Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple instances of iexplore.exe using up CPU


  • Please log in to reply
13 replies to this topic

#1 Mardock3891

Mardock3891

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 04 October 2014 - 10:02 AM

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 11.20.2
Run by Mardock at 16:58:13 on 2014-10-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.2046.494 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_20\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_20\bin\jp2ssv.dll
uRun: [Eztion] regsvr32.exe c:\users\mardock\appdata\local\eztion\ComUpdatusPS.dll
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
StartupFolder: c:\users\mardock\appdata\roaming\micros~1\windows\startm~1\programs\startup\unlodctr.lnk - c:\users\mardock\appdata\roaming\microsoft\windows\ieupdate\unlodctr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1404055497099
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{21B54458-5C48-4397-B8FD-7BBA0311F001} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{21B54458-5C48-4397-B8FD-7BBA0311F001} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21B54458-5C48-4397-B8FD-7BBA0311F001}\E2964716C6F6 : DHCPNameServer = 172.21.16.1 172.21.16.1
TCP: Interfaces\{E59C517F-B0BB-4B92-B84A-87DBE72FDA87} : NameServer = 8.8.8.8,8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 158.58.173.195 www.google-analytics.com.
Hosts: 158.58.173.195 google-analytics.com.
Hosts: 158.58.173.195 connect.facebook.net.
Hosts: 212.47.195.163 www.google-analytics.com.
Hosts: 212.47.195.163 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-5-21 49464]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files\common files\microsoft shared\phone tools\corecon\11.0\bin\IpOverUsbSvc.exe [2012-9-26 14760]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2014-6-21 227896]
R3 netw5v32;Driver scheda Intel® Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-4 110296]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-6-24 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 StorSvc;Servizio di archiviazione;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-24 49152]
S3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2014-6-22 1343400]
.
=============== Created Last 30 ================
.
2014-10-04 14:44:46 -------- d-----w- C:\FRST
2014-10-04 14:32:26 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-10-04 14:30:39 -------- d-----w- C:\AdwCleaner
2014-10-04 12:33:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-04 12:33:06 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-04 12:33:06 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-04 12:33:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-04 12:33:06 -------- d-----w- c:\programdata\Malwarebytes
2014-10-04 12:33:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-04 11:39:19 3698688 ----a-w- c:\windows\system32\setup.exe
2014-10-04 11:36:13 -------- d-----w- c:\programdata\Avg_Update_0914av
2014-10-04 11:34:55 -------- d-----w- c:\users\mardock\appdata\local\Eztion
2014-10-04 11:34:14 -------- d-----w- c:\users\mardock\appdata\local\Ezction
2014-10-04 11:33:55 107008 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmpE32.exe
2014-10-04 11:29:22 -------- d-----w- c:\programdata\YOOuttuubeAdBlockeo
2014-10-04 11:29:21 -------- d-----w- c:\program files\YOOuttuubeAdBlockeo
2014-10-04 11:29:06 -------- d-----w- c:\users\mardock\appdata\roaming\AVG2015
2014-10-04 11:28:35 -------- d-----w- c:\programdata\7cbbe3612fcc92d6
2014-10-04 11:28:32 -------- d-----w- c:\users\mardock\appdata\local\Comodo
2014-10-04 11:28:26 -------- d-----w- c:\users\mardock\appdata\roaming\TuneUp Software
2014-10-04 11:27:41 -------- d--h--w- C:\$AVG
2014-10-04 11:27:41 -------- d-----w- c:\programdata\AVG2015
2014-10-04 11:27:02 -------- d-----w- c:\program files\AVG
2014-10-04 11:24:23 -------- d--h--w- c:\programdata\Common Files
2014-10-04 11:24:23 -------- d-----w- c:\users\mardock\appdata\local\MFAData
2014-10-04 11:24:23 -------- d-----w- c:\users\mardock\appdata\local\Avg2015
2014-10-04 11:24:23 -------- d-----w- c:\programdata\MFAData
2014-10-04 11:19:58 1821184 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-10-04 10:34:34 -------- d-----w- c:\users\mardock\appdata\roaming\uTorrent
2014-10-03 19:53:42 8806800 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{98afc772-9b49-49c5-bbce-1dfc2b53c15b}\mpengine.dll
2014-09-30 18:42:24 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-30 18:40:51 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-30 18:40:49 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-30 18:40:44 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-30 18:40:44 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-18 16:39:45 342016 ----a-w- c:\windows\system32\eswiaud.dll
2014-09-18 16:39:45 15872 ----a-w- c:\windows\system32\escdev.dll
2014-09-18 16:39:45 128392 ----a-w- c:\windows\system32\esdevapp.exe
2014-09-18 16:39:43 -------- d-----w- c:\program files\epson
2014-09-10 20:54:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 20:54:35 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-07 21:27:02 -------- d-----w- c:\users\mardock\git
2014-09-06 10:07:37 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-09-06 10:07:37 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
==================== Find3M  ====================
.
2014-09-15 07:06:04 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-29 10:16:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-20 19:49:40 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-08-15 14:42:27 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 00:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 12:09:20 204056 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-07-18 13:55:24 230680 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
.
============= FINISH: 16:59:25,31 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:43 PM

Posted 06 October 2014 - 05:19 PM

hi,

 

Your post is a few days old. If you still need help simply reply back.


How Can I Reduce My Risk to Malware?


#3 Mardock3891

Mardock3891
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 06 October 2014 - 11:37 PM

Hi,

my log is just actual.

 

I look that in task manager during start-up of Win7 I've a "tmpXXX.exe" process... .strange!!!.

Please look some screenshot at link belove if you can help me!!

 

https://dl.dropboxusercontent.com/u/53514665/malware.rar

 

Thanks.



