Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*program*mgr.exe problem


  • This topic is locked This topic is locked
15 replies to this topic

#1 simonezanna

simonezanna

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 19 September 2014 - 03:37 AM

Hello, since two months i had a problem (a virus, I think). In fact when i run a program automatically it creates a file with *programname*mgr.exe executable. Fortunately this problem concerns with few programs (in particular a game), but it's annoying anyway. I also noticed that when i run that mgr.exe files it opens internet exlorer. Here an example of the file:

 

ngswt2.jpg

 

In addition to this my antivirus (Eset Nod32) recognizes OpenOffice and lot of normal programs (that clearly couldn't be virus) are recognized as unsafe. What's the problem? Here the 2 logs created with dds.com. Thanks in advance for the support.

 

 

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 10.67.2
Run by Zanna at 10:15:40 on 2014-09-19
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.39.1040.18.4094.2270 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Zanna\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.it/
mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Windows\SysWOW64\userinit.exe,userinit.exe,C:\Program Files (x86)\ulsrgonb\drkeqowr.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [uTorrent] "C:\Users\Zanna\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{21DFD83C-2377-4FCD-A847-AF6B8EAA11E3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{725526CE-F6C0-4D0F-A0F9-EA43EA0B537E} : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{725526CE-F6C0-4D0F-A0F9-EA43EA0B537E} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: 2014-08-19 22:22; firefox-hotfix@mozilla.org; C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\extensions\firefox-hotfix@mozilla.org.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 301f3ab3000000000000000000000000
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15960
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.68:29:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - it
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121565&tt=110913_221&tsp=5003
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-7-25 21184]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-14 283064]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [2013-9-17 168256]
R1 klhk;klhk;C:\Windows\System32\drivers\klhk.sys [2014-9-18 243808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-2-25 30304]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-3-25 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-3-26 179296]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-2-24 1343408]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 FontCache;Servizio cache tipi di carattere Windows;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2008-11-12 57344]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2014-9-18 140352]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-3-28 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-8-8 29280]
R3 WPFFontCache_v0400;Cache tipi di carattere Windows Presentation Foundation 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S2 AVP15.0.0;Servizio Kaspersky Anti-Virus 15.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [2014-4-20 233552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2014-3-7 31744]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-3-13 117520]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 PerfHost;Host DLL contatore prestazioni;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-23 172344]
S4 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-3-13 770832]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-14 90776]
S4 Micro Focus License Manager;Micro Focus License Manager;C:\RTE-NE51\mflmwin.exe [2014-2-23 389120]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-7 1720608]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-16 5341536]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-09-19 07:00:19 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-09-19 07:00:09 2 --shatr- C:\Windows\winstart.bat
2014-09-18 16:33:10 792128 ----a-w- C:\Windows\System32\drivers\klif.sys
2014-09-18 16:33:09 140352 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-09-16 16:22:52 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-16 09:26:03 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-16 09:26:03 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-09 18:18:59 101694776 ----a-w- C:\Windows\System32\mrt.exe
2014-09-08 08:36:16 62274 ----a-w- C:\Users\Zanna\ia_remove.sh2815.tmp
2014-09-08 08:35:43 62274 ----a-w- C:\Users\Zanna\ia_remove.sh4936.tmp
2014-08-25 04:53:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 01:05:12 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:42:45 390144 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-22 23:38:23 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-08-15 15:48:56 17868288 ----a-w- C:\Windows\System32\mshtml.dll
2014-08-15 15:36:31 10920960 ----a-w- C:\Windows\System32\ieframe.dll
2014-08-15 15:35:56 2339328 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-15 15:31:44 1384960 ----a-w- C:\Windows\System32\urlmon.dll
2014-08-15 15:31:16 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-08-15 15:30:08 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-15 15:30:06 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-08-15 15:30:00 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-15 15:29:52 237056 ----a-w- C:\Windows\System32\url.dll
2014-08-15 15:29:49 2156032 ----a-w- C:\Windows\System32\iertutil.dll
2014-08-15 15:29:45 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2014-08-15 15:29:33 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-15 15:29:25 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-08-15 15:29:14 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-08-15 15:29:08 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-08-15 15:29:03 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-08-15 15:29:01 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-08-15 15:28:56 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-08-15 15:28:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-08-15 15:28:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-15 15:28:47 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-08-15 14:51:34 12363264 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-08-15 14:42:27 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-15 14:42:11 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-08-15 14:37:24 1137664 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-08-15 14:37:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-15 14:35:56 1802240 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-08-15 14:35:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-15 14:35:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-08-15 14:35:41 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-08-15 14:35:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-08-15 14:35:34 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-15 14:35:21 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-08-15 14:35:14 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-08-15 14:35:13 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-08-15 14:35:07 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-08-15 14:34:55 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-08-15 14:34:53 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-08-15 14:34:49 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-08-15 14:34:48 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-08-15 14:34:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-09 15:40:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 15:40:23 272808 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-08-09 15:40:23 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-08-09 15:40:23 175528 ----a-w- C:\Windows\SysWow64\java.exe
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-14 08:17:58 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-07-14 08:17:58 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-07-08 01:12:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-08 00:46:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-30 14:45:08 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2014-06-26 22:17:31 8848 ----a-w- C:\Windows\System32\icardres.dll
2014-06-26 22:17:31 171152 ----a-w- C:\Windows\System32\infocardapi.dll
2014-06-26 22:17:30 1389200 ----a-w- C:\Windows\System32\icardagt.exe
2014-06-26 22:17:19 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-06-26 22:17:19 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-26 22:17:19 619664 ----a-w- C:\Windows\SysWow64\icardagt.exe
.
============= FINISH: 10.16.08,90 ===============
 
Attached File  attach.txt   12.08KB   4 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 24 September 2014 - 03:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/548977 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 simonezanna

simonezanna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 25 September 2014 - 08:59 AM

Unfortunately, i still have the problem. I have a original DVD windows available (i have windows vista 64bit version). Here the new logs:

 

dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 10.67.2
Run by Zanna at 15:56:39 on 2014-09-25
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.39.1040.18.4094.1912 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Zanna\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\Install\{B1CE268D-221C-4B40-8136-AF795074D429}\37.0.2062.124_37.0.2062.120_chrome_updater.exe
C:\Windows\TEMP\CR_F64F2.tmp\setup.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.it/
mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Windows\SysWOW64\userinit.exe,userinit.exe,C:\Program Files (x86)\ulsrgonb\drkeqowr.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [uTorrent] "C:\Users\Zanna\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{21DFD83C-2377-4FCD-A847-AF6B8EAA11E3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{725526CE-F6C0-4D0F-A0F9-EA43EA0B537E} : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{725526CE-F6C0-4D0F-A0F9-EA43EA0B537E} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: 2014-08-19 22:22; firefox-hotfix@mozilla.org; C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\extensions\firefox-hotfix@mozilla.org.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 301f3ab3000000000000000000000000
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15960
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.68:29:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - it
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121565&tt=110913_221&tsp=5003
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-7-25 21184]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-14 283064]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [2013-9-17 168256]
R1 klhk;klhk;C:\Windows\System32\drivers\klhk.sys [2014-9-18 243808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-2-25 30304]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2014-3-25 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-3-26 179296]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-2-24 1343408]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 FontCache;Servizio cache tipi di carattere Windows;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2008-11-12 57344]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2014-9-18 140352]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-3-28 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-8-8 29280]
S2 AVP15.0.0;Servizio Kaspersky Anti-Virus 15.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [2014-4-20 233552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2014-3-7 31744]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-3-13 117520]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 PerfHost;Host DLL contatore prestazioni;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S3 WPFFontCache_v0400;Cache tipi di carattere Windows Presentation Foundation 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-23 172344]
S4 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-3-13 770832]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-14 90776]
S4 Micro Focus License Manager;Micro Focus License Manager;C:\RTE-NE51\mflmwin.exe [2014-2-23 389120]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-7 1720608]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-16 5341536]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-09-19 07:00:19 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-09-19 07:00:09 2 --shatr- C:\Windows\winstart.bat
2014-09-18 16:33:10 792128 ----a-w- C:\Windows\System32\drivers\klif.sys
2014-09-18 16:33:09 140352 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-09-16 16:22:52 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-16 09:26:03 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-16 09:26:03 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-09 18:18:59 101694776 ----a-w- C:\Windows\System32\mrt.exe
2014-09-09 06:40:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 06:24:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-08 08:36:16 62274 ----a-w- C:\Users\Zanna\ia_remove.sh2815.tmp
2014-09-08 08:35:43 62274 ----a-w- C:\Users\Zanna\ia_remove.sh4936.tmp
2014-08-23 01:05:12 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:42:45 390144 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-22 23:38:23 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-08-15 15:48:56 17868288 ----a-w- C:\Windows\System32\mshtml.dll
2014-08-15 15:36:31 10920960 ----a-w- C:\Windows\System32\ieframe.dll
2014-08-15 15:35:56 2339328 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-15 15:31:44 1384960 ----a-w- C:\Windows\System32\urlmon.dll
2014-08-15 15:31:16 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-08-15 15:30:08 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-15 15:30:06 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-08-15 15:30:00 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-15 15:29:52 237056 ----a-w- C:\Windows\System32\url.dll
2014-08-15 15:29:49 2156032 ----a-w- C:\Windows\System32\iertutil.dll
2014-08-15 15:29:45 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2014-08-15 15:29:33 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-15 15:29:25 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-08-15 15:29:14 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-08-15 15:29:08 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-08-15 15:29:03 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-08-15 15:29:01 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-08-15 15:28:56 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-08-15 15:28:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-08-15 15:28:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-15 15:28:47 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-08-15 14:51:34 12363264 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-08-15 14:42:27 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-15 14:42:11 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-08-15 14:37:24 1137664 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-08-15 14:37:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-15 14:35:56 1802240 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-08-15 14:35:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-15 14:35:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-08-15 14:35:41 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-08-15 14:35:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-08-15 14:35:34 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-15 14:35:21 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-08-15 14:35:14 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-08-15 14:35:13 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-08-15 14:35:07 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-08-15 14:34:55 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-08-15 14:34:53 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-08-15 14:34:49 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-08-15 14:34:48 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-08-15 14:34:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-09 15:40:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 15:40:23 272808 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-08-09 15:40:23 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-08-09 15:40:23 175528 ----a-w- C:\Windows\SysWow64\java.exe
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-14 08:17:58 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-07-14 08:17:58 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-30 14:45:08 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
.
============= FINISH: 15.57.12,80 ===============
Attached File  attach.txt   12.24KB   1 downloads

