Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I clicked on email attachment (info.js) and all desktop files were renamed .ccc


  • This topic is locked This topic is locked
11 replies to this topic

#1 venexiano

venexiano

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 10 January 2016 - 06:02 PM

Hi,
 
I clicked on a file attached on an email (info.js) after saving it on the desktop. All desktop files (and only on the desktop) were renamed with extra extension .ccc (e.g: document.pdf became document.pdf.ccc). here are the FRST logs as requestion.
 
thank you very much for your help
A.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by Paolo (administrator) on PORTATILE-GIGIO (10-01-2016 23:17:26)
Running from C:\Documents and Settings\Paolo\Documenti\Downloads
Loaded Profiles: Paolo (Available Profiles: user & Paolo & Adelaide)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Macrovision) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
(TeamViewer GmbH) C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
(UltraVNC) C:\Programmi\UltraVNC\winvnc.exe
() C:\WINDOWS\system32\ati2evxx.exe
(TeamViewer GmbH) C:\Programmi\TeamViewer\Version9\TeamViewer.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Creative Technology Ltd.) C:\WINDOWS\V0220Mon.exe
(Creative Technology Ltd.) C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
(Creative Technology Ltd.) C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
(TeamViewer GmbH) C:\Programmi\TeamViewer\Version9\tv_w32.exe
() C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Programmi\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [57344 2003-08-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WinVNC] => C:\Programmi\UltraVNC\WinVNC.exe [712704 2006-06-18] (UltraVNC)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [V0220Mon.exe] => C:\WINDOWS\V0220Mon.exe [32768 2006-06-28] (Creative Technology Ltd.)
HKLM\...\Run: [AVFX Engine] => C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe [24576 2006-06-09] (Creative Technology Ltd.)
HKLM\...\Run: [fgdh4563] => C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe [327680 2016-01-10] ()
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12] ()
HKU\S-1-5-21-796845957-179605362-725345543-1004\...\Run: [Creative Live! Cam Manager] => C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [143360 2006-05-31] (Creative Technology Ltd.)
HKU\S-1-5-21-796845957-179605362-725345543-1004\...\Run: [fgdh4563] => C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe [327680 2016-01-10] ()
HKU\S-1-5-21-796845957-179605362-725345543-1004\...\MountPoints2: {525a4590-5af5-11e0-babf-000475e804df} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8489984 2008-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\System32\AcSignIcon.dll [2003-02-14] (Autodesk)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{57C987FD-179A-4E29-BC36-31975B00EEBD}: [NameServer] 212.216.112.112,212.216.172.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-796845957-179605362-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.it/
HKU\S-1-5-21-796845957-179605362-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-796845957-179605362-725345543-1004 - Hook per la ricerca di URL Microsoft - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16] (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> C:\Programmi\Norton AntiVirus\NavShExt.dll [2003-12-04] (Symantec Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll [2003-12-04] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-796845957-179605362-725345543-1004 -> Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll [2003-12-04] (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\goobvtwu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012-05-23] [not signed]
FF HKU\S-1-5-21-796845957-179605362-725345543-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://bing.it/