#4 Mardock3891

Mardock3891
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 06 October 2014 - 11:43 PM

Here new log

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 11.20.2
Run by Mardock at 6:40:39 on 2014-10-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.2046.818 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://it.search.yahoo.com/?type=614363&fr=spigot-yhp-ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_20\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_20\bin\jp2ssv.dll
uRun: [SearchProtection] "c:\users\mardock\appdata\roaming\search protection\SearchProtection.EXE" /autostart
uRun: [Ezction] c:\users\mardock\appdata\local\ezction\tmp1380.exe
uRun: [Eztion] regsvr32.exe c:\users\mardock\appdata\local\eztion\rpzjuwkkduzdgjo.dll
uRun: [UXmedia] c:\windows\system32\regsvr32.exe c:\users\mardock\appdata\local\ezction\u2lfinra.dll
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1404055497099
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{21B54458-5C48-4397-B8FD-7BBA0311F001} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{21B54458-5C48-4397-B8FD-7BBA0311F001} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21B54458-5C48-4397-B8FD-7BBA0311F001}\E2964716C6F6 : DHCPNameServer = 172.21.16.1 172.21.16.1
TCP: Interfaces\{E59C517F-B0BB-4B92-B84A-87DBE72FDA87} : NameServer = 8.8.8.8,8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 158.58.173.195 www.google-analytics.com.
Hosts: 158.58.173.195 google-analytics.com.
Hosts: 158.58.173.195 connect.facebook.net.
Hosts: 212.47.195.163 www.google-analytics.com.
Hosts: 212.47.195.163 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2014-10-5 98304]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-5-21 49464]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files\common files\microsoft shared\phone tools\corecon\11.0\bin\IpOverUsbSvc.exe [2012-9-26 14760]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2014-6-21 227896]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2014-10-5 3735552]
R3 netw5v32;Driver scheda Intel® Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-6-24 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 StorSvc;Servizio di archiviazione;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-24 49152]
S3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2014-6-22 1343400]
.
=============== Created Last 30 ================
.
2014-10-06 21:12:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2014-10-06 18:39:40 -------- d-----w- c:\program files\SHOUTcast
2014-10-06 17:17:30 108032 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp1380.exe
2014-10-05 19:12:11 -------- d-----w- c:\users\mardock\appdata\local\SpacialAudio
2014-10-05 19:12:11 -------- d-----w- c:\programdata\firebird
2014-10-05 19:08:28 548864 ----a-w- c:\windows\system32\GDS32.DLL
2014-10-05 19:08:12 -------- d-----w- c:\program files\Firebird
2014-10-05 19:08:03 -------- d-----w- c:\program files\SpacialAudio
2014-10-05 13:59:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-05 13:58:16 -------- d-----w- C:\mbar
2014-10-05 11:57:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-10-05 11:57:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-10-04 14:44:46 -------- d-----w- C:\FRST
2014-10-04 14:30:39 -------- d-----w- C:\AdwCleaner
2014-10-04 12:33:06 -------- d-----w- c:\programdata\Malwarebytes
2014-10-04 12:33:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-04 11:34:55 -------- d-----w- c:\users\mardock\appdata\local\Eztion
2014-10-04 11:34:14 -------- d-----w- c:\users\mardock\appdata\local\Ezction
2014-10-04 11:29:22 -------- d-----w- c:\programdata\YOOuttuubeAdBlockeo
2014-10-04 11:29:21 -------- d-----w- c:\program files\YOOuttuubeAdBlockeo
2014-10-04 11:29:06 -------- d-----w- c:\users\mardock\appdata\roaming\AVG2015
2014-10-04 11:28:35 -------- d-----w- c:\programdata\7cbbe3612fcc92d6
2014-10-04 11:28:32 -------- d-----w- c:\users\mardock\appdata\local\Comodo
2014-10-04 11:28:26 -------- d-----w- c:\users\mardock\appdata\roaming\TuneUp Software
2014-10-04 11:27:41 -------- d--h--w- C:\$AVG
2014-10-04 11:27:41 -------- d-----w- c:\programdata\AVG2015
2014-10-04 11:27:02 -------- d-----w- c:\program files\AVG
2014-10-04 11:24:23 -------- d--h--w- c:\programdata\Common Files
2014-10-04 11:24:23 -------- d-----w- c:\users\mardock\appdata\local\MFAData
2014-10-04 11:24:23 -------- d-----w- c:\users\mardock\appdata\local\Avg2015
2014-10-04 11:24:23 -------- d-----w- c:\programdata\MFAData
2014-10-04 11:19:58 1821184 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-10-04 10:36:36 -------- d-----w- c:\users\mardock\appdata\roaming\Search Protection
2014-10-04 10:34:34 -------- d-----w- c:\users\mardock\appdata\roaming\uTorrent
2014-10-03 19:53:42 8806800 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{98afc772-9b49-49c5-bbce-1dfc2b53c15b}\mpengine.dll
2014-09-30 18:42:24 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-30 18:40:51 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-30 18:40:49 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-30 18:40:44 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-30 18:40:44 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-18 16:39:45 342016 ----a-w- c:\windows\system32\eswiaud.dll
2014-09-18 16:39:45 15872 ----a-w- c:\windows\system32\escdev.dll
2014-09-18 16:39:45 128392 ----a-w- c:\windows\system32\esdevapp.exe
2014-09-18 16:39:43 -------- d-----w- c:\program files\epson
2014-09-10 20:54:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 20:54:35 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-07 21:27:02 -------- d-----w- c:\users\mardock\git
.
==================== Find3M  ====================
.
2014-09-15 07:06:04 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-29 10:16:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 14:42:27 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 00:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
.
============= FINISH:  6:42:35,39 ===============


#5 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:43 PM

Posted 07 October 2014 - 04:59 PM

ok. Get a copy of FRST and we will use that. I see you have Malwarebytes, does a updated malwarebytes come up clean after a scan?

Did you add entries to your host file?

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens

    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from, your desktop.
    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#6 Mardock3891

Mardock3891
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 08 October 2014 - 01:43 PM

Hi,

Log of updated Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data scansione: 08/10/2014
Ora scansione: 20:28:05
File di log: 
Amministratore: Si
 
Versione: 2.00.2.1012
Database malware: v2014.10.08.08
Database rootkit: v2014.10.08.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata
 
SO: Windows 7 Service Pack 1
CPU: x86
File system: NTFS
Utente: Mardock
 
Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 333506
Tempo impiegato: 14 min, 8 sec
 
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata
 
Processi: 6
Trojan.Dorkbot.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp1BBA.exe, 2316, , [f058d240a6d649ed28cca2c935cc10f0]
Trojan.Agent.EVGen, C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe, 5620, , [61e7fd150676082e12f01efba261a957]
Trojan.Agent.EVGen, C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe, 3468, , [61e7fd150676082e12f01efba261a957]
Trojan.Agent.EVGen, C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe, 7268, , [61e7fd150676082e12f01efba261a957]
Trojan.Agent.EVGen, C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe, 8628, , [61e7fd150676082e12f01efba261a957]
Trojan.Agent.EVGen, C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe, 9896, , [61e7fd150676082e12f01efba261a957]
 
Moduli: 0
(No malicious items detected)
 
Chiavi di registro: 4
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [91b764ae8eee5adc18cbf3a30bf79e62], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [91b764ae8eee5adc18cbf3a30bf79e62], 
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [f2567c9697e57cba7d34e36044bf718f], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [eb5dda382a52a59122eb67d036cd54ac], 
 