Edited by simonezanna, 25 September 2014 - 11:39 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 26 September 2014 - 01:06 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 simonezanna

simonezanna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 26 September 2014 - 03:46 PM

Thank you for the help nasdaq. Here the 3 logs and the addition.txt file attached:

 

RKreport_DEL_09262014_215615:

 

RogueKiller V9.2.13.0 (x64) [Sep 25 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Zanna [Admin rights]
Mode : Remove -- Date : 09/26/2014  21:56:15
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3902049920-2719499845-1825870648-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3902049920-2719499845-1825870648-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3902049920-2719499845-1825870648-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3902049920-2719499845-1825870648-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELEZIONATO
 
¤¤¤ Le attività pianificate : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
 
¤¤¤ Antirootkit : 58 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefd68594c
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefd686340
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCloseAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefd6724fc
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContext : C:\Windows\system32\bcrypt.dll @ 0x7fefd6855b8
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefd685f14
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateContext : C:\Windows\system32\bcrypt.dll @ 0x7fefd685128
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefd6744bc
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDecrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefd673484
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeleteContext : C:\Windows\system32\bcrypt.dll @ 0x7fefd6852c8
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeriveKey : C:\Windows\system32\bcrypt.dll @ 0x7fefd674124
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyHash : C:\Windows\system32\bcrypt.dll @ 0x7fefd674904
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyKey : C:\Windows\system32\bcrypt.dll @ 0x7fefd674338
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroySecret : C:\Windows\system32\bcrypt.dll @ 0x7fefd674420
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefd674998
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateKey : C:\Windows\system32\bcrypt.dll @ 0x7fefd674270
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEncrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefd673168
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumAlgorithms : C:\Windows\system32\bcrypt.dll @ 0x7fefd672564
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctionProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefd686718
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctions : C:\Windows\system32\bcrypt.dll @ 0x7fefd685cdc
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContexts : C:\Windows\system32\bcrypt.dll @ 0x7fefd685454
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefd672970
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumRegisteredProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefd685050
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptExportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefd673770
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinalizeKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefd6730f8
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinishHash : C:\Windows\system32\bcrypt.dll @ 0x7fefd674860
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFreeBuffer : C:\Windows\system32\bcrypt.dll @ 0x7fefd672c44
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenRandom : C:\Windows\system32\bcrypt.dll @ 0x7fefd675034
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefd672fe0
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateSymmetricKey : C:\Windows\system32\bcrypt.dll @ 0x7fefd672eec
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetFipsAlgorithmMode : C:\Windows\system32\bcrypt.dll @ 0x7fefd687250
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefd672c70
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptHashData : C:\Windows\system32\bcrypt.dll @ 0x7fefd67481c
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefd6739bc
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefd673adc
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptOpenAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefd6720f0
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefd68574c
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefd6860e0
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefd686bb0
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryProviderRegistration : C:\Windows\system32\bcrypt.dll @ 0x7fefd684e00
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefd686e38
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefd684a74
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefd685b20
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefd68653c
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptResolveProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefd687030
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSecretAgreement : C:\Windows\system32\bcrypt.dll @ 0x7fefd674000
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetAuditingInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefd675510
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefd68699c
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefd672e2c
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSignHash : C:\Windows\system32\bcrypt.dll @ 0x7fefd674af0
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefd686f50
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefd684cbc
[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptVerifySignature : C:\Windows\system32\bcrypt.dll @ 0x7fefd674de4
[EAT:Addr] (explorer.exe) ncrypt.dll - GetAsymmetricEncryptionInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefd675400
[EAT:Addr] (explorer.exe) ncrypt.dll - GetCipherInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefd675364
[EAT:Addr] (explorer.exe) ncrypt.dll - GetHashInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefd6753d0
[EAT:Addr] (explorer.exe) ncrypt.dll - GetRngInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefd6755e8
[EAT:Addr] (explorer.exe) ncrypt.dll - GetSecretAgreementInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefd675490
[EAT:Addr] (explorer.exe) ncrypt.dll - GetSignatureInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefd675410
 
¤¤¤ I browser Web : 1 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++
--- User ---
[MBR] 5961e0668f10e878282e19123af9f13d
[BSP] fcaad2842cabe1ec08029d1e9b1b3535 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_09262014_214115.log
 
 
 
AdwCleaner[S0]:
 
# AdwCleaner v3.310 - Rapporto creato 26/09/2014 in 22:22:21
# Aggiornato 12/09/2014 di Xplode
# Sistema operativo : Windows ™ Vista Home Basic Service Pack 2 (64 bits)
# Nome utente : Zanna - PC-VISTA
# In esecuzione da : C:\Users\Zanna\Desktop\adwcleaner_3.310.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
[!] Cartella Eliminato : C:\Program Files (x86)\FreeHDSport.TV
[!] Cartella Eliminato : C:\Program Files (x86)\Mobogenie
[!] Cartella Eliminato : C:\Users\Zanna\AppData\Local\genienext
File Eliminato : C:\Users\Zanna\daemonprocess.txt
File Eliminato : C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\invalidprefs.js
File Eliminato : C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\user.js
 
***** [ Compiti ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminati : HKCU\Software\InstallCore
Chiave Eliminati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminati : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chiave Eliminati : HKLM\SOFTWARE\Conduit
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
 
***** [ Browser ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v30.0 (it)
 
[ File : C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\prefs.js ]
 
Riga eliminata : user_pref("extensions.delta.admin", false);
Riga eliminata : user_pref("extensions.delta.aflt", "babsst");
Riga eliminata : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Riga eliminata : user_pref("extensions.delta.autoRvrt", "false");
Riga eliminata : user_pref("extensions.delta.dfltLng", "it");
Riga eliminata : user_pref("extensions.delta.excTlbr", false);
Riga eliminata : user_pref("extensions.delta.ffxUnstlRst", true);
Riga eliminata : user_pref("extensions.delta.id", "301f3ab3000000000000000000000000");
Riga eliminata : user_pref("extensions.delta.instlDay", "15960");
Riga eliminata : user_pref("extensions.delta.instlRef", "sst");
Riga eliminata : user_pref("extensions.delta.newTab", false);
Riga eliminata : user_pref("extensions.delta.prdct", "delta");
Riga eliminata : user_pref("extensions.delta.prtnrId", "delta");
Riga eliminata : user_pref("extensions.delta.rvrt", "false");
Riga eliminata : user_pref("extensions.delta.smplGrp", "none");
Riga eliminata : user_pref("extensions.delta.tlbrId", "base");
Riga eliminata : user_pref("extensions.delta.tlbrSrchUrl", "");
Riga eliminata : user_pref("extensions.delta.vrsn", "1.8.24.6");
Riga eliminata : user_pref("extensions.delta.vrsnTs", "1.8.24.68:29:54");
Riga eliminata : user_pref("extensions.delta.vrsni", "1.8.24.6");
Riga eliminata : user_pref("extensions.delta_i.babExt", "");
Riga eliminata : user_pref("extensions.delta_i.babTrack", "affID=121565&tt=110913_221&tsp=5003");
Riga eliminata : user_pref("extensions.delta_i.srcExt", "ss");
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13068 octets] - [26/09/2014 22:19:44]
AdwCleaner[S0].txt - [8587 octets] - [26/09/2014 22:22:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8647 octets] ##########
 
