Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable virus?


  • This topic is locked This topic is locked
7 replies to this topic

#1 TeckMike95

TeckMike95

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 14 March 2015 - 03:59 AM

Hello everyone,

 

i' m bit scared. While i was surfing on the internet it appeared a windows displaying a file was moving towards the folder sistem32.

 

Here logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Michele at 2015-03-14 09:49:41
Running from C:\Users\Michele\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ares 2.2.4 (HKLM-x32\...\Ares) (Version: 2.2.4-Build#3048 - Ares Development Group)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1347 - DsNET Corp)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Guida di rete WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version:  - )
Epson Guida utente WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.24.0 - International GeoGebra Institute)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
IIS 7.5 Express (HKLM-x32\...\{4D81B0E7-2F76-472A-9A8C-5240A3404BC3}) (Version: 7.5.1190 - Microsoft Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NVIDIA Graphics Driver 268.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.57 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C5EFC8F0-2EDE-4A4D-A4DA-75596405D1FB}) (Version: 4.10.9764 - Apache Software Foundation)
PET 1.00 (HKLM-x32\...\PET 1.00) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Nome società)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.15.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{CFF220E2-642C-4B41-87FA-9A634C6E01CF}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1253568964-3819609821-2818974366-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
 
==================== Restore Points  =========================
 
20-02-2015 20:06:12 Windows Update
20-02-2015 20:54:43 Windows Update
06-03-2015 09:55:55 Windows Update
06-03-2015 23:01:01 Windows Update
14-03-2015 09:22:54 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-06-02 19:14 - 2013-08-11 18:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0DD20C21-5A89-4C01-A02E-2F99BAF3D935} - System32\Tasks\{5ACE004A-6CEB-4F4A-BBB1-5ADC3528598E} => pcalua.exe -a C:\Users\Michele\Downloads\T3vis.exe -d C:\Users\Michele\Downloads
Task: {11A454DF-C959-422C-B2DA-4330E92AAB90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {1E28184E-162E-48DF-893C-034AE6ECB074} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {2CE0BE37-3F5A-4350-B3B7-0DC00E0C635D} - System32\Tasks\{9BD15BE5-8092-4CBC-9410-654147C0C24B} => F:\Setup.exe
Task: {33D49DB0-C969-47AA-B1D4-D1059B31F789} - System32\Tasks\{1690DE14-C133-4D6C-AA0B-FA2944B76796} => pcalua.exe -a "C:\Users\Michele\Desktop\Imperivm GBR-1.28.exe" -d C:\Users\Michele\Desktop
Task: {3663C3CD-5DC0-4FE7-9EA2-EF860B0A36D9} - System32\Tasks\{2857806E-C18D-417C-84B8-DA406315337B} => pcalua.exe -a C:\Users\Michele\Desktop\clear_flash.exe -d C:\Users\Michele\Desktop
Task: {47F16BE7-BBC8-4017-9E00-27651347C38A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4A6B9A4F-C0E9-4B9D-A9FA-36F6B5F6286D} - System32\Tasks\{AF178C38-60BE-467F-AA9A-DD93E0D14E30} => pcalua.exe -a F:\application\Setup.exe -d F:\application
Task: {52D66D27-6BA6-4A29-80D6-3B9BD1324E6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {5D6BF543-929A-4C72-8DE7-0608E3851DA3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {5F742EDC-A58E-4E39-9A5D-C161DA1E7CCD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {665704B0-9901-4366-BC73-4503C0C4A3E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {8E81DE86-6123-44C5-AE30-2710C2F257E2} - System32\Tasks\{F6A9C677-AFE8-4892-8CB5-18D32AB41EF2} => pcalua.exe -a C:\Users\Michele\Desktop\Imperivm_III-1.20-IT.exe -d C:\Users\Michele\Desktop
Task: {98B71FC2-B6BB-4DB1-9F84-6584869AE0F1} - System32\Tasks\{6F2AA751-1260-4FD2-A52D-D138802FF4B0} => F:\Setup.exe
Task: {C2C3A2A2-B5FD-4279-BDEF-03EDD199B570} - System32\Tasks\{78D84D45-FB86-4B5D-B487-785B732FA063} => pcalua.exe -a "C:\Users\Michele\Desktop\Imperivm III-1.40-IT.exe" -d C:\Users\Michele\Desktop
Task: {DB328A5A-DE6B-4839-ACC3-695F39A7B180} - System32\Tasks\{E63379D2-AD76-41B8-ACBF-1DB8967D60F2} => pcalua.exe -a "C:\Program Files (x86)\Patrician III - Impero dei Mari\P3Setup.exe" -d "C:\Program Files (x86)\Patrician III - Impero dei Mari"
Task: {DDA95C7A-9BAF-4E6A-BEE2-EE2FFB31C59C} - System32\Tasks\{7B3FB601-A0DE-4785-AEC8-6D6B3F93EEF6} => pcalua.exe -a C:\Users\Michele\Downloads\JRT.exe -d C:\Users\Michele\Downloads