Valori di registro: 6
Trojan.Dorkbot.ED, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ezction, C:\Users\Mardock\AppData\Local\Ezction\tmp1BBA.exe, , [6ade060c017bfc3a827273f815ecf907]
Trojan.Agent.EV, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe", , [400824eecbb188aea160d841ca39a65a]
Hijack.Autorun, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe", , [dd6b52c03a42092df8a7d96e9e65d22e]
Trojan.Agent, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe", , [f3557f9303799b9b122a749d5fa4b947]
Trojan.Agent.EVGen, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LogonUI, "C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe", , [61e7fd150676082e12f01efba261a957]
Trojan.Agent.EVGen, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|LogonUI, "C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe", , [61e7fd150676082e12f01efba261a957]
 
Dati di registro: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-3811733256-560568178-2835578401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://it.search.yahoo.com/?type=614363&fr=spigot-yhp-ie, Buono: (www.google.com), Cattivo (https://it.search.yahoo.com/?type=614363&fr=spigot-yhp-ie),,[8abe37db5824dc5a6d9cb9549b6acd33]
 
Cartelle: 0
(No malicious items detected)
 
File: 6
Trojan.Dorkbot.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp1BBA.exe, , [f058d240a6d649ed28cca2c935cc10f0], 
Trojan.Dorkbot.ED, C:\Users\Mardock\AppData\Local\Ezction\tmp1BBA.exe, , [6ade060c017bfc3a827273f815ecf907], 
Trojan.FakeMS.ED, C:\Users\Mardock\AppData\Local\Temp\tmp3497.exe, , [a8a0858dbbc173c397a2d2fb5aa7bd43], 
PUP.Optional.SearchProtection.A, C:\Users\Mardock\AppData\Roaming\Search Protection\SearchProtection.exe, , [0c3c43cfbebe53e35de00d3b4fb426da], 
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3043487923.job, , [95b340d2fe7eeb4b1a1362e89272768a], 
Trojan.Agent.EVGen, C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe, , [61e7fd150676082e12f01efba261a957], 
 
Settori fisici: 0
(No malicious items detected)
 
 
(end)
 
Please look foolow post for FRTS logs.