CHR Plugin: (Native Client) - C:\Programmi\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Programmi\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Programmi\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Programmi\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programmi\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Google Search) - C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2008-03-12] (Adobe Systems) [File not signed]
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [376832 2003-09-12] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [114688 2003-09-12] () [File not signed]
S2 AVGIDSAgent; C:\Programmi\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Programmi\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [54784 2004-03-05] (Macrovision) [File not signed]
S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
R3 hpqcxs08; C:\Programmi\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Programmi\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Programmi\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-06-06] (Mozilla Foundation)
S4 navapsvc; C:\Programmi\Norton AntiVirus\navapsvc.exe [158832 2004-05-12] (Symantec Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Programmi\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel® Corporation) [File not signed]
S3 ose; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SAVScan; C:\Programmi\Norton AntiVirus\SAVScan.exe [193816 2003-11-07] (Symantec Corporation)
S3 SNDSrvc; C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe [206048 2004-10-15] (Symantec Corporation)
S4 SymWSC; C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe [308352 2004-08-05] (Symantec Corporation)
R2 TeamViewer9; C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe [5261584 2015-04-09] (TeamViewer GmbH)
R2 winvnc; C:\Programmi\UltraVNC\WinVNC.exe [712704 2006-06-18] (UltraVNC) [File not signed]
S2 adyndrcxx; C:\WINDOWS\system32\gewqz.dll [X]
S2 azrlyi; C:\WINDOWS\system32\gewqz.dll [X]
S2 btohmd; C:\Programmi\Movie Maker\gewqz.dll [X]
S2 dersvme; C:\WINDOWS\system32\gewqz.dll [X]
S2 dmhasxj; C:\WINDOWS\system32\gewqz.dll [X]
S2 euxjwsc; C:\WINDOWS\system32\gewqz.dll [X]
S2 favtm; C:\WINDOWS\system32\gewqz.dll [X]
S2 fmnpfi; C:\Documents and Settings\Paolo\Dati applicazioni\gewqz.dll [X]
S2 gtcqssmfb; C:\WINDOWS\system32\gewqz.dll [X]
S4 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]
S2 idwuec; C:\WINDOWS\system32\gewqz.dll [X]
S2 jhlxrjnif; C:\WINDOWS\system32\gewqz.dll [X]
S2 jwwegzr; C:\WINDOWS\system32\gewqz.dll [X]
S2 jzzotdtm; C:\Programmi\Internet Explorer\gewqz.dll [X]
S2 kbvnbds; C:\WINDOWS\system32\gewqz.dll [X]
S2 kjmavsp; C:\WINDOWS\TEMP\\gewqz.dll [X]
S2 krsomwwe; C:\WINDOWS\system32\gewqz.dll [X]
S2 kskpnx; C:\WINDOWS\system32\gewqz.dll [X]
S2 kwanzz; C:\WINDOWS\system32\gewqz.dll [X]
S2 lbbkapd; C:\WINDOWS\system32\gewqz.dll [X]
S2 liswelxa; C:\WINDOWS\system32\gewqz.dll [X]
S2 ljalmow; C:\WINDOWS\system32\gewqz.dll [X]
S2 mfahuont; C:\WINDOWS\system32\gewqz.dll [X]
S2 mqsvjvraf; C:\WINDOWS\TEMP\\gewqz.dll [X]
S2 nkbfmaxo; C:\WINDOWS\system32\gewqz.dll [X]
S2 nkpds; C:\WINDOWS\system32\gewqz.dll [X]
S2 okhmsx; C:\WINDOWS\TEMP\\gewqz.dll [X]
S2 ooaiy; C:\WINDOWS\system32\gewqz.dll [X]
S2 pgqftltot; C:\WINDOWS\system32\gewqz.dll [X]
S2 poykftz; C:\WINDOWS\system32\gewqz.dll [X]
S2 psdsk; C:\WINDOWS\system32\gewqz.dll [X]
S2 pseto; C:\WINDOWS\system32\gewqz.dll [X]
S2 puzmzc; C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll [X]
S2 pvmdtpqh; C:\WINDOWS\system32\gewqz.dll [X]
S2 pzckii; C:\WINDOWS\system32\gewqz.dll [X]
S2 qazewmxkp; C:\WINDOWS\system32\gewqz.dll [X]
S2 qeygkg; C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll [X]
S2 qnzhfjbt; C:\WINDOWS\system32\gewqz.dll [X]
S2 qqxvtdu; C:\WINDOWS\system32\gewqz.dll [X]