Task: {E648A28C-0AE2-4477-B1DF-D3B8FF15E34F} - System32\Tasks\{9996D858-3A28-44E9-93B8-7FA30F913718} => pcalua.exe -a F:\EE3AutoRun.exe -d F:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-08-26 10:25 - 2011-02-18 13:09 - 00564088 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\it\Humphrey.resources.dll
2014-08-25 12:19 - 2011-12-15 14:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\it\TosDILangPack.resources.dll
2014-08-25 12:19 - 2011-12-15 14:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2010-12-08 14:42 - 2010-12-08 14:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-05-04 12:10 - 2008-11-17 13:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2014-05-04 12:10 - 2010-05-07 10:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2014-05-04 12:10 - 2010-12-23 12:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2014-05-04 12:10 - 2007-03-30 09:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2014-05-04 12:10 - 2010-12-29 16:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2014-05-04 12:10 - 2008-08-25 16:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2014-05-04 12:10 - 2009-11-26 16:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2014-05-04 12:10 - 2011-03-11 09:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2014-05-04 12:10 - 2009-09-09 13:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2014-05-04 12:10 - 2007-03-30 08:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2014-05-04 12:10 - 2010-11-30 15:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2014-05-04 12:10 - 2010-10-22 09:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2014-05-04 12:10 - 2010-12-29 17:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2014-05-04 12:10 - 2009-08-06 09:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2014-05-04 12:10 - 2010-09-09 17:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2014-05-04 12:10 - 2010-07-13 09:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2014-05-04 12:10 - 2007-08-31 16:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2014-05-04 12:10 - 2010-09-08 16:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2014-05-04 12:10 - 2009-11-27 16:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2014-05-04 12:10 - 2010-11-26 09:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2014-05-04 12:10 - 2007-03-30 09:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2014-05-04 12:10 - 2010-10-22 09:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2014-05-04 12:10 - 2010-08-03 09:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2014-05-04 12:10 - 2010-09-26 10:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2014-05-04 12:10 - 2010-03-02 14:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2014-05-04 12:10 - 2009-06-26 08:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2014-05-04 12:10 - 2010-08-03 09:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2014-05-04 12:10 - 2009-12-04 16:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2014-05-04 12:10 - 2010-09-26 10:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2014-05-04 12:10 - 2008-08-25 15:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2014-05-04 12:10 - 2010-09-08 09:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2014-05-04 12:10 - 2010-04-27 14:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2014-05-04 12:10 - 2011-01-21 14:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2014-05-04 12:10 - 2007-03-30 08:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2014-05-04 12:10 - 2010-11-26 09:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2015-02-20 20:17 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 20:17 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 20:17 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1253568964-3819609821-2818974366-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NBAgent => "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Scan Buttons => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1253568964-3819609821-2818974366-500 - Administrator - Disabled)
Guest (S-1-5-21-1253568964-3819609821-2818974366-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1253568964-3819609821-2818974366-1002 - Limited - Enabled)
Michele (S-1-5-21-1253568964-3819609821-2818974366-1000 - Administrator - Enabled) => C:\Users\Michele
VUSR_MICHELE-TOSH (S-1-5-21-1253568964-3819609821-2818974366-1008 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Scheda miniport WiFi virtuale Microsoft
Description: Scheda miniport WiFi virtuale Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2015 09:46:36 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/10/2015 05:29:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/08/2015 06:36:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002
 