#7 Mardock3891

Mardock3891
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 08 October 2014 - 02:01 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by Mardock (administrator) on MARDOCK-PC on 08-10-2014 20:56:20
Running from C:\Users\Mardock\Desktop
Loaded Profile: Mardock (Available profiles: Mardock)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\Windows\system32\CHDAudPropShortcut.exe [61952 2006-07-26] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [139264 2005-10-12] (Intel Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-14] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKU\S-1-5-21-3811733256-560568178-2835578401-1000\...\Run: [Eztion] => regsvr32.exe C:\Users\Mardock\AppData\Local\Eztion\XeroxUtil.dll <===== ATTENTION
HKU\S-1-5-21-3811733256-560568178-2835578401-1000\...\Run: [UXmedia] => C:\Windows\System32\regsvr32.exe C:\Users\Mardock\AppData\Local\Ezction\mc_mux_dv.dll
Startup: C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LogonUI.lnk
ShortcutTarget: LogonUI.lnk -> C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\IEUpdate\LogonUI.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12ADDB4EC7D4CF01
SearchScopes: HKCU - DefaultScope {A7EAF24A-F915-414B-9EE3-5DB6A1BA8FF8} URL = https://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=614363&p={searchTerms}
SearchScopes: HKCU - {A7EAF24A-F915-414B-9EE3-5DB6A1BA8FF8} URL = https://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=614363&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{21B54458-5C48-4397-B8FD-7BBA0311F001}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E59C517F-B0BB-4B92-B84A-87DBE72FDA87}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR CustomProfile: C:\Users\Mardock\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Mardock\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-21]
CHR Extension: (Saving Flash) - C:\Users\Mardock\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2014-10-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-10-12] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2012-09-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 Mvc25U870_VID_1262&PID_25FD; C:\Windows\System32\Drivers\Mvc25U870.sys [51584 2006-01-14] (Micro Vision Co.,Ltd)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-08 20:56 - 2014-10-08 20:57 - 00010327 _____ () C:\Users\Mardock\Desktop\FRST.txt
2014-10-08 20:42 - 2014-10-08 20:42 - 00005201 _____ () C:\Users\Mardock\Desktop\malwarebytes.txt
2014-10-08 20:26 - 2014-10-08 20:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 20:26 - 2014-10-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-08 20:26 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-08 20:26 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-08 20:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-08 20:23 - 2014-10-08 20:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mardock\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-08 20:23 - 2014-10-08 20:23 - 01101312 _____ (Farbar) C:\Users\Mardock\Desktop\FRST.exe
2014-10-08 19:38 - 2014-10-08 20:55 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 19:38 - 2014-10-08 19:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-08 19:38 - 2014-10-08 19:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-08 19:38 - 2014-10-08 19:38 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Macromedia
2014-10-08 19:22 - 2014-10-08 19:22 - 00000000 ____D () C:\Users\Mardock\AppData\Local\Eztion
2014-10-08 19:22 - 2014-10-08 19:22 - 00000000 ____D () C:\Users\Mardock\AppData\Local\Ezction
2014-10-07 22:56 - 2014-10-07 22:56 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-10-07 22:56 - 2014-10-07 22:56 - 00000000 ____D () C:\Users\Mardock\AppData\Local\Vitalwerks
2014-10-07 22:56 - 2014-10-07 22:56 - 00000000 ____D () C:\Program Files\No-IP
2014-10-07 21:12 - 2014-10-07 23:47 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Owubohk
2014-10-07 19:25 - 2014-10-07 19:25 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-07 06:42 - 2014-10-07 06:42 - 02229140 _____ () C:\Users\Mardock\Desktop\malware.rar
2014-10-07 06:42 - 2014-10-07 06:42 - 00014207 _____ () C:\Users\Mardock\Desktop\dds.txt
2014-10-07 06:42 - 2014-10-07 06:42 - 00008619 _____ () C:\Users\Mardock\Desktop\attach.txt
2014-10-07 06:40 - 2014-10-07 06:40 - 00688992 ____R (Swearware) C:\Users\Mardock\Desktop\dds.com
2014-10-06 23:12 - 2014-10-07 23:50 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-10-06 20:39 - 2014-10-07 23:20 - 00000000 ____D () C:\Program Files\SHOUTcast
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SHOUTcast DNAS
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOUTcast DNAS
2014-10-05 21:12 - 2014-10-08 00:00 - 00000000 ____D () C:\ProgramData\firebird
2014-10-05 21:12 - 2014-10-05 21:12 - 00000000 ____D () C:\Users\Mardock\AppData\Local\SpacialAudio
2014-10-05 21:08 - 2014-10-05 21:08 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
2014-10-05 21:08 - 2014-10-05 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
2014-10-05 21:08 - 2014-10-05 21:08 - 00000000 ____D () C:\Program Files\SpacialAudio
2014-10-05 21:08 - 2014-10-05 21:08 - 00000000 ____D () C:\Program Files\Firebird
2014-10-05 21:08 - 2010-09-17 11:13 - 00548864 _____ (Firebird Project) C:\Windows\system32\GDS32.DLL
2014-10-05 18:36 - 2014-10-05 18:36 - 00000000 __RSH () C:\MSDOS.SYS
2014-10-05 18:36 - 2014-10-05 18:36 - 00000000 __RSH () C:\IO.SYS
2014-10-05 15:59 - 2014-10-08 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-05 15:58 - 2014-10-05 19:27 - 00000000 ____D () C:\mbar
2014-10-05 13:57 - 2014-10-05 19:27 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-05 13:57 - 2014-10-05 14:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-04 16:44 - 2014-10-08 20:56 - 00000000 ____D () C:\FRST
2014-10-04 16:30 - 2014-10-05 15:27 - 00000000 ____D () C:\AdwCleaner
2014-10-04 14:33 - 2014-10-08 20:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-04 14:33 - 2014-10-04 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-04 13:29 - 2014-10-04 13:41 - 00000000 ____D () C:\ProgramData\YOOuttuubeAdBlockeo
2014-10-04 13:29 - 2014-10-04 13:39 - 00000000 ____D () C:\Program Files\YOOuttuubeAdBlockeo
2014-10-04 13:29 - 2014-10-04 13:29 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\AVG2015
2014-10-04 13:28 - 2014-10-05 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-04 13:28 - 2014-10-04 13:44 - 00000000 ____D () C:\ProgramData\7cbbe3612fcc92d6
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\TuneUp Software
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\Guest
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-04 13:28 - 2014-10-04 13:28 - 00000000 ____D () C:\Users\Administrator
2014-10-04 13:27 - 2014-10-05 19:27 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-04 13:27 - 2014-10-05 19:20 - 00000000 ____D () C:\Program Files\AVG
2014-10-04 13:27 - 2014-10-04 13:27 - 00000000 ___HD () C:\$AVG
2014-10-04 13:24 - 2014-10-05 19:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-04 13:24 - 2014-10-04 13:36 - 00000000 ____D () C:\Users\Mardock\AppData\Local\Avg2015
2014-10-04 13:24 - 2014-10-04 13:24 - 00000000 ____D () C:\Users\Mardock\AppData\Local\MFAData
2014-10-04 13:20 - 2014-10-07 19:37 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-10-04 12:36 - 2014-10-05 19:27 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Search Protection
2014-10-04 12:36 - 2014-10-04 12:36 - 00000855 _____ () C:\Users\Mardock\Desktop\µTorrent.lnk
2014-10-04 12:34 - 2014-10-05 21:08 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\uTorrent
2014-10-03 21:48 - 2014-10-07 23:05 - 00000000 ____D () C:\Users\Mardock\Desktop\WebRadio
2014-09-30 20:42 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-30 20:40 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:40 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-30 20:40 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-30 20:40 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-28 19:28 - 2014-09-28 19:28 - 00000000 ____D () C:\Users\Mardock\Desktop\Informatica Multimediale
2014-09-25 00:31 - 2014-09-25 00:31 - 00050393 _____ () C:\Users\Mardock\AppData\Local\recently-used.xbel
2014-09-18 18:49 - 2014-09-18 18:49 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\EPSON
2014-09-18 18:39 - 2014-10-05 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-09-18 18:39 - 2014-10-05 19:20 - 00000000 ____D () C:\Program Files\epson
2014-09-18 18:39 - 2014-09-18 18:43 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-09-18 18:39 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-09-18 18:39 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escdev.dll
2014-09-18 18:39 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\eswiaud.dll
2014-09-11 00:50 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 00:50 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 00:50 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 00:50 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 00:50 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 00:50 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 00:50 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 00:50 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 00:50 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 00:50 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 00:50 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 00:50 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 00:50 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 00:50 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 22:54 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 22:54 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-08 20:55 - 2014-06-21 17:25 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\FileZilla
2014-10-08 20:52 - 2009-07-14 06:34 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 20:52 - 2009-07-14 06:34 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 20:50 - 2014-06-21 17:26 - 00000000 ____D () C:\Users\Mardock\Desktop\IPCam
2014-10-08 20:50 - 2009-07-14 06:39 - 00417120 _____ () C:\Windows\setupact.log
2014-10-08 20:49 - 2014-06-21 16:01 - 01393198 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 20:45 - 2014-06-21 16:21 - 00162004 _____ () C:\Windows\PFRO.log
2014-10-08 20:45 - 2014-06-21 16:14 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 20:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 20:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Branding
2014-10-08 20:19 - 2014-06-21 16:14 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 22:37 - 2014-06-21 16:13 - 01669252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 22:37 - 2009-07-14 10:21 - 00746232 _____ () C:\Windows\system32\perfh010.dat
2014-10-07 22:37 - 2009-07-14 10:21 - 00149414 _____ () C:\Windows\system32\perfc010.dat
2014-10-07 06:37 - 2014-06-21 17:29 - 00000000 ___RD () C:\Users\Mardock\Dropbox
2014-10-07 06:35 - 2014-06-21 17:26 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Dropbox