S2 qwuhkkjuw; C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll [X]
S2 rekwyllz; C:\WINDOWS\system32\gewqz.dll [X]
S2 rhrmzv; C:\WINDOWS\system32\gewqz.dll [X]
S2 rkickiin; C:\Programmi\Internet Explorer\gewqz.dll [X]
S2 rmwdxone; C:\WINDOWS\system32\gewqz.dll [X]
S2 rnkfbnfq; C:\WINDOWS\system32\gewqz.dll [X]
S2 rokgvjbk; C:\WINDOWS\system32\gewqz.dll [X]
S2 tlxyeb; C:\WINDOWS\system32\gewqz.dll [X]
S2 tnramnj; C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll [X]
S2 usjdir; C:\WINDOWS\system32\gewqz.dll [X]
S2 vbrzfffq; C:\WINDOWS\system32\gewqz.dll [X]
S2 vdleg; C:\WINDOWS\system32\gewqz.dll [X]
S2 vfskv; C:\Programmi\Movie Maker\gewqz.dll [X]
S2 vjcmwq; C:\WINDOWS\system32\gewqz.dll [X]
S2 weealy; C:\WINDOWS\system32\gewqz.dll [X]
S2 wfexm; C:\WINDOWS\TEMP\\gewqz.dll [X]
S2 wibvq; C:\WINDOWS\system32\gewqz.dll [X]
S2 wijllm; C:\WINDOWS\system32\gewqz.dll [X]
S2 wkfqspzqy; C:\WINDOWS\system32\gewqz.dll [X]
S2 wqbvswm; C:\WINDOWS\system32\gewqz.dll [X]
S2 wujtjgsy; C:\WINDOWS\system32\gewqz.dll [X]
S2 xgkifr; C:\WINDOWS\system32\gewqz.dll [X]
S2 xknqgaxle; C:\WINDOWS\system32\gewqz.dll [X]
S2 xnnrmuze; C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll [X]
S2 xpvijewq; C:\WINDOWS\system32\gewqz.dll [X]
S2 xtqrq; C:\WINDOWS\system32\gewqz.dll [X]
S2 xwlrbs; C:\WINDOWS\system32\gewqz.dll [X]
S2 ydgcvqlup; C:\WINDOWS\system32\gewqz.dll [X]
S2 yqwcva; C:\WINDOWS\system32\gewqz.dll [X]
S2 zuwlgzal; C:\WINDOWS\system32\gewqz.dll [X]
S2 zzpse; C:\WINDOWS\system32\gewqz.dll [X]
S2 zzxkvvnej; C:\WINDOWS\system32\gewqz.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [19968 2004-12-26] (Aladdin Knowledge Systems)
R3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [404736 2003-08-14] (Sensaura Ltd)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [462684 2003-08-15] (Realtek Semiconductor Corp.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 CdaC15BA; C:\WINDOWS\System32\drivers\CDAC15BA.SYS [12464 2004-03-05] (Macrovision Europe Ltd) [File not signed]
R3 EL90Xbc; C:\WINDOWS\System32\DRIVERS\el90Xbc5.SYS [69555 2001-08-22] (3Com Corporation)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R2 hardlock; C:\WINDOWS\System32\drivers\hardlock.sys [665600 2004-12-26] (Aladdin Knowledge Systems) [File not signed]
R2 Haspnt; C:\WINDOWS\System32\drivers\Haspnt.sys [47616 2004-12-26] (Aladdin Knowledge Systems) [File not signed]
R2 HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [52800 1998-09-25] () [File not signed]
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-14] (HP)
S3 NAVENG; C:\Programmi\File comuni\Symantec Shared\VirusDefs\20041023.019\NAVENG.SYS [68168 2004-10-23] (Symantec Corporation)
S3 NAVEX15; C:\Programmi\File comuni\Symantec Shared\VirusDefs\20041023.019\NAVEX15.SYS [617288 2004-10-23] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 SAVRT; C:\Programmi\Norton AntiVirus\SAVRT.SYS [308416 2003-11-07] (Symantec Corporation)
R1 SAVRTPEL; C:\Programmi\Norton AntiVirus\SAVRTPEL.SYS [37056 2003-11-07] (Symantec Corporation)
S3 SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [11040 2004-10-15] (Symantec Corporation)
R3 SymEvent; C:\Programmi\Symantec\SYMEVENT.SYS [82136 2003-08-16] (Symantec Corporation)
S3 SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [171424 2004-10-15] (Symantec Corporation)
S3 SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [34496 2004-10-15] (Symantec Corporation)
S3 SYMIDSCO; C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS [170208 2004-06-29] (Symantec Corporation)
S3 SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [46208 2004-10-15] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [25824 2004-10-15] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [266432 2004-10-15] (Symantec Corporation)
R3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
R3 V0220Dev; C:\WINDOWS\System32\DRIVERS\V0220Dev.sys [146112 2006-06-29] (Creative Technology Ltd.)