 
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Zanna (administrator) on PC-VISTA on 26-09-2014 22:32:29
Running from C:\Users\Zanna\Desktop
Loaded Profile: Zanna (Available profiles: Zanna)
Platform: Windows Vista ™ Home Basic Service Pack 2 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Spotify Ltd) C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\SysWOW64\userinit.exe,userinit.exe,C:\Program Files (x86)\ulsrgonb\drkeqowr.exe, [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\Run: [uTorrent] => C:\Users\Zanna\AppData\Roaming\uTorrent\uTorrent.exe [1416016 2014-09-23] (BitTorrent Inc.)
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\Run: [Spotify Web Helper] => C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-26] (Spotify Ltd)
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\MountPoints2: {4be6d753-04b7-11e3-99c8-002215012c23} - F:\steambackup2.EXE
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\MountPoints2: {b0237c15-001f-11e3-9788-002215012c23} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\MountPoints2: {dffd75f0-2c2f-11e4-8f00-85d6c6bebe8d} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-07-09] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * 搀渀挀氀攀愀渀㘀㐀⸀攀砀攀
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBB4D61CEB892CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
SearchScopes: HKCU - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{725526CE-F6C0-4D0F-A0F9-EA43EA0B537E}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default
FF SelectedSearchEngine: Lasaoren
FF Homepage: hxxp://Lasaoren.com/?f=1&a=lrn_ir_14_39_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtDtCtB0CtBtAtA0A0BtAtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0AyDyE0F0ByCtG0EzztCtDtGtD0FtA0CtGzytD0DtDtGtC0DtDtDzytD0D0Czz0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtByD0AzzzytAtGtB0FyB0FtGyE0EtCtDtG0B0F0F0DtGzzyE0C0CyDzy0EyDtDyEzyyC2Q&cr=289598999&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\searchplugins\Lasaoren.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: anonymoX - C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\Extensions\client@anonymox.net.xpi [2014-03-07]
FF Extension: Greasemonkey - C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-12]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Blocco siti Web pericolosi - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Tastiera Virtuale - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-15]
CHR Extension: (Google Search) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-18]
CHR Extension: (Skype Click to Call) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-19] (SUPERAntiSpyware.com)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S4 Micro Focus License Manager; C:\RTE-NE51\mflmwin.exe [389120 2008-06-13] (Micro Focus) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [57344 2008-11-12] (Atheros Communications, Inc.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [75776 2010-05-31] (ASIX Electronics Corp.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-14] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [8704 2006-02-07] (JMicron )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-09-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-09-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-09-19] (Greatis Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-07-14] (IObit)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2026-08-10 17:35 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2026-04-12 10:20 - 2010-05-31 10:02 - 00075776 _____ (ASIX Electronics Corp.) C:\Windows\system32\Drivers\ax88772.sys
2014-09-26 22:34 - 2014-09-26 22:34 - 00047508 _____ () C:\Users\Zanna\Downloads\FIFA_15_Demo_Extender (1).rar
2014-09-26 22:32 - 2014-09-26 22:36 - 00021470 _____ () C:\Users\Zanna\Desktop\FRST.txt
2014-09-26 22:29 - 2014-09-26 22:33 - 00000000 ____D () C:\FRST
2014-09-26 22:26 - 2014-09-26 22:26 - 00008727 _____ () C:\Users\Zanna\Desktop\AdwCleaner[S0].txt
2014-09-26 22:20 - 2014-09-10 16:11 - 00073728 _____ () C:\Users\Zanna\Desktop\FIFA 15 Demo Extender.exe
2014-09-26 22:19 - 2014-09-26 22:22 - 00000000 ____D () C:\AdwCleaner
2014-09-26 22:18 - 2014-09-26 22:18 - 00010957 _____ () C:\Users\Zanna\Desktop\RKreport_DEL_09262014_215615.log
2014-09-26 20:21 - 2014-09-26 20:22 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-26 20:21 - 2014-09-26 20:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-26 20:11 - 2014-09-26 20:12 - 05472344 _____ () C:\Users\Zanna\Downloads\RogueKillerX64.exe
2014-09-26 20:11 - 2014-09-26 20:12 - 02108928 _____ (Farbar) C:\Users\Zanna\Desktop\FRST64.exe
2014-09-26 20:11 - 2014-09-26 20:12 - 01373475 _____ () C:\Users\Zanna\Desktop\adwcleaner_3.310.exe
2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-09-26 19:42 - 2014-09-26 22:28 - 760689924 _____ () C:\Users\Zanna\Downloads\Transcendence.2014.DTS.ITA.ENG.1080p.BluRay.x264-BLUWORLD.mkv
2014-09-26 19:42 - 2014-09-26 19:56 - 1563742208 _____ () C:\Users\Zanna\Downloads\The.Normal.Heart.2014.ITA.BDRip.AC3.XviD-[scambiofile.info].avi
2014-09-26 19:29 - 2014-09-26 19:29 - 00001047 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-26 19:29 - 2014-09-26 19:29 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-26 19:27 - 2014-09-26 19:28 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-26 19:26 - 2014-09-26 19:26 - 00394464 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistMSI67CC.txt
2014-09-26 19:26 - 2014-09-26 19:26 - 00011476 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistUI67CC.txt
2014-09-26 19:25 - 2014-09-26 19:26 - 00383526 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistMSI6784.txt
2014-09-26 19:25 - 2014-09-26 19:26 - 00011460 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistUI6784.txt
2014-09-26 11:46 - 2014-09-26 11:51 - 00000000 ____D () C:\Users\Zanna\Desktop\Star Wars
2014-09-26 10:19 - 2014-09-26 10:19 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Wassapp
2014-09-26 10:18 - 2014-09-26 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wassapp
2014-09-26 10:18 - 2014-09-26 10:18 - 00000000 ____D () C:\Program Files (x86)\Lowlevel Studios
2014-09-26 08:41 - 2014-09-26 08:42 - 00014550 _____ () C:\Users\Zanna\Downloads\348C4542F5E199A48E173FF5B3941A1D36CC5663.torrent
2014-09-24 20:33 - 2014-09-24 20:33 - 00000000 ____D () C:\Users\Zanna\.appinventor
2014-09-24 20:31 - 2014-09-25 15:17 - 00000000 ____D () C:\Program Files (x86)\AppInventor
2014-09-24 20:31 - 2014-09-24 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppInventor Setup
2014-09-24 14:04 - 2014-09-09 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 14:04 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 18:05 - 2014-09-23 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-23 17:53 - 2014-09-26 22:24 - 00001476 _____ () C:\Windows\PFRO.log
2014-09-23 17:33 - 2014-09-23 17:33 - 00000000 ____D () C:\ProgramData\ESET
2014-09-23 17:33 - 2014-09-23 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-09-23 15:20 - 2014-09-23 18:22 - 00000000 ____D () C:\Program Files (x86)\TNod User & Password Finder
2014-09-23 15:20 - 2014-09-23 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
2014-09-23 15:14 - 2014-05-20 16:55 - 00000000 ____D () C:\Users\Zanna\Downloads\ESET NOD32 Antivirus v7.0.317.4
2014-09-23 15:10 - 2014-09-26 22:28 - 382987483 _____ () C:\Users\Zanna\Downloads\5t4r W4r5 3p1s0d10 I.mkv
2014-09-23 14:48 - 2014-09-23 15:14 - 136148427 _____ () C:\Users\Zanna\Downloads\EsNodAnt70317.rar
2014-09-23 10:26 - 2014-09-23 10:26 - 00000000 ____D () C:\Users\Zanna\Documents\FIFA 15
2014-09-23 00:55 - 2014-09-23 10:24 - 00000000 ____D () C:\Users\Zanna\Desktop\WD
2014-09-22 19:49 - 2014-09-22 20:23 - 487708919 _____ () C:\Users\Zanna\Downloads\WDSmartWare_PP4R2_1_4_1_2.zip
2014-09-22 19:43 - 2014-09-22 19:45 - 00000000 ____D () C:\Program Files\WDCSAM
2014-09-22 19:16 - 2014-09-22 19:16 - 00013765 _____ () C:\Users\Zanna\Documents\Citta.xlsx
2014-09-22 16:18 - 2014-09-22 16:18 - 00001829 _____ () C:\Users\Zanna\Desktop\mkv2vob.lnk
2014-09-22 16:18 - 2014-09-22 16:18 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkv2vob
2014-09-22 16:17 - 2014-09-22 16:17 - 00000000 ____D () C:\Program Files (x86)\mkv2vob
2014-09-22 16:14 - 2014-09-22 16:14 - 00000794 _____ () C:\Windows\setupact.log
2014-09-22 16:14 - 2014-09-22 16:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 09:43 - 2014-09-22 09:43 - 00004834 _____ () C:\Windows\DPINST.LOG
2014-09-22 09:39 - 2014-09-22 09:39 - 06483534 _____ () C:\Users\Zanna\Downloads\WDDriveUtilitiesSetup_for_Windows_1_1_0_51.zip
2014-09-22 09:16 - 2014-09-22 09:16 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-22 09:15 - 2014-09-22 09:15 - 02112847 _____ () C:\Users\Zanna\Downloads\WDFirmwareUpdater.zip
2014-09-22 09:00 - 2014-09-22 09:00 - 00378553 _____ () C:\Users\Zanna\Downloads\WD_SES_Driver_Setup_x64.zip
2014-09-21 21:56 - 2014-09-21 22:33 - 00000000 ____D () C:\Users\Zanna\Downloads\Lo Stato Sociale - Turisti della Democrazia (Deluxe Edition) [2013] [FLAC]
2014-09-21 16:48 - 2014-09-21 16:50 - 00000000 ____D () C:\Users\Zanna\Downloads\Modà - Gioia (2013)[MT]
2014-09-21 16:46 - 2014-09-21 17:45 - 00000000 ____D () C:\Users\Zanna\Downloads\Pooh - Portfolio.2014.iDN_CreW
2014-09-21 16:46 - 2014-09-21 16:47 - 00000000 ____D () C:\Users\Zanna\Downloads\Cesare Cremonini - Logico  (2014)[MT]
2014-09-20 13:27 - 2014-09-23 10:05 - 00000000 ____D () C:\Users\Zanna\Downloads\FIFA 15-ULTIMATE TEAM EDITION-FULL UNLOCKED-SG
2014-09-20 12:31 - 2014-09-20 12:31 - 00047508 _____ () C:\Users\Zanna\Downloads\FIFA_15_Demo_Extender.rar
2014-09-19 21:28 - 2014-09-19 21:28 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Aimersoft
2014-09-19 21:27 - 2014-09-19 21:29 - 00000000 ____D () C:\Users\Zanna\Documents\Aimersoft DVD Creator
2014-09-19 21:27 - 2014-09-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
2014-09-19 21:27 - 2014-09-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-09-19 19:47 - 2014-09-19 19:47 - 00000000 ____D () C:\Users\Zanna\AppData\Local\{CCCA8983-084B-413F-81D0-C95D27345A7A}
2014-09-19 19:47 - 2014-09-19 19:47 - 00000000 ____D () C:\Users\Zanna\AppData\Local\{1AE716B4-F88D-448F-996A-FB29AB334D35}
2014-09-19 09:00 - 2014-09-19 09:04 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-09-19 09:00 - 2014-09-19 09:00 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-09-19 09:00 - 2014-09-19 09:00 - 00003324 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-09-19 09:00 - 2014-09-19 09:00 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-09-19 09:00 - 2014-09-19 09:00 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-09-19 09:00 - 2014-09-19 09:00 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-09-19 09:00 - 2014-09-19 09:00 - 00000000 ____D () C:\Users\Zanna\Documents\RegRun2
2014-09-19 09:00 - 2014-09-19 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-09-19 09:00 - 2014-06-30 16:45 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-09-19 08:59 - 2014-09-19 09:11 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-18 18:21 - 2014-09-18 18:21 - 00001050 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-09-18 18:21 - 2014-09-18 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-09-18 18:16 - 2014-09-18 18:16 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-18 18:14 - 2014-09-18 18:33 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-18 18:14 - 2014-09-18 18:33 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-18 18:14 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-09-18 11:53 - 2014-09-18 12:59 - 00000000 ____D () C:\Users\Zanna\Downloads\Sherlock.S02e02
2014-09-18 11:51 - 2014-09-18 13:06 - 00000000 ____D () C:\Users\Zanna\Downloads\Sherlock.S02e03
2014-09-16 21:34 - 2014-09-16 21:34 - 00000830 _____ () C:\Users\Zanna\Desktop\SopCast.lnk
2014-09-16 21:34 - 2014-09-16 21:34 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
2014-09-16 21:34 - 2014-09-16 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2014-09-16 21:34 - 2014-09-16 21:34 - 00000000 ____D () C:\Program Files (x86)\SopCast
2014-09-16 20:34 - 2014-09-16 20:34 - 00000967 _____ () C:\Users\Zanna\Desktop\4Free Video Converter.lnk
2014-09-16 20:10 - 2014-09-26 22:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-16 12:31 - 2014-09-16 12:31 - 00000000 ____D () C:\Program Files (x86)\ulsrgonb
2014-09-16 11:55 - 2014-09-16 19:48 - 00000000 ____D () C:\Users\Zanna\Doctor Web
2014-09-15 15:47 - 2014-09-15 15:56 - 246030750 _____ () C:\Users\Zanna\Downloads\B-FXBBSPWWC.zip