2014-10-05 19:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-05 19:28 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-05 19:27 - 2014-08-14 10:07 - 00000000 ____D () C:\Program Files\7-Zip
2014-10-05 19:27 - 2014-06-21 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-10-05 19:27 - 2014-06-21 17:25 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-10-05 19:27 - 2014-06-21 17:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-05 19:27 - 2014-06-21 16:14 - 00000000 ____D () C:\Program Files\Google
2014-10-05 19:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-05 19:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-05 19:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-05 19:23 - 2014-06-23 19:55 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-05 19:23 - 2009-07-14 10:21 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-10-05 19:23 - 2009-07-14 10:21 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-05 19:23 - 2009-07-14 10:21 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-05 19:23 - 2009-07-14 10:21 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-05 19:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-10-05 19:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-10-05 19:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-10-05 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Web
2014-10-05 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-10-05 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\spp
2014-10-05 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\spool
2014-10-05 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Speech
2014-10-05 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\SMI
2014-10-05 19:22 - 2014-07-09 23:22 - 00000000 ____D () C:\Windows\symbols
2014-10-05 19:22 - 2014-06-23 19:54 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-10-05 19:22 - 2014-06-21 16:46 - 00000000 ____D () C:\Windows\system32\AGEIA
2014-10-05 19:22 - 2009-07-14 10:21 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-05 19:22 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Performance
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NetworkList
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\IME
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\com
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Speech
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\PLA
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\IME
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-10-05 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-10-05 19:21 - 2014-09-07 23:27 - 00000000 ____D () C:\Users\Mardock\git
2014-10-05 19:21 - 2014-08-22 21:03 - 00000000 ____D () C:\Users\Mardock\samsung-sdk
2014-10-05 19:21 - 2014-08-12 19:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-05 19:21 - 2014-07-09 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-10-05 19:21 - 2014-07-09 23:16 - 00000000 ____D () C:\Program Files\Windows Kits
2014-10-05 19:21 - 2014-07-09 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2014-10-05 19:21 - 2014-06-30 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0 Refresh
2014-10-05 19:21 - 2014-06-30 23:25 - 00000000 ____D () C:\Program Files\Microsoft XDE
2014-10-05 19:21 - 2014-06-29 17:42 - 00000000 ____D () C:\Users\Mardock\Documents\WindowsPhone
2014-10-05 19:21 - 2014-06-29 15:41 - 00000000 ____D () C:\Program Files\Windows Phone
2014-10-05 19:21 - 2014-06-29 15:20 - 00000000 ____D () C:\Program Files\Windows Phone Kits
2014-10-05 19:21 - 2014-06-28 22:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-05 19:21 - 2014-06-28 15:59 - 00000000 ____D () C:\ProgramData\Applications
2014-10-05 19:21 - 2014-06-22 14:31 - 00000000 ____D () C:\Program Files\WPF Toolkit
2014-10-05 19:21 - 2014-06-22 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-10-05 19:21 - 2014-06-22 14:23 - 00000000 ____D () C:\Program Files\Microsoft XNA
2014-10-05 19:21 - 2014-06-22 14:22 - 00000000 ____D () C:\Users\Mardock\Documents\Visual Studio 2010
2014-10-05 19:21 - 2014-06-22 11:50 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-10-05 19:21 - 2014-06-21 21:08 - 00000000 ____D () C:\Program Files\Synaptics
2014-10-05 19:21 - 2014-06-21 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-05 19:21 - 2014-06-21 18:39 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Adobe
2014-10-05 19:21 - 2014-06-21 18:08 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Skype
2014-10-05 19:21 - 2014-06-21 18:08 - 00000000 ____D () C:\Users\Mardock\AppData\Local\Skype
2014-10-05 19:21 - 2014-06-21 18:07 - 00000000 ___RD () C:\Program Files\Skype
2014-10-05 19:21 - 2014-06-21 18:07 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 19:21 - 2014-06-21 18:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-05 19:21 - 2014-06-21 17:50 - 00000000 ____D () C:\Users\Mardock\Documents\TomTom
2014-10-05 19:21 - 2014-06-21 17:50 - 00000000 ____D () C:\Users\Mardock\Documents\Sezione Elettrica-Elettronica
2014-10-05 19:21 - 2014-06-21 17:50 - 00000000 ____D () C:\Users\Mardock\Documents\Samsung ACE
2014-10-05 19:21 - 2014-06-21 17:43 - 00000000 ____D () C:\Users\Mardock\Documents\CMS Joomla
2014-10-05 19:21 - 2014-06-21 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-10-05 19:21 - 2014-06-21 17:33 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-05 19:21 - 2014-06-21 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-05 19:21 - 2014-06-21 17:23 - 00000000 ____D () C:\Program Files\PDFCreator
2014-10-05 19:21 - 2014-06-21 17:21 - 00000000 ____D () C:\Program Files\TextPad 7
2014-10-05 19:21 - 2014-06-21 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-05 19:21 - 2014-06-21 17:17 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-10-05 19:21 - 2014-06-21 17:16 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-10-05 19:21 - 2014-06-21 17:15 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-10-05 19:21 - 2014-06-21 17:12 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-10-05 19:21 - 2014-06-21 16:14 - 00000000 ____D () C:\Users\Mardock\AppData\Local\Google
2014-10-05 19:21 - 2014-06-21 16:14 - 00000000 ____D () C:\Users\Mardock\AppData\Local\Apps\2.0
2014-10-05 19:21 - 2014-06-21 16:10 - 00000000 ___RD () C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-05 19:21 - 2009-07-14 10:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-05 19:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-05 19:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-05 19:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-05 19:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-10-05 19:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-10-05 19:21 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-10-05 19:21 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-05 19:21 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-05 19:21 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-05 19:21 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-05 19:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-10-05 19:20 - 2014-08-29 12:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-05 19:20 - 2014-06-30 23:01 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-10-05 19:20 - 2014-06-30 23:01 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-10-05 19:20 - 2014-06-30 23:01 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-05 19:20 - 2014-06-28 22:47 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
2014-10-05 19:20 - 2014-06-28 18:05 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-05 19:20 - 2014-06-24 23:23 - 00000000 ____D () C:\OpenSSL-Win32
2014-10-05 19:20 - 2014-06-22 14:31 - 00000000 ____D () C:\Program Files\Microsoft Expression
2014-10-05 19:20 - 2014-06-22 14:24 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-10-05 19:20 - 2014-06-22 14:19 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-10-05 19:20 - 2014-06-22 14:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-05 19:20 - 2014-06-22 14:11 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-10-05 19:20 - 2014-06-22 14:11 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-10-05 19:20 - 2014-06-22 11:23 - 00000000 ____D () C:\Program Files\Git
2014-10-05 19:20 - 2014-06-21 21:46 - 00000000 ____D () C:\Program Files\Java
2014-10-05 19:20 - 2014-06-21 18:51 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-10-05 19:20 - 2014-06-21 18:49 - 00000000 ____D () C:\Program Files\Intel
2014-10-05 19:20 - 2014-06-21 18:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-05 19:20 - 2014-06-21 18:01 - 00000000 ____D () C:\Program Files\Adobe
2014-10-05 19:20 - 2014-06-21 17:38 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2014-10-05 19:20 - 2014-06-21 17:11 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-05 19:20 - 2014-06-21 17:09 - 00000000 __RHD () C:\MSOCache
2014-10-05 19:20 - 2014-06-21 16:46 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-10-05 19:20 - 2014-06-21 16:44 - 00000000 ____D () C:\NVIDIA
2014-10-05 19:20 - 2014-06-21 16:35 - 00000000 ____D () C:\Program Files\CONEXANT
2014-10-05 19:20 - 2014-06-21 16:29 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-05 19:20 - 2014-06-21 16:29 - 00000000 ____D () C:\Program Files\Hp
2014-10-05 19:20 - 2014-06-21 16:29 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-10-05 19:20 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-10-05 19:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-05 19:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-10-05 19:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-05 18:35 - 2014-06-21 16:10 - 00000000 ____D () C:\Users\Mardock
2014-10-04 15:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-09-25 00:31 - 2014-06-28 18:12 - 00000000 ____D () C:\Users\Mardock\AppData\Local\gtk-2.0
2014-09-25 00:31 - 2014-06-28 18:09 - 00000000 ____D () C:\Users\Mardock\.gimp-2.8
2014-09-24 00:41 - 2014-06-21 17:32 - 00000000 ____D () C:\Users\Mardock\Documents\Development
2014-09-20 21:36 - 2014-06-21 17:35 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\vlc
2014-09-18 21:45 - 2014-06-21 17:27 - 00000000 ____D () C:\Users\Mardock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 18:54 - 2014-06-21 17:47 - 00000000 ____D () C:\Users\Mardock\Documents\Gruppo Giovani
2014-09-15 09:06 - 2014-06-21 16:41 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:31 - 2009-07-14 06:53 - 00032498 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-12 20:13 - 2014-07-09 23:28 - 00000000 ____D () C:\Users\Mardock\Documents\Visual Studio 2012
2014-09-11 00:49 - 2014-06-22 15:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 00:41 - 2014-06-22 15:22 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 19:23 - 2014-06-21 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-07 20:17
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014 01
Ran by Mardock at 2014-10-08 20:58:03