R3 V0220Vfx; C:\WINDOWS\System32\DRIVERS\V0220Vfx.sys [6272 2006-06-08] (EyePower Games Pte. Ltd.)
R2 vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [6016 2004-06-26] (RDV Soft) [File not signed]
R3 vncdrv; C:\WINDOWS\System32\DRIVERS\vncdrv.sys [4736 2004-06-26] (RDV Soft) [File not signed]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: jwwegzr -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pgqftltot -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rhrmzv -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: vfskv -> C:\Programmi\Movie Maker\gewqz.dll ==> No File
NETSVC: rkickiin -> C:\Programmi\Internet Explorer\gewqz.dll ==> No File
NETSVC: qwuhkkjuw -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: kjmavsp -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: xnnrmuze -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: wfexm -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: jzzotdtm -> C:\Programmi\Internet Explorer\gewqz.dll ==> No File
NETSVC: fmnpfi -> C:\Documents and Settings\Paolo\Dati applicazioni\gewqz.dll ==> No File
NETSVC: okhmsx -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: xwlrbs -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wibvq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: kwanzz -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: idwuec -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rnkfbnfq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: vbrzfffq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: ljalmow -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wqbvswm -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: adyndrcxx -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xknqgaxle -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: nkbfmaxo -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pzckii -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: tlxyeb -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xgkifr -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: zzxkvvnej -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xtqrq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qnzhfjbt -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: puzmzc -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: vjcmwq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wijllm -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: gtcqssmfb -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: zuwlgzal -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: favtm -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: krsomwwe -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: dersvme -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: weealy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: psdsk -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pvmdtpqh -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: euxjwsc -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qazewmxkp -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: ooaiy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wujtjgsy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xpvijewq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pseto -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: usjdir -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: vdleg -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: tnramnj -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: mqsvjvraf -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: ydgcvqlup -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: kbvnbds -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qeygkg -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: poykftz -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rokgvjbk -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: dmhasxj -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wkfqspzqy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: mfahuont -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: liswelxa -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qqxvtdu -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rmwdxone -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: yqwcva -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: nkpds -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: zzpse -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rekwyllz -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: lbbkapd -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: azrlyi -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: jhlxrjnif -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: kskpnx -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: btohmd -> C:\Programmi\Movie Maker\gewqz.dll ==> No File