Error: (03/08/2015 06:36:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002
 
Error: (03/08/2015 01:58:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma gimp-2.8.exe versione 2.8.10.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 854
 
Ora di avvio: 01d0599f732ae42e
 
Ora di chiusura: 8
 
Percorso applicazione: C:\Program Files\GIMP 2\bin\gimp-2.8.exe
 
ID segnalazione: d5fbca52-c592-11e4-a50e-aef439914a9b
 
Error: (03/08/2015 01:27:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/07/2015 09:02:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/06/2015 10:56:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/16/2015 01:20:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/15/2015 03:30:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (03/14/2015 09:19:04 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: Errore del Servizio SNMP durante l'accesso alla chiave SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration del Registro di sistema.
 
Error: (03/12/2015 06:53:33 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Errore del Servizio SNMP durante l'accesso alla chiave SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration del Registro di sistema.
 
Error: (03/09/2015 04:57:08 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Errore indeterminato della scheda Bluetooth locale. Tale scheda non verrà utilizzata. Il driver è stato scaricato.
 
Error: (03/09/2015 04:48:12 PM) (Source: Schannel) (EventID: 4114) (User: Michele-TOSH)
Description: Il certificato ricevuto dal server remoto è stato emesso da un'Autorità di certificazione non disponibile nell'elenco locale. Non è pertanto possibile convalidare i dati contenuti nel certificato. La richiesta di connessione SSL non è riuscita. Il certificato server è incluso nei dati allegati.
 
Error: (03/09/2015 04:48:12 PM) (Source: Schannel) (EventID: 4120) (User: Michele-TOSH)
Description: Generato avviso di errore irreversibile: 48. Lo stato dell'errore interno è 552.
 
Error: (03/09/2015 04:47:46 PM) (Source: Schannel) (EventID: 4114) (User: Michele-TOSH)
Description: Il certificato ricevuto dal server remoto è stato emesso da un'Autorità di certificazione non disponibile nell'elenco locale. Non è pertanto possibile convalidare i dati contenuti nel certificato. La richiesta di connessione SSL non è riuscita. Il certificato server è incluso nei dati allegati.
 
Error: (03/09/2015 04:47:46 PM) (Source: Schannel) (EventID: 4120) (User: Michele-TOSH)
Description: Generato avviso di errore irreversibile: 48. Lo stato dell'errore interno è 552.
 
Error: (03/09/2015 04:46:07 PM) (Source: Schannel) (EventID: 4114) (User: Michele-TOSH)
Description: Il certificato ricevuto dal server remoto è stato emesso da un'Autorità di certificazione non disponibile nell'elenco locale. Non è pertanto possibile convalidare i dati contenuti nel certificato. La richiesta di connessione SSL non è riuscita. Il certificato server è incluso nei dati allegati.
 
Error: (03/09/2015 04:46:07 PM) (Source: Schannel) (EventID: 4120) (User: Michele-TOSH)
Description: Generato avviso di errore irreversibile: 48. Lo stato dell'errore interno è 552.
 
Error: (03/09/2015 04:43:25 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Errore del Servizio SNMP durante l'accesso alla chiave SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration del Registro di sistema.
 