Running from C:\Users\Mardock\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34537 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AVG 2015 (Version: 15.0.4176 - AVG Technologies) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Entity Framework Designer per Visual Studio 2012 - ITA (HKLM\...\{29084E72-16BF-4ED1-A419-C880E8F5F476}) (Version: 11.1.20810.00 - Microsoft Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Firebird 2.5.0.26074 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Git version 1.8.0-preview20121022 (HKLM\...\Git_is1) (Version: 1.8.0-preview20121022 - The Git Development Community)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version:  - )
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}) (Version:  - HP Webcam)
Immagini di emulazione di Windows Phone 7.8 - ita (Version: 11.0.50727 - Microsoft Corporation) Hidden
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 8 Update 5 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Language Pack del Visualizzatore della Guida Microsoft 2.0 - ITA (HKLM\...\Language Pack del Visualizzatore della Guida Microsoft 2.0 - ITA) (Version: 2.0.50727 - Microsoft Corporation)
Language Pack del Visualizzatore della Guida Microsoft 2.0 - ITA (Version: 2.0.50727 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - ITA Lang Pack (HKLM\...\{A52E00C8-2822-4DBE-8298-DE2D2D145E1E}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (Italiano) (HKLM\...\{079CDB66-D3E9-31C8-A597-93382A9A7402}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft Advertising SDK for Windows Phone - ITA (HKLM\...\{4D65E2F0-2CE3-479B-961A-B510979B79C9}) (Version: 5.2.819.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (HKLM\...\{64476BE0-75FA-4E08-97F4-9B3E9EB443FB}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.30816.0) (Version: 4.0.30816.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (Version: 4.0.30816.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM\...\{376D215F-9625-4469-9397-189363085A59}) (Version: 1.0.20817.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{0D6D309A-DADD-449E-B61E-3238129FBD50}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{6D92C207-2687-459D-9617-2F517567F077}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - ITA (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - ITA) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - ITA (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (Version: 2.0.30717.9005 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack (Version: 11.0.60418.17931 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Italiano (HKLM\...\{A21FE4B1-2D55-477F-B22B-60E4733CAECA}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{10722A88-7C26-4F90-A520-88B40A91E485}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{D006CEFE-CAD5-42F3-9566-B4C65702548B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{67C3BCF0-A1C3-4EEA-B94F-1024C250EDA3}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{3695413D-C61A-4363-BDE8-488C5B76FB34}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D3EF2E61-2950-4FB3-AE78-1F5CF963C895}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 System CLR Types (HKLM\...\{1557D888-865E-47F8-908E-E75B0DD6D64C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{8DB9EC00-88D0-43C3-8491-CCE256442F95}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{BBB98A21-75CA-41FE-86B6-D5502D0D42F4}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ITA (HKLM\...\{B23B8C0C-DEAE-4147-AFD4-A000A67CB98C}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ITA (HKLM\...\{851FF26D-DEB9-451D-A148-50D970E2C7E6}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - ITA (11.1.20828.01) (HKLM\...\{432BFCD7-FEE9-414B-B4FB-4C883F68CB8D}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - ITA (11.1.20828.01) (HKLM\...\{C047542D-4D66-4345-B5CE-C019D896DD6B}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{4506A36C-D783-473A-886D-10869597FD50}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2012 32bit Compilers - ITA Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{ACB6D28B-2D17-314C-9C6C-B597C0A3C15A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ITA (Version: 10.1.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Preparation (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools per SQL Server Compact 4.0 SP1 ITA (Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 per Windows Desktop - ITA (HKLM\...\{76e8b526-f338-4d25-ac91-6a867fd0b1cb}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 per Windows Desktop - ITA (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ITA (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer ita Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (ARP entry) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (HKLM\...\XNA Game Studio 4.0) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Refresh (Redists) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (Shared Components) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (Visual Studio) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh Language Pack (it-IT) (HKLM\...\{F5377581-DEE7-43F5-BB1B-0E4E1BCF8CFD}) (Version: 4.0.30912.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
Modello a oggetti di Microsoft Visual Studio Team Foundation Server 2012 Language Pack - ITA (Version: 11.0.60610 - Microsoft Corporation) Hidden
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
No-IP DUC (HKLM\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8AAB4176-A747-493A-A42C-B63CFADFD8E3}) (Version: 9.09.0010 - NVIDIA Corporation)
OpenSSL 1.0.1h Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Prerequisiti per SSDT (HKLM\...\{FEE628F2-8556-4FB1-8F2F-ABD54A7AE6D0}) (Version: 11.0.2100.60 - Microsoft Corporation)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Risorse di Microsoft Visual Studio 2012 Shell (minime) (Version: 11.0.50727 - Microsoft Corporation) Hidden
SAM Broadcaster v4 (HKLM\...\SAM3) (Version: v4 - Spacial Audio Solutions, LLC)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Search Protection (HKCU\...\Search Protection) (Version: 9.8.0.2 - Spigot, Inc.) <==== ATTENTION
Servizio linguaggio T-SQL Microsoft SQL Server 2012 (HKLM\...\{EC4F1EC5-358A-4E92-9E01-1275A7849C5E}) (Version: 11.0.2100.60 - Microsoft Corporation)
SHOUTcast DNAS (remove only) (HKLM\...\SCDNAS) (Version:  - )
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TextPad 7 (HKLM\...\{F5AF1DA4-4929-4BFA-B948-7BDD98A5405F}) (Version: 7.3.0 - Helios)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA (HKLM\...\{22F90F2E-1DA2-4801-A58C-FC3D13297749}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Update 3 (KB2707250) (HKLM\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WCF Data Services SDK for Windows Phone (HKLM\...\{6F33C2E2-5E02-4344-90BC-ED55C48341D2}) (Version: 4.7.6.0 - Microsoft Corporation)
Windows Phone 8.0 Emulation Images (HKLM\...\{7515082B-0B97-331C-9725-9D42EF0DE501}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone 8.0 Managed SDK Profiler (ARM) (HKLM\...\{D6DEA3AD-637E-368A-BD00-501D443F5E86}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone 8.0 Managed SDK Profiler (X86) (HKLM\...\{D21B5F75-8042-3B39-80A1-F1D56D6DB4AB}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{CFF220E2-642C-4B41-87FA-9A634C6E01CF}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows Phone Emulator - ITA (HKLM\...\{C6614109-592D-3101-B734-AC3149CECE0E}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 - Italiano (HKLM\...\Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ITA) (Version: 10.1.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ITA (HKLM\...\{D853CFBA-523D-3167-A632-CED144B01F57}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Assemblies - ita (HKLM\...\{8D31E11B-2639-331F-849A-2C8BE88146E6}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (HKLM\...\{A4CC18F6-DB05-4B03-B724-4128322FA85F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Windows Phone SDK 8.0 Assemblies (HKLM\...\{C7EE26EC-477D-37D0-87B4-ED146C5A9CD2}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone SDK update for WP 7.8 (HKLM\...\{dbf8d9e1-1a4a-4f0d-bb08-bbd1035d583a}) (Version: 11.0.50727.51 - Microsoft Corporation)
Windows Software Development Kit (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext32.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files\Git\git-cheetah\git_shell_ext.dll ()
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Mardock\Desktop\SAM Broadcaster Pro 2014.3 FULL   Crack.rar.exe No File
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3811733256-560568178-2835578401-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mardock\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
03-10-2014 19:53:00 Windows Update
04-10-2014 11:26:29 Installed AVG 2015
04-10-2014 11:27:10 Installed AVG 2015
04-10-2014 14:19:54 Installed Java 7 Update 67
07-10-2014 18:30:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2014-10-07 19:37 - 00001397 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
212.47.195.163 www.google-analytics.com.
212.47.195.163 google-analytics.com.
212.47.195.163 connect.facebook.net.
198.37.114.178 www.google-analytics.com.
198.37.114.178 google-analytics.com.
198.37.114.178 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1BA6C623-156B-4D60-969D-7FCDCD704B9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-08] (Adobe Systems Incorporated)
Task: {DE6737F0-3E03-466F-96C9-3CD4941FA8D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {FE2C665A-D1B5-46D4-8D94-F086C04AA112} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-26 14:42 - 2012-09-26 14:42 - 00228264 _____ () C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbPc.DLL
2014-10-08 19:22 - 2014-10-08 19:22 - 01174528 _____ () C:\Users\Mardock\AppData\Local\Eztion\XeroxUtil.dll
2014-10-04 13:19 - 2014-10-04 13:19 - 02400768 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-10-04 13:19 - 2014-10-04 13:19 - 01821184 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-09-06 18:44 - 2014-09-06 18:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2014-10-08 19:22 - 2014-10-08 19:22 - 01189376 _____ () C:\Users\Mardock\AppData\Local\Ezction\mc_mux_dv.dll
2005-10-12 13:42 - 2005-10-12 13:42 - 00094208 _____ () C:\Windows\system32\Mv25U870Prp.ax
2014-09-28 18:25 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-28 18:25 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-28 18:25 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-28 18:25 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-28 18:25 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Foalcyyhoh => C:\Users\Mardock\AppData\Roaming\Owubohk\seenipe.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3811733256-560568178-2835578401-500 - Administrator - Disabled)
Guest (S-1-5-21-3811733256-560568178-2835578401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3811733256-560568178-2835578401-1002 - Limited - Enabled)
Mardock (S-1-5-21-3811733256-560568178-2835578401-1000 - Administrator - Enabled) => C:\Users\Mardock
 
