05-04 13:10 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2014-05-04 13:10 - 2010-11-26 10:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2014-05-04 13:10 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2014-05-04 13:10 - 2010-10-22 10:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2014-05-04 13:10 - 2010-08-03 10:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2014-05-04 13:10 - 2010-09-26 11:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2014-05-04 13:10 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2014-05-04 13:10 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2014-05-04 13:10 - 2010-08-03 10:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2014-05-04 13:10 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2014-05-04 13:10 - 2010-09-26 11:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2014-05-04 13:10 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2014-05-04 13:10 - 2010-09-08 10:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2014-05-04 13:10 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2014-05-04 13:10 - 2011-01-21 15:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2014-05-04 13:10 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2014-05-04 13:10 - 2010-11-26 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-08-24 22:58 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-24 22:58 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-24 22:58 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-24 22:58 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-24 22:58 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: NBAgent => "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Scan Buttons => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Scheda miniport WiFi virtuale Microsoft
Description: Scheda miniport WiFi virtuale Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/04/2014 09:34:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma mbam.exe versione 1.0.0.532 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: f30
 
Ora di avvio: 01cfc80eb376fd0b
 
Ora di chiusura: 0
 
Percorso applicazione: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
ID segnalazione: ec2121ca-3405-11e4-8a63-fac48d47de9b
 
Error: (09/04/2014 08:59:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/04/2014 08:59:06 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/04/2014 08:59:03 AM) (Source: PowerOffer Upd Service) (EventID: 0) (User: )
Description: Impossibile avviare il servizio. Handle non valido
 
Error: (09/04/2014 08:58:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/03/2014 09:16:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/03/2014 09:16:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/03/2014 09:15:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.InvalidOperationException
Stack:
   in System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)
   in System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)
   in Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)
   in Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)
   in Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()
   in Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)
   in Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   in Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   in Avira.OE.ServiceHost.ServiceHost+<>c__DisplayClass2.<Initialize>b__0(System.Object, System.EventArgs)
   in System.EventHandler`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke(System.Object, System.__Canon)
   in Avira.OE.ServiceHost.ServiceStatusProviderContainer.DeviceStatusProvider_DeviceStatusChanged(System.Object, System.EventArgs)
   in Avira.OE.AvConnector.AvConnector.FireDeviceStatusChanged()
   in Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
   in Avira.OE.AvConnector.AvConnector.OnEventDatabaseFileChanged(System.Object, System.EventArgs)
   in Avira.OE.AvConnector.AvFileMonitor.FileWatcher_Changed(System.Object, System.IO.FileSystemEventArgs)
   in System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
   in System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   in System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   in System.Threading._IOCompletionCallback.IOCompletionCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
 
Error: (09/03/2014 09:14:21 PM) (Source: PowerOffer Upd Service) (EventID: 0) (User: )
Description: Impossibile avviare il servizio. Handle non valido
 
Error: (09/03/2014 09:14:18 PM) (Source: Host di servizio Avira) (EventID: 0) (User: )
Description: Impossibile elaborare il cambio di sessione. System.InvalidOperationException: La sequenza non contiene elementi
   in System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
   in System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
   in Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
   in Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   in Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   in System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
 
 
System errors:
=============
Error: (09/04/2014 08:59:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Avira Service Host. Questo evento si è già verificato 3 volta(e).
 
Error: (09/04/2014 08:59:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Avira Service Host è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (09/04/2014 08:58:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Avira Service Host è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (09/04/2014 08:58:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Serv Updater bloccato in partenza.
 
Error: (09/04/2014 08:56:55 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: Errore del Servizio SNMP durante l'accesso alla chiave SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration del Registro di sistema.
 
Error: (09/03/2014 09:20:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x80070643: Aggiornamento della protezione per Windows 7 per sistemi basati su x64 (KB2993651).
 
Error: (09/03/2014 09:16:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Avira Service Host. Questo evento si è già verificato 3 volta(e).
 
Error: (09/03/2014 09:16:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Avira Service Host è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (09/03/2014 09:15:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Avira Service Host è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (09/03/2014 09:14:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Serv Updater bloccato in partenza.
 
 
Microsoft Office Sessions:
=========================
Error: (09/04/2014 09:34:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532f3001cfc80eb376fd0b0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeec2121ca-3405-11e4-8a63-fac48d47de9b
 
Error: (09/04/2014 08:59:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/04/2014 08:59:06 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/04/2014 08:59:03 AM) (Source: PowerOffer Upd Service) (EventID: 0) (User: )
Description: Impossibile avviare il servizio. Handle non valido
 
Error: (09/04/2014 08:58:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/03/2014 09:16:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/03/2014 09:16:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.ComponentModel.Composition.CompositionException
Stack:
   in System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   in System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   in System.ComponentModel.Composition.Primitives.Export.get_Value()
   in System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   in System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   in Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   in System.Threading.ThreadPoolWorkQueue.Dispatch()
   in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/03/2014 09:15:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Applicazione: Avira.OE.ServiceHost.exe
Versione framework: v4.0.30319
Descrizione: il processo è stato terminato a causa di un'eccezione non gestita.
Informazioni sull'eccezione: System.InvalidOperationException
Stack:
   in System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)
   in System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)
   in Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)
   in Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)
   in Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()
   in Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)
   in Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   in Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   in Avira.OE.ServiceHost.ServiceHost+<>c__DisplayClass2.<Initialize>b__0(System.Object, System.EventArgs)
   in System.EventHandler`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke(System.Object, System.__Canon)
   in Avira.OE.ServiceHost.ServiceStatusProviderContainer.DeviceStatusProvider_DeviceStatusChanged(System.Object, System.EventArgs)
   in Avira.OE.AvConnector.AvConnector.FireDeviceStatusChanged()
   in Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
   in Avira.OE.AvConnector.AvConnector.OnEventDatabaseFileChanged(System.Object, System.EventArgs)
   in Avira.OE.AvConnector.AvFileMonitor.FileWatcher_Changed(System.Object, System.IO.FileSystemEventArgs)
   in System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
   in System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   in System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   in System.Threading._IOCompletionCallback.IOCompletionCallback_Context(System.Object)
   in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   in System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
 