2014-09-13 08:43 - 2014-09-13 09:01 - 551878656 _____ () C:\Users\Zanna\Downloads\Windows XP Professional.iso
2014-09-11 15:38 - 2014-09-11 15:38 - 00000000 ____D () C:\Users\Zanna\Documents\Holotech
2014-09-11 14:34 - 2014-09-11 15:14 - 962715434 _____ () C:\Users\Zanna\Downloads\FaceRig 1.0 CRACKED.zip
2014-09-10 18:31 - 2014-09-10 18:51 - 00000000 ____D () C:\Users\Zanna\Documents\FIFA 15 Demo
2014-09-10 18:19 - 2014-09-10 18:19 - 00001044 _____ () C:\Users\Public\Desktop\FIFA 15 Demo.lnk
2014-09-09 20:47 - 2014-08-15 17:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-09 20:47 - 2014-08-15 17:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-09 20:47 - 2014-08-15 17:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-09 20:47 - 2014-08-15 17:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-09 20:47 - 2014-08-15 17:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-09 20:47 - 2014-08-15 17:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-09 20:47 - 2014-08-15 17:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-09 20:47 - 2014-08-15 17:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-09 20:47 - 2014-08-15 17:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-09 20:47 - 2014-08-15 17:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-09 20:47 - 2014-08-15 17:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-09 20:47 - 2014-08-15 17:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-09 20:47 - 2014-08-15 17:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-09 20:47 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-09 20:47 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-09 20:47 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-09 20:47 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-09 20:47 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-09 20:47 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-09 20:47 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-09 20:47 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-09 20:47 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-09 20:47 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-09 20:47 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-09 20:47 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-09 20:47 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-08 10:36 - 2014-09-08 10:36 - 00062274 _____ () C:\Users\Zanna\ia_remove.sh2815.tmp
2014-09-08 10:35 - 2014-09-08 10:36 - 00000016 _____ () C:\Users\Zanna\persistent_state
2014-09-08 10:35 - 2014-09-08 10:35 - 00062274 _____ () C:\Users\Zanna\ia_remove.sh4936.tmp
2014-09-07 12:48 - 2014-09-07 12:48 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Wise Registry Cleaner
2014-09-07 12:10 - 2014-09-07 12:11 - 02465031 _____ () C:\Users\Zanna\Downloads\WRCFree.zip
2014-09-06 14:05 - 2014-09-06 14:05 - 00000000 ____D () C:\Users\Zanna\AppData\Local\{81C9DA24-A428-4B63-82AB-8384F706BE64}
2014-09-06 13:38 - 2014-09-06 13:38 - 00000000 ____D () C:\Windows\it
2014-09-06 13:37 - 2014-09-06 13:37 - 00001212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-09-06 13:34 - 2014-09-06 13:37 - 00001281 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-09-06 13:34 - 2014-09-06 13:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-09-06 13:29 - 2014-09-06 13:33 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-06 13:26 - 2014-09-19 19:47 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Windows Live
2014-09-06 13:25 - 2009-08-04 10:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-09-06 13:25 - 2009-08-04 10:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-09-04 12:35 - 2014-09-07 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2014-09-04 12:35 - 2014-09-04 12:35 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Eusing
2014-09-04 11:31 - 2014-09-04 11:31 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-09-04 11:31 - 2014-09-04 11:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-09-03 14:53 - 2014-09-03 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-03 14:53 - 2014-09-03 14:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 18:32 - 2014-09-01 18:32 - 00000910 _____ () C:\Users\Zanna\Desktop\Crystal DiskInfo.lnk
2014-09-01 15:44 - 2014-09-01 15:44 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-09-01 14:42 - 2014-09-01 14:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-31 11:45 - 2014-08-31 11:45 - 00000010 _____ () C:\Users\Zanna\wre.txt
2014-08-29 01:31 - 2014-08-23 03:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 01:31 - 2014-08-23 02:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 01:31 - 2014-08-23 01:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 14:15 - 2014-08-31 17:41 - 00001851 _____ () C:\Users\Zanna\Desktop\ESET NOD32 Antivirus.lnk
2014-08-28 13:55 - 2014-08-28 13:55 - 00000000 ____D () C:\Users\Zanna\AppData\Local\ESET
2014-08-28 09:09 - 2014-08-28 09:09 - 00000524 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-08-28 09:09 - 2014-08-28 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-08-27 20:44 - 2014-09-01 14:09 - 00000000 ____D () C:\Users\Zanna\Desktop\Video
2014-08-27 09:58 - 2014-08-27 09:58 - 00000732 _____ () C:\Users\Zanna\AppData\Local\d3d9caps64.dat
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 22:28 - 2013-08-06 17:30 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\uTorrent
2014-09-26 22:27 - 2006-11-02 17:17 - 00004096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 22:27 - 2006-11-02 17:17 - 00004096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 22:26 - 2014-07-12 11:41 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 22:25 - 2006-11-02 17:16 - 05026168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-26 22:24 - 2006-11-02 17:35 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 22:23 - 2008-01-21 03:52 - 01992478 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 22:23 - 2006-11-02 17:35 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 22:22 - 2013-08-06 17:08 - 00000000 ____D () C:\Users\Zanna
2014-09-26 21:53 - 2014-07-12 11:41 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 21:50 - 2013-08-06 11:30 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 21:25 - 2013-12-19 22:07 - 00000000 ____D () C:\ProgramData\Origin
2014-09-26 21:22 - 2013-12-19 22:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-26 20:11 - 2013-08-06 14:44 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-26 20:00 - 2013-08-06 17:19 - 00174080 _____ () C:\Users\Zanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 19:56 - 2013-08-06 17:08 - 00107656 _____ () C:\Users\Zanna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 12:05 - 2013-08-06 17:28 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\vlc
2014-09-26 11:52 - 2013-09-29 20:32 - 00000000 ____D () C:\Users\Zanna\Desktop\Varie
2014-09-26 11:41 - 2013-08-17 10:39 - 00001694 _____ () C:\Users\Public\Desktop\eMule.lnk
2014-09-26 10:16 - 2013-10-23 10:03 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Downloaded Installations
2014-09-26 09:39 - 2014-05-14 17:18 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Spotify
2014-09-26 09:33 - 2014-05-14 17:20 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Spotify
2014-09-25 16:01 - 2014-07-12 11:41 - 00002023 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 15:27 - 2014-06-15 12:15 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Adobe
2014-09-24 20:33 - 2014-01-11 19:43 - 00000000 ____D () C:\Users\Zanna\.android
2014-09-24 15:28 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2014-09-24 09:34 - 2014-06-24 21:29 - 00000000 ____D () C:\Program Files (x86)\MotoGP 14
2014-09-23 17:37 - 2013-09-05 21:40 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Paint.NET
2014-09-23 14:52 - 2013-08-06 19:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-22 14:21 - 2008-01-21 11:07 - 01606264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 14:21 - 2008-01-21 11:07 - 00714822 _____ () C:\Windows\system32\perfh010.dat
2014-09-22 14:21 - 2008-01-21 11:07 - 00143202 _____ () C:\Windows\system32\perfc010.dat
2014-09-22 13:56 - 2014-07-12 20:19 - 00001174 _____ () C:\Users\Zanna\Desktop\Incoming.lnk
2014-09-22 13:53 - 2013-10-19 12:29 - 00000000 ____D () C:\Users\Zanna\Downloads\eMule
2014-09-22 13:53 - 2013-08-17 10:39 - 00000000 ____D () C:\Users\Zanna\AppData\Local\eMule
2014-09-22 09:07 - 2013-09-15 12:15 - 00000000 ____D () C:\Program Files\DIFX
2014-09-21 11:33 - 2013-10-31 20:42 - 00000680 _____ () C:\Users\Zanna\AppData\Local\d3d9caps.dat
2014-09-20 13:32 - 2014-05-02 19:44 - 00000000 ____D () C:\Users\Zanna\AppData\Local\JDownloader v2.0
2014-09-19 21:00 - 2013-08-06 09:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-19 19:11 - 2006-11-02 14:34 - 00000254 _____ () C:\Windows\win.ini
2014-09-18 19:28 - 2013-08-06 12:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-16 20:59 - 2014-01-16 20:11 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\TeamViewer
2014-09-16 20:45 - 2013-08-05 15:25 - 00000000 ____D () C:\Users\Vista
2014-09-16 20:44 - 2013-07-31 15:06 - 00000000 ____D () C:\Users\BACKUP ZANONI
2014-09-16 20:36 - 2013-10-05 17:26 - 00001491 _____ () C:\Users\Zanna\Desktop\F1 2014.lnk
2014-09-16 20:35 - 2014-03-30 11:04 - 00001660 _____ () C:\Users\Zanna\Desktop\MXGP.lnk
2014-09-16 18:53 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\tapi
2014-09-16 18:22 - 2014-07-29 11:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 11:26 - 2013-08-06 11:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-16 11:26 - 2013-08-06 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-16 11:26 - 2013-08-06 11:30 - 00003830 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-15 09:06 - 2013-08-05 16:51 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 11:45 - 2013-11-17 18:57 - 00000000 ____D () C:\Users\Zanna\AppData\Local\NVIDIA Corporation
2014-09-11 16:26 - 2013-11-28 22:03 - 00000000 ____D () C:\Users\Zanna\Desktop\Foto
2014-09-11 15:54 - 2013-10-12 18:26 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Skype
2014-09-10 17:03 - 2013-12-19 22:25 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-10 17:02 - 2013-12-19 22:24 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Origin
2014-09-09 20:52 - 2013-09-14 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-09 20:45 - 2013-09-25 15:24 - 01582232 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-09 20:19 - 2013-08-05 16:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-09 20:18 - 2006-11-02 14:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-07 13:06 - 2013-08-16 09:08 - 00000815 _____ () C:\Users\Zanna\Desktop\Project64.lnk
2014-09-07 13:03 - 2014-08-12 10:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 13:00 - 2014-08-12 12:54 - 00000160 _____ () C:\Windows\wininit.ini
2014-09-07 13:00 - 2014-08-12 10:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-07 13:00 - 2013-08-06 12:16 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-06 13:29 - 2006-11-02 15:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-05 10:46 - 2013-09-14 15:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-04 12:39 - 2013-09-21 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2014 Patch
2014-09-04 11:34 - 2013-09-14 15:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-09-02 10:10 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\MSAgent
2014-09-01 15:27 - 2014-02-23 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ca.R.Pe. PC
2014-08-29 16:13 - 2012-11-12 14:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-29 15:39 - 2013-08-14 13:36 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\DAEMON Tools Lite
2014-08-29 15:38 - 2013-09-02 00:45 - 00000000 ____D () C:\Windows\Minidump
2014-08-29 08:55 - 2014-03-07 19:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-29 08:55 - 2013-10-10 21:38 - 00000000 ____D () C:\Fraps
2014-08-29 08:55 - 2013-08-05 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 13:44 - 2014-07-10 10:36 - 00000000 ____D () C:\ProgramData\Avetix
2014-08-28 13:44 - 2014-07-10 10:35 - 00000000 ____D () C:\Program Files (x86)\Avetix
2014-08-28 09:51 - 2014-07-10 10:38 - 00000000 ____D () C:\ProgramData\AvetixTemp
2014-08-27 13:15 - 2013-08-06 10:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 
Some content of TEMP:
====================
C:\Users\Zanna\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe
C:\Users\Zanna\AppData\Local\Temp\InstHelper.exe
C:\Users\Zanna\AppData\Local\Temp\proxy_vole3264847618098322237.dll
C:\Users\Zanna\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 22:37
 