==================== Faulty Device Manager Devices =============
 
Name: Periferica sistema di base
Description: Periferica sistema di base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Periferica sistema di base
Description: Periferica sistema di base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2014 09:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17567, timestamp: 0x4d6727a7
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x00000000
ID processo che ha generato l'errore: 0x3ec
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3
 
Error: (10/07/2014 08:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17567, timestamp: 0x4d6727a7
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x00000000
ID processo che ha generato l'errore: 0x3f4
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3
 
Error: (10/07/2014 08:19:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17567, timestamp: 0x4d6727a7
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x00000000
ID processo che ha generato l'errore: 0x3f4
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3
 
Error: (10/07/2014 07:45:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Servizi di crittografia: impossibile inizializzare l'oggetto writer del sistema per il backup del servizio Copia Shadow del volume.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
Arresto del sistema in corso...
.
 
Error: (10/07/2014 07:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17567, timestamp: 0x4d6727a7
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x00000000
ID processo che ha generato l'errore: 0x3f0
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3
 
Error: (10/07/2014 07:39:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17567, timestamp: 0x4d6727a7
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x00000000
ID processo che ha generato l'errore: 0x3e4
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3
 
Error: (10/07/2014 06:11:12 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Scaricamento delle stringhe dei contatori delle prestazioni per il servizio WmiApRpl (WmiApRpl) non riuscito. Il primo valore DWORD nella sezione Data contiene il codice di errore.
 
Error: (10/07/2014 06:11:12 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3013) (User: NT AUTHORITY)
Description: Impossibile aggiornare le stringhe dei contatori delle prestazioni definite per l'ID lingua 010. Il primo valore DWORD nella sezione Data contiene il codice di errore.
 