Error: (09/03/2014 09:14:21 PM) (Source: PowerOffer Upd Service) (EventID: 0) (User: )
Description: Impossibile avviare il servizio. Handle non valido
 
Error: (09/03/2014 09:14:18 PM) (Source: Host di servizio Avira) (EventID: 0) (User: )
Description: Impossibile elaborare il cambio di sessione. System.InvalidOperationException: La sequenza non contiene elementi
   in System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
   in System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   in Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
   in Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
   in Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   in Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   in System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-11 19:48:57.507
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-08-11 19:48:57.444
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.232
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.216
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.199
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.181
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 4073.76 MB
Available physical RAM: 2182.83 MB
Total Pagefile: 8145.7 MB
Available Pagefile: 5475.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:101.55 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:136.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8A71E1AC)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 

Edited by TeckMike95, 04 September 2014 - 02:55 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 04 September 2014 - 08:53 AM

If not already done please clean all the items found by the AdwCleaner tool.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ServUpdater; C:\Users\Michele\AppData\Local\ServUpdater\ServiceUpd.exe [156160 2011-12-16] (ServiceUpd) [File not signed]
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Task: {0AAF246D-2D9E-4FCA-8C57-886CE32F0227} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
C:\Users\Michele\AppData\Local\Temp\avgnt.exe
C:\Users\Michele\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\Michele\Downloads\File.Download__2299_i1225477004_il2.exe
C:\Program Files (x86)\PutLockerDownloader
C:\Users\Michele\AppData\Local\ServUpdater

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 04 September 2014 - 09:27 AM

 # AdwCleaner v3.309 - Rapporto creato 04/09/2014 in 16:08:17
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Michele - MICHELE-TOSH
# In esecuzione da : C:\Users\Michele\Downloads\adwcleaner_3.309.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
File Eliminato : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpi
 
***** [ Compiti ] *****
 
Compito Eliminati : Desk 365 RunAsStdUser
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1059 octets] - [26/12/2013 14:39:26]
AdwCleaner[R1].txt - [2710 octets] - [04/09/2014 09:37:58]
AdwCleaner[R2].txt - [2770 octets] - [04/09/2014 16:06:33]
AdwCleaner[S0].txt - [2570 octets] - [04/09/2014 16:08:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2630 octets] ##########
 
 
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Michele at 2014-09-04 16:14:00 Run:1
Running from C:\Users\Michele\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ServUpdater; C:\Users\Michele\AppData\Local\ServUpdater\ServiceUpd.exe [156160 2011-12-16] (ServiceUpd) [File not signed]
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Task: {0AAF246D-2D9E-4FCA-8C57-886CE32F0227} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
C:\Users\Michele\AppData\Local\Temp\avgnt.exe
C:\Users\Michele\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\Michele\Downloads\File.Download__2299_i1225477004_il2.exe
C:\Program Files (x86)\PutLockerDownloader
C:\Users\Michele\AppData\Local\ServUpdater
 
End
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi" => Key deleted successfully.
"C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
ServUpdater => Service deleted successfully.
Tosrfcom => Service deleted successfully.
catchme => Service deleted successfully.
esgiguard => Service deleted successfully.
ewusbmbb => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
hwdatacard => Service deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAF246D-2D9E-4FCA-8C57-886CE32F0227}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key not found.
C:\Users\Michele\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Michele\AppData\Local\Temp\jre-8u11-windows-au.exe => Moved successfully.
"C:\Users\Michele\Downloads\File.Download__2299_i1225477004_il2.exe" => File/Directory not found.
"C:\Program Files (x86)\PutLockerDownloader" => File/Directory not found.
C:\Users\Michele\AppData\Local\ServUpdater => Moved successfully.
 
==== End of Fixlog ====
 
 
 
 
Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Microsoft VM for Java  
 JavaFX 2.1.0    
 Java 7 Update 60  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 TOSHIBA TOSHIBA Online Product Information TOPI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log``````````````````````
 
 
 
Well the computer is running well as usual. But the problem is not the speed. As i told you in the message, probably computer has been infected from another computer trough a HDD. So i would like to be sure that there aren' t other virus. Are there other programmes i could run ? Anyway if you think that thare can' t be other virus is good.

Edited by TeckMike95, 04 September 2014 - 09:32 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 04 September 2014 - 12:24 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 60

===

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 07 September 2014 - 01:12 AM

C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted (after the next restart) - quarantined


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 07 September 2014 - 08:54 AM

Looking good.

#9 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 08 September 2014 - 02:07 AM

Ok, well i think you can close this topic.

 

Thank you very much for helping me. :lol:



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 08 September 2014 - 07:18 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 PM

Posted 08 September 2014 - 07:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users