==================== End Of Log ============================
 
 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 27 September 2014 - 08:12 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\SysWOW64\userinit.exe,userinit.exe,C:\Program Files (x86)\ulsrgonb\drkeqowr.exe, [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Lasaoren.com/?f=1&a=lrn_ir_14_39_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtDtCtB0CtBtAtA0A0BtAtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0AyDyE0F0ByCtG0EzztCtDtGtD0FtA0CtGzytD0DtDtGtC0DtDtDzytD0D0Czz0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtByD0AzzzytAtGtB0FyB0FtGyE0EtCtDtG0B0F0F0DtGzzyE0C0CyDzy0EyDtDyEzyyC2Q&cr=289598999&ir=
SearchScopes: HKCU - {B4D8EC75-BBF2-41D7-84BA-23D7A9828CEC} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ir_14_39_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtDtCtB0CtBtAtA0A0BtAtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0AyDyE0F0ByCtG0EzztCtDtGtD0FtA0CtGzytD0DtDtGtC0DtDtDzytD0D0Czz0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtByD0AzzzytAtGtB0FyB0FtGyE0EtCtDtG0B0F0F0DtGzzyE0C0CyDzy0EyDtDyEzyyC2Q&cr=289598999&ir=
FF SelectedSearchEngine: Lasaoren
FF Homepage: hxxp://Lasaoren.com/?f=1&a=lrn_ir_14_39_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtDtCtB0CtBtAtA0A0BtAtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0AyDyE0F0ByCtG0EzztCtDtGtD0FtA0CtGzytD0DtDtGtC0DtDtDzytD0D0Czz0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtByD0AzzzytAtGtB0FyB0FtGyE0EtCtDtG0B0F0F0DtGzzyE0C0CyDzy0EyDtDyEzyyC2Q&cr=289598999&ir=
FF SearchPlugin: C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\searchplugins\Lasaoren.xml
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Zanna\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe
C:\Users\Zanna\AppData\Local\Temp\InstHelper.exe
C:\Users\Zanna\AppData\Local\Temp\proxy_vole3264847618098322237.dll
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.
Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===
Run a search with the Farbar tool.

In the search box enter pes2014finalmgr.exe click the Search button save the file.
Post the result in your next reply.
===

How is the computer running?

#7 simonezanna

simonezanna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 27 September 2014 - 10:45 AM

Thank you nasdaq, it seems it's disappeared, with the virus itself

 

Here the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2014
Ran by Zanna at 2014-09-27 15:20:23 Run:1
Running from C:\Users\Zanna\Desktop
Loaded Profile: Zanna (Available profiles: Zanna)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\SysWOW64\userinit.exe,userinit.exe,C:\Program Files (x86)\ulsrgonb\drkeqowr.exe, [X]
FF SelectedSearchEngine: Lasaoren
FF Homepage: hxxp://Lasaoren.com/?f=1&a=lrn_ir_14_39_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyDtDtCtB0CtBtAtA0A0BtAtN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0AyDyE0F0ByCtG0EzztCtDtGtD0FtA0CtGzytD0DtDtGtC0DtDtDzytD0D0Czz0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtByD0AzzzytAtGtB0FyB0FtGyE0EtCtDtG0B0F0F0DtGzzyE0C0CyDzy0EyDtDyEzyyC2Q&cr=289598999&ir=
FF SearchPlugin: C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\searchplugins\Lasaoren.xml
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Zanna\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe
C:\Users\Zanna\AppData\Local\Temp\InstHelper.exe
C:\Users\Zanna\AppData\Local\Temp\proxy_vole3264847618098322237.dll
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4D8EC75-BBF2-41D7-84BA-23D7A9828CEC}" => Key deleted successfully.
"HKCR\CLSID\{B4D8EC75-BBF2-41D7-84BA-23D7A9828CEC}" => Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\searchplugins\Lasaoren.xml => Moved successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"C:\Users\Zanna\AppData\Local\Temp\ICReinstall_Malavida_Download_Manager.exe" => File/Directory not found.
"C:\Users\Zanna\AppData\Local\Temp\InstHelper.exe" => File/Directory not found.
"C:\Users\Zanna\AppData\Local\Temp\proxy_vole3264847618098322237.dll" => File/Directory not found.
C:\ProgramData\TEMP => ":31D9EFCC" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.
 
==== End of Fixlog ====

 

 

and the Search:

 

Farbar Recovery Scan Tool (x64) Version: 27-09-2014
Ran by Zanna at 2014-09-27 17:28:55
Running from C:\Users\Zanna\Desktop
Boot Mode: Normal
 
================== Search Files: "pes2014finalmgr.exe" =============
 
====== End Of Search ======


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 27 September 2014 - 12:36 PM

Any remaining issues?

#9 simonezanna

simonezanna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 27 September 2014 - 01:24 PM

No, it seems all ok. Thank you for the support, very appreciated. You can close the topic, thanks.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 28 September 2014 - 07:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 05 October 2014 - 07:54 AM

This topic has been re-opened at the request of the person who originally posted.