Error: (10/05/2014 01:58:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: SDWSCSvc.exe, versione: 2.3.39.2, timestamp: 0x535a5120
Nome del modulo che ha generato l'errore: rtl150.bpl, versione: 15.0.3953.35171, timestamp: 0x4cca139f
Codice eccezione: 0xc0000005
Offset errore 0x0000a116
ID processo che ha generato l'errore: 0xda4
Ora di avvio dell'applicazione che ha generato l'errore: 0xSDWSCSvc.exe0
Percorso dell'applicazione che ha generato l'errore: SDWSCSvc.exe1
Percorso del modulo che ha generato l'errore: SDWSCSvc.exe2
ID segnalazione: SDWSCSvc.exe3
 
Error: (10/04/2014 05:40:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: UpdateFlashPlayer_a1858bcd.exe, versione: 0.0.0.0, timestamp: 0x542c2e91
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.18247, timestamp: 0x521ea91c
Codice eccezione: 0xc0000005
Offset errore 0x0001f9e5
ID processo che ha generato l'errore: 0x248
Ora di avvio dell'applicazione che ha generato l'errore: 0xUpdateFlashPlayer_a1858bcd.exe0
Percorso dell'applicazione che ha generato l'errore: UpdateFlashPlayer_a1858bcd.exe1
Percorso del modulo che ha generato l'errore: UpdateFlashPlayer_a1858bcd.exe2
ID segnalazione: UpdateFlashPlayer_a1858bcd.exe3
 
 
System errors:
=============
Error: (10/08/2014 08:03:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}
 
Error: (10/07/2014 09:15:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
AFD
CSC
DfsC
discache
ElbyCDIO
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vmm
Wanarpv6
WfpLwf
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Riconoscimento presenza in rete dipende dal servizio Servizio Interfaccia archivio di rete che non è stato avviato per il seguente errore: 
%%1068
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Mini-redirector SMB 2.0 dipende dal servizio Modulo e wrapper mini-redirector SMB che non è stato avviato per il seguente errore: 
%%1068
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Mini-redirector SMB 1.x dipende dal servizio Modulo e wrapper mini-redirector SMB che non è stato avviato per il seguente errore: 
%%1068
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Modulo e wrapper mini-redirector SMB dipende dal servizio Sottosistema buffer reindirizzato che non è stato avviato per il seguente errore: 
%%31
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Helper IP dipende dal servizio Servizio Interfaccia archivio di rete che non è stato avviato per il seguente errore: 
%%1068
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Workstation dipende dal servizio Servizio Interfaccia archivio di rete che non è stato avviato per il seguente errore: 
%%1068
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Interfaccia archivio di rete dipende dal servizio NSI proxy service driver. che non è stato avviato per il seguente errore: 
%%31
 
Error: (10/07/2014 09:15:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Helper NetBIOS di TCP/IP dipende dal servizio Ancillary Function Driver for Winsock che non è stato avviato per il seguente errore: 
%%31
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 59%
Total physical RAM: 2046.05 MB
Available physical RAM: 835.52 MB
Total Pagefile: 4092.11 MB
Available Pagefile: 2707.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1794.58 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:103.08 GB) (Free:47.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:7.68 GB) (Free:1.24 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 283F283F)
Partition 1: (Active) - (Size=103.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.7 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)
 
==================== End Of Log ============================


#8 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:43 PM

Posted 08 October 2014 - 05:50 PM

We will use FRST:

 

Open notepad. Please copy the contents of the code box below:

Save it on the Desktop as fixlist.txt

Run FRST and press the Fix button just once and wait. Machine will reboot to finish the fix
The tool will make a log on the desktop at reboot (Fixlog.txt)-- please post it to your reply

 C:\Users\Mardock\AppData\Roaming\Owubohk\seenipe.exe
 HKU\S-1-5-21-3811733256-560568178-2835578401-1000\...\Run: [Eztion] => regsvr32.exe C:\Users\Mardock\AppData\Local\Eztion\XeroxUtil.dll <===== ATTENTION
 HKU\S-1-5-21-3811733256-560568178-2835578401-1000\...\Run: [UXmedia] => C:\Windows\System32\regsvr32.exe C:\Users\Mardock\AppData\Local\Ezction\mc_mux_dv.dll
 C:\Users\Mardock\AppData\Local\Ezction\mc_mux_dv.dll
 Hosts:
 EmptyTemp:

How Can I Reduce My Risk to Malware?


#9 Mardock3891

Mardock3891
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 08 October 2014 - 11:29 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-10-2014 01
Ran by Mardock at 2014-10-09 06:16:33 Run:1
Running from C:\Users\Mardock\Desktop
Loaded Profile: Mardock (Available profiles: Mardock)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Users\Mardock\AppData\Roaming\Owubohk\seenipe.exe
 HKU\S-1-5-21-3811733256-560568178-2835578401-1000\...\Run: [Eztion] => regsvr32.exe C:\Users\Mardock\AppData\Local\Eztion\XeroxUtil.dll <===== ATTENTION
 HKU\S-1-5-21-3811733256-560568178-2835578401-1000\...\Run: [UXmedia] => C:\Windows\System32\regsvr32.exe C:\Users\Mardock\AppData\Local\Ezction\mc_mux_dv.dll
 C:\Users\Mardock\AppData\Local\Ezction\mc_mux_dv.dll
 Hosts:
 EmptyTemp:
*****************
 
"C:\Users\Mardock\AppData\Roaming\Owubohk\seenipe.exe" => File/Directory not found.
HKU\S-1-5-21-3811733256-560568178-2835578401-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Eztion => value deleted successfully.
HKU\S-1-5-21-3811733256-560568178-2835578401-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UXmedia => value deleted successfully.
C:\Users\Mardock\AppData\Local\Ezction\mc_mux_dv.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 876.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#10 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:43 PM

Posted 09 October 2014 - 04:16 PM

When you ran Malwarebytes it deleted what it found and rebooted your machine?

You can run Adwcleaner also:

 

    Please download Adwcleaner.exe to your desktop.
    Double click on AdwCleaner.exe, select OK, then Run
    Click on the Scan button

   After the scan completes click the Clean button

   Machine may prompt for a reboot

   After the reboot a log will be displayed. Please post the log.


How Can I Reduce My Risk to Malware?


#11 Mardock3891

Mardock3891
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 10 October 2014 - 12:16 PM

Yes, it delated and rebooted.

 

Now, another threat is running :(

 

eklyict.exe

 

Not also iexplore.exe but multiple instances of eklyict.exe.

 

Regards.



#12 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:43 PM

Posted 10 October 2014 - 04:26 PM

ok, Can you scan and post a new FRST log.  If you see eklyict.exe in task manager you can terminate it with end process for now. Need to see where its located to really remove it.


How Can I Reduce My Risk to Malware?


#13 Mardock3891

Mardock3891
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 11 October 2014 - 04:42 AM

It's located in

 

C:\Users\Mardock\AppData\Roaming\Goepewg|\eklyict.exe
 
If I kill eklyict.exe process than it born instantly.....
 
Thanks


#14 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:43 PM

Posted 11 October 2014 - 08:31 AM

Ok. did you run Adwcleaner? Please rerun FRST like you did the first time and post a new log. Also do a scan with your AVG antivirus.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users