 
Microsoft Office Sessions:
=========================
Error: (03/14/2015 09:46:36 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/10/2015 05:29:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/08/2015 06:36:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002 
Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91
 
Error: (03/08/2015 06:36:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002 
Microsoft.SqlServer.Management.SmoMetadataProvider, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91
 
Error: (03/08/2015 01:58:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gimp-2.8.exe2.8.10.085401d0599f732ae42e8C:\Program Files\GIMP 2\bin\gimp-2.8.exed5fbca52-c592-11e4-a50e-aef439914a9b
 
Error: (03/08/2015 01:27:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (03/07/2015 09:02:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (03/06/2015 10:56:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (02/16/2015 01:20:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (02/15/2015 03:30:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-11 19:48:57.507
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-08-11 19:48:57.444
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.232
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.216
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.199
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-06-19 12:43:02.181
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 4073.76 MB
Available physical RAM: 1383.36 MB
Total Pagefile: 8145.71 MB
Available Pagefile: 5036.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:99.09 GB) NTFS
Drive d: (Data) (Fixed) (Total:78.5 GB) (Free:66.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8A71E1AC)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=78.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=70.2 GB) - (Type=05)
 
==================== End Of Log ============================
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Michele (administrator) on MICHELE-TOSH on 14-03-2015 09:47:37
Running from C:\Users\Michele\Downloads
Loaded Profiles: Michele & Classic .NET AppPool & DefaultAppPool (Available profiles: Michele & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [561152 2011-04-20] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKU\S-1-5-21-1253568964-3819609821-2818974366-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1253568964-3819609821-2818974366-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-09-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-09-04] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-09-04] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-09-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-09-04] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-05-14]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.it/"
CHR Profile: C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\Michele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-14] (Avira Operations GmbH & Co. KG)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-21] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [480256 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [32024 2013-07-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-25] (DT Soft Ltd)
S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [478720 2008-05-28] (Hauppauge Computer Works, Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 09:47 - 2015-03-14 09:47 - 02095616 _____ (Farbar) C:\Users\Michele\Downloads\FRST64.exe
2015-03-14 09:47 - 2015-03-14 09:47 - 00018437 _____ () C:\Users\Michele\Downloads\FRST.txt
2015-03-14 09:29 - 2015-03-14 09:34 - 00000000 ____D () C:\Users\Michele\Desktop\Nuova cartella (2)
2015-03-14 09:02 - 2015-03-14 09:03 - 00000000 ____D () C:\Users\Michele\Desktop\Nuova cartella
2015-03-14 09:01 - 2015-03-14 09:01 - 00000000 ____D () C:\Users\Michele\Desktop\Esercitazioni di Matematica - Paolo Marcellini, Carlo Sbordone
2015-03-08 14:12 - 2015-03-08 15:53 - 00000113 _____ () C:\Windows\mgboss_reg.ini
2015-03-08 14:09 - 2015-03-08 15:22 - 00000021 _____ () C:\Windows\mgboss_win.ini
2015-03-07 11:08 - 2015-03-07 11:08 - 00000358 _____ () C:\Windows\PFRO.log
2015-03-06 23:01 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-06 23:01 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-06 12:34 - 2015-03-06 12:34 - 00001404 _____ () C:\Users\Michele\Desktop\II Ciclo.lnk
2015-03-06 09:50 - 2015-03-06 09:50 - 00119880 _____ () C:\Users\Michele\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-06 09:49 - 2015-03-14 09:19 - 00001285 _____ () C:\Windows\setupact.log
2015-03-06 09:49 - 2015-03-06 09:50 - 00454208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-06 09:49 - 2015-03-06 09:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-20 20:53 - 2015-02-20 20:54 - 00001331 _____ () C:\Users\Michele\Desktop\Numeri Complessi.lnk
2015-02-20 20:03 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-20 20:03 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-20 20:03 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-20 20:03 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 18:16 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 18:16 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 18:16 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 18:16 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 09:48 - 2014-07-08 17:07 - 01448009 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 09:47 - 2014-09-04 08:42 - 00000000 ____D () C:\FRST
2015-03-14 09:27 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 09:27 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 09:26 - 2013-06-10 08:33 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-14 09:26 - 2013-06-09 09:40 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-14 09:26 - 2013-06-09 09:40 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-14 09:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-14 09:25 - 2011-02-11 09:40 - 00884024 _____ () C:\Windows\system32\perfh010.dat
2015-03-14 09:25 - 2011-02-11 09:40 - 00201738 _____ () C:\Windows\system32\perfc010.dat
2015-03-14 09:25 - 2009-07-14 06:13 - 02047126 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-14 09:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-03-14 09:20 - 2014-05-04 12:14 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\.oit
2015-03-14 09:19 - 2013-06-14 20:29 - 00000204 _____ () C:\Windows\Tasks\AutoKMS.job
2015-03-14 09:19 - 2011-08-26 10:49 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 09:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 18:54 - 2013-08-17 15:47 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 18:53 - 2009-07-14 06:08 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-10 19:18 - 2011-11-25 19:13 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\uTorrent
2015-03-10 19:16 - 2011-08-26 10:49 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 16:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 08:15 - 2012-10-16 11:25 - 00000000 ___RD () C:\Users\Michele\Desktop\Michele
2015-03-08 19:55 - 2012-06-01 18:00 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\Audacity
2015-03-08 17:53 - 2014-12-05 01:34 - 00000000 ____D () C:\Program Files (x86)\Web Publish
2015-03-08 17:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-03-08 17:49 - 2014-12-05 01:34 - 00000021 _____ () C:\Windows\VB.INI
2015-03-08 17:49 - 2014-12-05 01:34 - 00000013 _____ () C:\Windows\vbaddin.ini
2015-03-08 17:49 - 2011-11-25 19:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-03-08 17:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-03-08 14:06 - 2014-07-07 20:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 13:57 - 2014-06-19 18:49 - 00000000 ____D () C:\Users\Michele\.gimp-2.8
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 11:05 - 2013-07-04 20:26 - 00000000 ____D () C:\Users\Michele\AppData\Local\Ares
2015-02-23 11:04 - 2013-06-05 09:28 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\vlc
2015-02-21 09:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-16 23:06 - 2011-11-25 20:35 - 00000000 ____D () C:\Users\Michele\AppData\Roaming\DAEMON Tools Lite
2015-02-15 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 18:00 - 2014-12-13 10:15 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 18:00 - 2014-05-03 22:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
==================== Files in the root of some directories =======
 