#12 simonezanna

simonezanna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 09 October 2014 - 01:27 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014
Ran by Zanna (administrator) on PC-VISTA on 09-10-2014 20:22:40
Running from C:\Users\Zanna\Desktop\Nuova cartella
Loaded Profile: Zanna (Available profiles: Zanna)
Platform: Windows Vista ™ Home Basic Service Pack 2 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BitTorrent Inc.) C:\Users\Zanna\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Spotify Ltd) C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\Run: [uTorrent] => C:\Users\Zanna\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-09-29] (BitTorrent Inc.)
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\Run: [Spotify Web Helper] => C:\Users\Zanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-09] (Spotify Ltd)
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\MountPoints2: {4be6d753-04b7-11e3-99c8-002215012c23} - F:\Launcher.exe
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\MountPoints2: {b0237c15-001f-11e3-9788-002215012c23} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3902049920-2719499845-1825870648-1002\...\MountPoints2: {dffd75f0-2c2f-11e4-8f00-85d6c6bebe8d} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-07-09] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * ?????????????
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0473E2B7C9DBCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
SearchScopes: HKCU - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{725526CE-F6C0-4D0F-A0F9-EA43EA0B537E}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: anonymoX - C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\Extensions\client@anonymox.net.xpi [2014-03-07]
FF Extension: Greasemonkey - C:\Users\Zanna\AppData\Roaming\Mozilla\Firefox\Profiles\2xlb6unm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-12]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-05]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Adblock Plus) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-15]
CHR Extension: (Ricerca Google) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Skype Click to Call) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\Zanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-19] (SUPERAntiSpyware.com)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S4 Micro Focus License Manager; C:\RTE-NE51\mflmwin.exe [389120 2008-06-13] (Micro Focus) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [57344 2008-11-12] (Atheros Communications, Inc.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [75776 2010-05-31] (ASIX Electronics Corp.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-14] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [8704 2006-02-07] (JMicron )
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-07-14] (IObit)
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2026-08-10 17:35 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2026-04-12 10:20 - 2010-05-31 10:02 - 00075776 _____ (ASIX Electronics Corp.) C:\Windows\system32\Drivers\ax88772.sys
2014-10-09 20:20 - 2014-10-09 20:22 - 00000000 ____D () C:\Users\Zanna\Desktop\Nuova cartella
2014-10-08 19:51 - 2014-10-08 19:52 - 00000000 ____D () C:\Users\Zanna\Downloads\Parto.Col.Folle.2011.iTALiAN.BDRip.XviD-TRL[gogt]
2014-10-08 19:49 - 2014-10-08 19:49 - 00014950 _____ () C:\Users\Zanna\Downloads\725A63B4F05AA06DFD3CB254AD6193BFB7028056.torrent
2014-10-08 19:29 - 2014-10-08 19:29 - 00000000 ____D () C:\Users\Zanna\Downloads\NBA.2K15-RELOADED
2014-10-08 19:26 - 2014-10-09 20:21 - 1573246976 _____ () C:\Users\Zanna\Downloads\The.Hungover.Games.Giochi.Mortali.2014.iTALiAN.AC3.DVDRip.XviD-T4P3.avi
2014-10-08 19:21 - 2014-10-08 19:21 - 00015692 _____ () C:\Users\Zanna\Downloads\69A166219CDA1E0189875E6BCCA92E24D22819C2.torrent
2014-10-08 19:20 - 2014-10-08 19:20 - 00191999 _____ () C:\Users\Zanna\Downloads\B9D94810C575F5E3E439DB994A50E188E8F33270.torrent
2014-10-05 18:57 - 2014-10-08 19:47 - 00000000 ____D () C:\Users\Zanna\Downloads\Hansel e Gretel e la Strega della Foresta Nera - Hansel & Gretel Get Baked (2013).ita.eng.sub.ita.eng.MIRCrew
2014-10-05 18:56 - 2014-10-05 18:57 - 00000000 ____D () C:\Users\Zanna\Downloads\Maps.To.The.Stars.2014.iTALiAN.MD.DUAL.BrRiP.1080p.x264-TrTd_TeaM
2014-10-05 18:55 - 2014-10-05 18:55 - 00143501 _____ () C:\Users\Zanna\Downloads\BA2BBA25E2C56F2C1E81879E3603064E97BF31C7.torrent
2014-10-05 18:54 - 2014-10-05 18:54 - 00114527 _____ () C:\Users\Zanna\Downloads\CB181431D9911CFE6A4A7402A64B80603BFFA08A.torrent
2014-10-05 18:00 - 2014-10-05 21:25 - 00000000 ____D () C:\Users\Zanna\Downloads\Umberto Eco - Riccardo Fedriga (a cura di) - Storia della filosofia
2014-10-05 17:59 - 2014-10-05 17:59 - 00315661 _____ () C:\Users\Zanna\Downloads\Eco Fedriga a cura di - Storia della filosofia 1-2-3.torrent
2014-10-05 16:52 - 2014-06-05 13:21 - 00000000 ____D () C:\Users\Zanna\Desktop\Lo stato sociale-l'italia peggiore-2014-mp3-192kb
2014-10-05 15:22 - 2014-10-05 15:22 - 00206848 _____ () C:\Users\Zanna\Downloads\TIROCINIO 2014-2015 MED4 E MED2 MATTINA_0.xls
2014-10-05 15:05 - 2014-10-05 15:05 - 00000970 _____ () C:\Users\Zanna\Desktop\Nexus Root Toolkit.lnk
2014-10-05 15:05 - 2014-10-05 15:05 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2014-10-05 15:05 - 2014-10-05 15:05 - 00000000 ____D () C:\Program Files (x86)\WugFresh Development
2014-10-05 14:58 - 2014-10-05 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-10-05 14:13 - 2014-10-05 14:16 - 15648768 _____ () C:\Users\Zanna\Downloads\UniversalAdbDriverSetup7.msi
2014-10-05 14:11 - 2014-10-05 14:23 - 113932838 _____ () C:\Users\Zanna\Downloads\pa_gapps-modular-micro-4.4.4-20140930-signed.zip
2014-10-05 14:04 - 2014-10-05 14:20 - 218675187 _____ () C:\Users\Zanna\Downloads\cm-11-20140916-SNAPSHOT-M10-maguro.zip
2014-10-05 13:39 - 2014-10-05 13:51 - 219681838 _____ () C:\Users\Zanna\Downloads\cm-11-20141004-NIGHTLY-maguro.zip
2014-10-05 13:14 - 2014-10-05 13:16 - 29728186 _____ () C:\Users\Zanna\Downloads\NRT_v1.8.8.sfx.exe
2014-10-05 11:42 - 2014-10-05 11:42 - 12710183 _____ () C:\Users\Zanna\Downloads\Argentina NT Facepack by Fede.rar
2014-10-05 10:31 - 2014-10-05 10:32 - 16199529 _____ () C:\Users\Zanna\Downloads\WhatsApp+ v6.26D (1).apk
2014-10-04 16:10 - 2014-10-04 17:02 - 211680919 ____R () C:\Users\Zanna\Downloads\[Med ITA] Manuale di medicina d'emergenza - McGraw-Hill.zip
2014-10-04 16:08 - 2014-10-04 16:20 - 00000000 ____D () C:\Users\Zanna\Downloads\Renzo Dionigi - Chirurgia (terza edizione)
2014-10-03 21:23 - 2014-10-03 22:49 - 722275544 _____ (Cyanide ) C:\Users\Zanna\Documents\Setup-Patch-1.3.1.0-From-1.0.0.0.exe
2014-10-03 20:50 - 2014-10-03 22:52 - 00000000 ____D () C:\Users\Zanna\Documents\Pro Cycling Manager 2014
2014-10-03 20:50 - 2014-10-03 22:52 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Pro Cycling Manager 2014
2014-10-03 20:44 - 2014-10-03 20:44 - 00434294 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistMSI4646.txt
2014-10-03 20:44 - 2014-10-03 20:44 - 00011364 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistUI4646.txt
2014-10-03 20:43 - 2014-10-03 20:43 - 00018473 _____ () C:\Windows\DirectX.log
2014-10-03 20:40 - 2014-10-03 20:40 - 00002322 _____ () C:\Users\Public\Desktop\Pro Cycling Manager - Stagione 2014.lnk
2014-10-03 20:40 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide
2014-10-03 20:24 - 2014-10-03 20:24 - 09534337 _____ () C:\Users\Zanna\Downloads\Clean Master_5.8.6.rar
2014-10-03 20:23 - 2014-10-03 20:23 - 07310302 _____ () C:\Users\Zanna\Downloads\µTorrent® Pro - Torrent App v2.19.apk
2014-10-03 20:23 - 2014-10-03 20:23 - 03396961 _____ () C:\Users\Zanna\Downloads\Adblock Plus v1.2.1.341 build 341.apk
2014-10-03 20:23 - 2014-10-03 20:23 - 02135109 _____ () C:\Users\Zanna\Downloads\Music Download Tube Pro.rar
2014-10-03 20:18 - 2014-10-03 20:19 - 16199529 _____ () C:\Users\Zanna\Downloads\WhatsApp+ v6.26D.apk
2014-10-03 20:09 - 2014-10-03 20:09 - 00000000 ____D () C:\Program Files (x86)\Cyanide
2014-10-03 14:02 - 2014-10-03 21:09 - 00000000 ____D () C:\Users\Zanna\Downloads\Pro.Cycling.Manager.2014-CPY
2014-10-03 11:08 - 2014-10-03 11:08 - 00000000 ____D () C:\Users\Zanna\AppData\Local\PDF24
2014-10-03 00:54 - 2014-10-03 00:55 - 03583780 _____ () C:\Users\Zanna\Downloads\Fenerbahce 14-15 Tunevi.rar
2014-10-03 00:54 - 2014-10-03 00:55 - 02067273 _____ () C:\Users\Zanna\Downloads\QPR 14-15 Tunevi.rar
2014-10-02 20:17 - 2014-10-02 20:17 - 00000918 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-10-02 20:17 - 2014-10-02 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-10-02 20:17 - 2014-10-02 20:17 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-10-02 20:16 - 2014-10-02 20:16 - 16319576 _____ (Geek Software GmbH ) C:\Users\Zanna\Downloads\pdf24-creator-6.7.0.exe
2014-10-02 19:36 - 2014-10-02 19:37 - 03449310 _____ (Contributors ) C:\Users\Zanna\Downloads\jedit5.2pre1install.exe
2014-10-02 19:11 - 2014-10-02 19:17 - 181484960 _____ (Oracle Corporation) C:\Users\Zanna\Downloads\jdk-8u20-windows-x64.exe
2014-10-02 18:01 - 2014-10-02 18:01 - 00520192 _____ (Andrew Zhezherun) C:\Users\Zanna\Downloads\WinDjView-0.5.exe
2014-09-29 17:53 - 2014-09-29 17:56 - 16194922 _____ () C:\Users\Zanna\Downloads\WA-6.23C.apk
2014-09-29 13:10 - 2014-09-29 13:11 - 08895488 _____ () C:\Users\Zanna\Downloads\mkv2vob249.exe
2014-09-29 11:43 - 2014-09-29 13:11 - 00001829 _____ () C:\Users\Zanna\Desktop\mkv2vob.lnk
2014-09-29 11:43 - 2014-09-29 13:11 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkv2vob
2014-09-29 11:33 - 2014-10-03 21:49 - 00000000 ____D () C:\Users\Zanna\AppData\Local\CrashDumps
2014-09-28 11:42 - 2014-09-28 11:42 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Razer_Inc
2014-09-28 11:32 - 2014-09-28 11:32 - 00000000 ____D () C:\Users\Zanna\Documents\Razer
2014-09-28 11:31 - 2014-09-28 11:31 - 00001960 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk
2014-09-28 11:18 - 2014-09-28 11:21 - 41954352 _____ (Razer Inc. ) C:\Users\Zanna\Downloads\RazerGameBoosterSetup_4.2.45.0.exe
2014-09-28 10:45 - 2014-09-28 11:02 - 323785928 _____ () C:\Users\Zanna\Downloads\ITA.rar
2014-09-28 10:45 - 2014-09-28 10:45 - 01903227 _____ () C:\Users\Zanna\Downloads\FIFA15.ALL.GDFBinary.rar
2014-09-28 10:44 - 2014-09-28 10:44 - 01551096 _____ () C:\Users\Zanna\Downloads\Bate Borisov 14-15 CL Tunevi.rar
2014-09-28 10:44 - 2014-09-28 10:44 - 01125324 _____ () C:\Users\Zanna\Downloads\Apoel CL 14-15 Tunevi.rar
2014-09-27 20:46 - 2014-09-27 20:46 - 08585870 _____ () C:\Users\Zanna\Downloads\INTER_PACK_1_TARTAGUARO.rar
2014-09-27 19:12 - 2014-09-27 19:12 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-27 19:05 - 2014-10-05 15:54 - 00004326 _____ () C:\Windows\setupact.log
2014-09-27 19:05 - 2014-09-27 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-27 19:05 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-27 19:05 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-27 19:05 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-27 19:05 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-27 19:03 - 2014-09-27 19:03 - 00000000 ____D () C:\NVIDIA
2014-09-27 18:53 - 2014-09-27 19:01 - 319671744 _____ (NVIDIA Corporation) C:\Users\Zanna\Downloads\344.11-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-09-27 16:23 - 2014-09-27 16:23 - 00000304 _____ () C:\Windows\PFRO.log
2014-09-26 22:49 - 2014-09-26 22:49 - 00047508 _____ () C:\Users\Zanna\Downloads\FIFA_15_Demo_Extender (2).rar
2014-09-26 22:34 - 2014-09-26 22:34 - 00047508 _____ () C:\Users\Zanna\Downloads\FIFA_15_Demo_Extender (1).rar
2014-09-26 22:29 - 2014-10-09 20:22 - 00000000 ____D () C:\FRST
2014-09-26 22:19 - 2014-09-26 22:22 - 00000000 ____D () C:\AdwCleaner
2014-09-26 20:21 - 2014-09-26 20:22 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-26 20:21 - 2014-09-26 20:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-26 20:11 - 2014-09-26 20:12 - 05472344 _____ () C:\Users\Zanna\Downloads\RogueKillerX64.exe
2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-09-26 19:29 - 2014-09-26 19:29 - 00001047 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-26 19:29 - 2014-09-26 19:29 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-26 19:27 - 2014-09-26 19:28 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-26 19:26 - 2014-09-26 19:26 - 00394464 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistMSI67CC.txt
2014-09-26 19:26 - 2014-09-26 19:26 - 00011476 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistUI67CC.txt
2014-09-26 19:25 - 2014-09-26 19:26 - 00383526 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistMSI6784.txt
2014-09-26 19:25 - 2014-09-26 19:26 - 00011460 _____ () C:\Users\Zanna\AppData\Local\dd_vcredistUI6784.txt
2014-09-26 10:19 - 2014-09-26 10:19 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Wassapp
2014-09-26 10:18 - 2014-09-26 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wassapp
2014-09-26 10:18 - 2014-09-26 10:18 - 00000000 ____D () C:\Program Files (x86)\Lowlevel Studios
2014-09-24 20:33 - 2014-09-24 20:33 - 00000000 ____D () C:\Users\Zanna\.appinventor
2014-09-24 20:31 - 2014-09-25 15:17 - 00000000 ____D () C:\Program Files (x86)\AppInventor
2014-09-24 20:31 - 2014-09-24 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppInventor Setup
2014-09-24 14:04 - 2014-09-09 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 14:04 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 18:05 - 2014-09-23 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-23 17:33 - 2014-09-23 17:33 - 00000000 ____D () C:\ProgramData\ESET
2014-09-23 17:33 - 2014-09-23 17:33 - 00000000 ____D () C:\Program Files\ESET
2014-09-23 15:20 - 2014-09-23 18:22 - 00000000 ____D () C:\Program Files (x86)\TNod User & Password Finder
2014-09-23 15:20 - 2014-09-23 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
2014-09-23 15:14 - 2014-05-20 16:55 - 00000000 ____D () C:\Users\Zanna\Downloads\ESET NOD32 Antivirus v7.0.317.4
2014-09-23 14:48 - 2014-09-23 15:14 - 136148427 _____ () C:\Users\Zanna\Downloads\EsNodAnt70317.rar
2014-09-23 10:26 - 2014-09-23 10:26 - 00000000 ____D () C:\Users\Zanna\Documents\FIFA 15
2014-09-22 19:49 - 2014-09-22 20:23 - 487708919 _____ () C:\Users\Zanna\Downloads\WDSmartWare_PP4R2_1_4_1_2.zip
2014-09-22 19:43 - 2014-09-22 19:45 - 00000000 ____D () C:\Program Files\WDCSAM
2014-09-22 19:16 - 2014-09-22 19:16 - 00013765 _____ () C:\Users\Zanna\Documents\Citta.xlsx
2014-09-22 16:17 - 2014-09-29 11:43 - 00000000 ____D () C:\Program Files (x86)\mkv2vob
2014-09-22 09:39 - 2014-09-22 09:39 - 06483534 _____ () C:\Users\Zanna\Downloads\WDDriveUtilitiesSetup_for_Windows_1_1_0_51.zip
2014-09-22 09:16 - 2014-09-22 09:16 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-22 09:15 - 2014-09-22 09:15 - 02112847 _____ () C:\Users\Zanna\Downloads\WDFirmwareUpdater.zip
2014-09-22 09:00 - 2014-09-22 09:00 - 00378553 _____ () C:\Users\Zanna\Downloads\WD_SES_Driver_Setup_x64.zip
2014-09-21 21:56 - 2014-09-21 22:33 - 00000000 ____D () C:\Users\Zanna\Desktop\Lo Stato Sociale - Turisti della Democrazia (Deluxe Edition) [2013] [FLAC]
2014-09-21 16:48 - 2014-09-21 16:50 - 00000000 ____D () C:\Users\Zanna\Downloads\Modà - Gioia (2013)[MT]
2014-09-21 16:46 - 2014-09-21 17:45 - 00000000 ____D () C:\Users\Zanna\Downloads\Pooh - Portfolio.2014.iDN_CreW
2014-09-21 16:46 - 2014-09-21 16:47 - 00000000 ____D () C:\Users\Zanna\Downloads\Cesare Cremonini - Logico  (2014)[MT]
2014-09-20 13:27 - 2014-09-23 10:05 - 00000000 ____D () C:\Users\Zanna\Downloads\FIFA 15-ULTIMATE TEAM EDITION-FULL UNLOCKED-SG
2014-09-20 12:31 - 2014-09-20 12:31 - 00047508 _____ () C:\Users\Zanna\Downloads\FIFA_15_Demo_Extender.rar
2014-09-19 21:28 - 2014-09-19 21:28 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Aimersoft
2014-09-19 21:27 - 2014-09-19 21:29 - 00000000 ____D () C:\Users\Zanna\Documents\Aimersoft DVD Creator
2014-09-19 21:27 - 2014-09-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
2014-09-19 21:27 - 2014-09-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-09-19 19:47 - 2014-09-19 19:47 - 00000000 ____D () C:\Users\Zanna\AppData\Local\{CCCA8983-084B-413F-81D0-C95D27345A7A}
2014-09-19 19:47 - 2014-09-19 19:47 - 00000000 ____D () C:\Users\Zanna\AppData\Local\{1AE716B4-F88D-448F-996A-FB29AB334D35}
2014-09-19 09:00 - 2014-09-19 09:00 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-09-19 09:00 - 2014-09-19 09:00 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-09-19 09:00 - 2014-09-19 09:00 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-09-19 09:00 - 2014-09-19 09:00 - 00000000 ____D () C:\Users\Zanna\Documents\RegRun2
2014-09-19 08:59 - 2014-09-27 14:03 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-18 11:53 - 2014-09-18 12:59 - 00000000 ____D () C:\Users\Zanna\Downloads\Sherlock.S02e02
2014-09-18 11:51 - 2014-09-18 13:06 - 00000000 ____D () C:\Users\Zanna\Downloads\Sherlock.S02e03
2014-09-16 21:34 - 2014-09-16 21:34 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
2014-09-16 21:34 - 2014-09-16 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2014-09-16 21:34 - 2014-09-16 21:34 - 00000000 ____D () C:\Program Files (x86)\SopCast
2014-09-16 20:34 - 2014-09-16 20:34 - 00000967 _____ () C:\Users\Zanna\Desktop\4Free Video Converter.lnk
2014-09-16 20:10 - 2014-09-27 14:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-16 12:31 - 2014-09-16 12:31 - 00000000 ____D () C:\Program Files (x86)\ulsrgonb
2014-09-16 11:55 - 2014-09-16 19:48 - 00000000 ____D () C:\Users\Zanna\Doctor Web
2014-09-15 15:47 - 2014-09-15 15:56 - 246030750 _____ () C:\Users\Zanna\Downloads\B-FXBBSPWWC.zip
2014-09-13 08:43 - 2014-09-13 09:01 - 551878656 _____ () C:\Users\Zanna\Downloads\Windows XP Professional.iso
2014-09-11 15:38 - 2014-09-11 15:38 - 00000000 ____D () C:\Users\Zanna\Documents\Holotech
2014-09-11 14:34 - 2014-09-11 15:14 - 962715434 _____ () C:\Users\Zanna\Downloads\FaceRig 1.0 CRACKED.zip
2014-09-10 18:31 - 2014-09-10 18:51 - 00000000 ____D () C:\Users\Zanna\Documents\FIFA 15 Demo
2014-09-10 18:19 - 2014-09-10 18:19 - 00001044 _____ () C:\Users\Public\Desktop\FIFA 15 Demo.lnk