2012-05-30 14:10 - 2012-05-30 14:52 - 0001064 _____ () C:\Users\Michele\AppData\Roaming\mainhst.zgh
2013-06-04 20:25 - 2013-06-15 16:20 - 0000919 _____ () C:\Users\Michele\AppData\Roaming\trace_FilterInstaller.1.txt
2013-06-04 20:25 - 2013-06-04 20:25 - 0001181 _____ () C:\Users\Michele\AppData\Roaming\trace_FilterInstaller.2.txt
2013-06-04 20:25 - 2013-07-05 21:19 - 0001181 _____ () C:\Users\Michele\AppData\Roaming\trace_FilterInstaller.txt
2013-06-04 20:25 - 2013-07-05 21:19 - 0000000 _____ () C:\Users\Michele\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-09-22 21:17 - 2014-06-09 09:48 - 0004608 _____ () C:\Users\Michele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-24 21:54 - 2011-11-24 21:54 - 0000320 _____ () C:\Users\Michele\AppData\Local\FSCache.dat
2014-09-13 07:59 - 2014-09-13 07:59 - 0003874 _____ () C:\Users\Michele\AppData\Local\recently-used.xbel
2011-11-27 12:58 - 2014-09-12 10:44 - 0007617 _____ () C:\Users\Michele\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Michele\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-06 10:54
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 14 March 2015 - 03:59 AM

.


Edited by TeckMike95, 14 March 2015 - 08:43 AM.


#3 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 14 March 2015 - 03:59 AM

.


Edited by TeckMike95, 14 March 2015 - 08:42 AM.


#4 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 14 March 2015 - 03:59 AM

.


Edited by TeckMike95, 14 March 2015 - 08:42 AM.


#5 TeckMike95

TeckMike95
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 14 March 2015 - 04:00 AM

Sorry, the computer had a problem, and i couldn' t close the other topics I opened, sorry


Edited by TeckMike95, 14 March 2015 - 08:44 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 17 March 2015 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1253568964-3819609821-2818974366-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 23 March 2015 - 07:34 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 AM

Posted 29 March 2015 - 08:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users