2014-09-09 20:47 - 2014-08-15 17:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-09 20:47 - 2014-08-15 17:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-09 20:47 - 2014-08-15 17:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-09 20:47 - 2014-08-15 17:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-09 20:47 - 2014-08-15 17:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-09 20:47 - 2014-08-15 17:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-09 20:47 - 2014-08-15 17:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-09 20:47 - 2014-08-15 17:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-09 20:47 - 2014-08-15 17:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-09 20:47 - 2014-08-15 17:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-09 20:47 - 2014-08-15 17:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-09 20:47 - 2014-08-15 17:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-09 20:47 - 2014-08-15 17:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-09 20:47 - 2014-08-15 17:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-09 20:47 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-09 20:47 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-09 20:47 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-09 20:47 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-09 20:47 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-09 20:47 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-09 20:47 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-09 20:47 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-09 20:47 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-09 20:47 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-09 20:47 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-09 20:47 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-09 20:47 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-09 20:47 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-09 20:22 - 2013-08-06 17:30 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\uTorrent
2014-10-09 20:02 - 2014-05-14 17:18 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Spotify
2014-10-09 19:54 - 2014-07-12 11:41 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 19:50 - 2013-08-06 11:30 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 19:46 - 2014-05-14 17:20 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Spotify
2014-10-09 19:16 - 2014-06-15 12:15 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Adobe
2014-10-09 19:10 - 2008-01-21 03:52 - 01303340 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 19:06 - 2014-07-12 11:41 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 19:05 - 2006-11-02 17:35 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 19:05 - 2006-11-02 17:17 - 00004096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 19:05 - 2006-11-02 17:17 - 00004096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 22:33 - 2006-11-02 17:35 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-05 17:40 - 2008-01-21 11:07 - 01606264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 17:40 - 2008-01-21 11:07 - 00714822 _____ () C:\Windows\system32\perfh010.dat
2014-10-05 17:40 - 2008-01-21 11:07 - 00143202 _____ () C:\Windows\system32\perfc010.dat
2014-10-05 16:35 - 2013-09-29 20:32 - 00000000 ____D () C:\Users\Zanna\Desktop\Varie
2014-10-05 15:05 - 2013-08-06 17:08 - 00000000 ____D () C:\Users\Zanna
2014-10-05 15:04 - 2014-03-07 20:21 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-10-04 19:20 - 2013-12-19 22:07 - 00000000 ____D () C:\ProgramData\Origin
2014-10-04 18:05 - 2013-09-05 21:40 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Paint.NET
2014-10-04 13:12 - 2013-12-19 22:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-03 20:43 - 2013-08-06 17:19 - 00203776 _____ () C:\Users\Zanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-03 20:08 - 2013-08-14 13:36 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\DAEMON Tools Lite
2014-10-03 14:15 - 2013-09-29 20:31 - 00000000 ____D () C:\Users\Zanna\Desktop\Personal Files
2014-10-03 14:14 - 2013-08-06 17:28 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\vlc
2014-10-02 18:21 - 2014-05-02 19:44 - 00000000 ____D () C:\Users\Zanna\AppData\Local\JDownloader v2.0
2014-10-02 18:14 - 2013-08-06 19:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-28 11:31 - 2013-09-25 16:28 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Razer
2014-09-28 11:30 - 2013-09-25 16:27 - 00000000 ____D () C:\ProgramData\Razer
2014-09-28 11:30 - 2013-09-25 16:27 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-27 19:13 - 2013-08-05 19:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-27 19:10 - 2014-01-21 21:25 - 00000000 ____D () C:\Temp
2014-09-27 19:10 - 2013-08-05 19:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-26 22:25 - 2006-11-02 17:16 - 05026168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-26 20:11 - 2013-08-06 14:44 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-26 19:56 - 2013-08-06 17:08 - 00107656 _____ () C:\Users\Zanna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 11:41 - 2013-08-17 10:39 - 00001694 _____ () C:\Users\Public\Desktop\eMule.lnk
2014-09-26 10:16 - 2013-10-23 10:03 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Downloaded Installations
2014-09-25 16:01 - 2014-07-12 11:41 - 00002023 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 20:33 - 2014-01-11 19:43 - 00000000 ____D () C:\Users\Zanna\.android
2014-09-24 15:28 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2014-09-24 09:34 - 2014-06-24 21:29 - 00000000 ____D () C:\Program Files (x86)\MotoGP 14
2014-09-22 13:56 - 2014-07-12 20:19 - 00001174 _____ () C:\Users\Zanna\Desktop\Incoming.lnk
2014-09-22 13:53 - 2013-10-19 12:29 - 00000000 ____D () C:\Users\Zanna\Downloads\eMule
2014-09-22 13:53 - 2013-08-17 10:39 - 00000000 ____D () C:\Users\Zanna\AppData\Local\eMule
2014-09-22 09:07 - 2013-09-15 12:15 - 00000000 ____D () C:\Program Files\DIFX
2014-09-21 11:33 - 2013-10-31 20:42 - 00000680 _____ () C:\Users\Zanna\AppData\Local\d3d9caps.dat
2014-09-19 21:00 - 2013-08-06 09:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-19 19:47 - 2014-09-06 13:26 - 00000000 ____D () C:\Users\Zanna\AppData\Local\Windows Live
2014-09-19 19:11 - 2006-11-02 14:34 - 00000254 _____ () C:\Windows\win.ini
2014-09-18 19:28 - 2013-08-06 12:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-17 06:51 - 2014-01-09 22:14 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-16 20:59 - 2014-01-16 20:11 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\TeamViewer
2014-09-16 20:45 - 2013-08-05 15:25 - 00000000 ____D () C:\Users\Vista
2014-09-16 20:44 - 2013-07-31 15:06 - 00000000 ____D () C:\Users\BACKUP ZANONI
2014-09-16 20:36 - 2013-10-05 17:26 - 00001491 _____ () C:\Users\Zanna\Desktop\F1 2014.lnk
2014-09-16 20:35 - 2014-03-30 11:04 - 00001660 _____ () C:\Users\Zanna\Desktop\MXGP.lnk
2014-09-16 18:53 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\tapi
2014-09-16 18:22 - 2014-07-29 11:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 11:26 - 2013-08-06 11:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-16 11:26 - 2013-08-06 11:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-16 11:26 - 2013-08-06 11:30 - 00003830 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-15 09:06 - 2013-08-05 16:51 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 01:48 - 2014-08-09 18:16 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-14 01:48 - 2014-02-21 22:09 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-09-14 01:48 - 2013-08-05 19:42 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-14 01:48 - 2013-08-05 19:42 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-13 23:53 - 2013-08-05 19:42 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-13 23:53 - 2013-08-05 19:42 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-09-13 23:53 - 2013-08-05 19:42 - 02557640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-09-13 23:53 - 2013-08-05 19:42 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-13 23:53 - 2013-08-05 19:42 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-13 23:53 - 2013-08-05 19:42 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-12 11:45 - 2013-11-17 18:57 - 00000000 ____D () C:\Users\Zanna\AppData\Local\NVIDIA Corporation
2014-09-11 17:37 - 2014-07-06 19:26 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-11 16:26 - 2013-11-28 22:03 - 00000000 ____D () C:\Users\Zanna\Desktop\Foto
2014-09-11 15:54 - 2013-10-12 18:26 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Skype
2014-09-10 17:03 - 2013-12-19 22:25 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-10 17:02 - 2013-12-19 22:24 - 00000000 ____D () C:\Users\Zanna\AppData\Roaming\Origin
2014-09-09 20:52 - 2013-09-14 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-09 20:45 - 2013-09-25 15:24 - 01582232 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-09 20:19 - 2013-08-05 16:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-09 20:18 - 2006-11-02 14:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\Zanna\AppData\Local\Temp\proxy_vole8767324365365333582.dll
C:\Users\Zanna\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-09 19:13
 
==================== End Of Log ============================


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 10 October 2014 - 06:56 AM

Looking good.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Please let me know of any remaining issues with this computer.

#14 simonezanna

simonezanna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 10 October 2014 - 08:45 AM

checkup.txt:

 

 Results of screen317's Security Check version 0.99.88  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
ESET NOD32 Antivirus 7.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Call of Duty: Ghosts Update 1 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (30.0) 
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 10 October 2014 - 08:55 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users