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 23:06 - 2016-01-10 23:17 - 00000000 ___DC C:\FRST
2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\ntoxk-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\gxhdu-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 00000254 _____ C:\Documents and Settings\Paolo\Documenti\recover_file_utjqsvdiv.txt
2016-01-10 22:07 - 2016-01-10 22:32 - 00288382 _____ C:\Documents and Settings\Paolo\Desktop\paolo-canestrelli-convegno-smart-grids-un-cambio-di-paradigma-per-le-reti-di-distribuzione-delle-11-11-2015.pdf.ccc
2016-01-10 21:13 - 2016-01-10 22:32 - 00182030 _____ C:\Documents and Settings\Paolo\Desktop\PROSPETTI.pdf.ccc
2016-01-10 21:12 - 2016-01-10 22:32 - 00302894 _____ C:\Documents and Settings\Paolo\Desktop\PIANTA+SEZIONE.pdf
2016-01-10 21:09 - 2016-01-10 22:32 - 20597534 _____ C:\Documents and Settings\Paolo\Desktop\Proposta Angeli def.compressed.pdf.ccc
2016-01-10 00:25 - 2016-01-10 22:28 - 00006990 _____ C:\Documents and Settings\Paolo\Desktop\Alberto dic 2012.jpg.ccc
2016-01-08 21:21 - 2016-01-10 22:32 - 00243422 _____ C:\Documents and Settings\Paolo\Desktop\SAVNO Sepa Sonego.jpg.ccc
2016-01-07 00:37 - 2016-01-10 22:28 - 00071918 _____ C:\Documents and Settings\Paolo\Desktop\Adi esami 05 01 2016.pdf.ccc
2016-01-06 13:55 - 2016-01-10 22:31 - 00074830 _____ C:\Documents and Settings\Paolo\Desktop\ISRRC Hotel_ pensioni_12_feb_2015.pdf.ccc
2016-01-06 13:52 - 2016-01-10 22:31 - 00085262 _____ C:\Documents and Settings\Paolo\Desktop\ISRRC servizi vari.pdf.ccc
2016-01-06 13:51 - 2016-01-10 22:31 - 00095454 _____ C:\Documents and Settings\Paolo\Desktop\ICRRS residences.pdf.ccc
2016-01-06 13:08 - 2016-01-10 22:31 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\IRCCS oncologia medica_files
2016-01-06 13:08 - 2016-01-06 13:08 - 00037780 _____ C:\Documents and Settings\Paolo\Desktop\IRCCS oncologia medica.html
2016-01-06 12:58 - 2016-01-10 22:31 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\IRCCS reparti e primari_files
2016-01-06 12:57 - 2016-01-06 12:58 - 00175907 _____ C:\Documents and Settings\Paolo\Desktop\IRCCS reparti e primari.html
2016-01-05 01:11 - 2016-01-10 22:28 - 00267326 _____ C:\Documents and Settings\Paolo\Desktop\Copia di tim marzo 2015.pdf.ccc
2016-01-05 01:11 - 2016-01-10 22:28 - 00146718 _____ C:\Documents and Settings\Paolo\Desktop\Copia di tim gennaio 2015.pdf.ccc
2016-01-04 17:07 - 2016-01-10 22:28 - 00069742 _____ C:\Documents and Settings\Paolo\Desktop\Adi esami 15 12 2015.pdf.ccc
2015-12-28 23:32 - 2016-01-10 22:31 - 00008862 _____ C:\Documents and Settings\Paolo\Desktop\Fatt. 836 del 28-12-2015 magnetoterapia.pdf.ccc
2015-12-28 22:51 - 2016-01-10 22:31 - 00061358 _____ C:\Documents and Settings\Paolo\Desktop\maree-bilancio2015.doc.ccc
2015-12-28 22:15 - 2016-01-10 22:28 - 00024494 _____ C:\Documents and Settings\Paolo\Desktop\consuntivo anno 2015.doc.ccc
2015-12-27 12:38 - 2016-01-10 22:32 - 00073294 _____ C:\Documents and Settings\Paolo\Desktop\RicevutaPagamento 46a rata dic 2015.pdf.ccc
2015-12-27 12:09 - 2016-01-10 22:28 - 00031150 _____ C:\Documents and Settings\Paolo\Desktop\Cartel1.xls.ccc
2015-12-26 23:55 - 2015-12-26 23:55 - 00000599 _____ C:\Documents and Settings\All Users\Desktop\DocX Viewer.lnk
2015-12-26 23:55 - 2015-12-26 23:55 - 00000000 ___DC C:\epingsoft
2015-12-26 23:55 - 2015-12-26 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Epingsoft
2015-12-24 20:13 - 2016-01-10 22:32 - 00200974 _____ C:\Documents and Settings\Paolo\Desktop\Scarzello fattura n19 del 01 12 2015.jpg.ccc
2015-12-24 20:11 - 2016-01-10 22:32 - 00182766 _____ C:\Documents and Settings\Paolo\Desktop\Scarzello fattura n18 del 01 12 2015.jpg.ccc
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 23:18 - 2004-02-14 23:56 - 00000000 ____D C:\Documents and Settings\Paolo\Impostazioni locali\Temp
2016-01-10 23:17 - 2001-08-31 16:00 - 00000940 _____ C:\WINDOWS\win.ini
2016-01-10 23:15 - 2014-04-14 08:00 - 00000398 _____ C:\WINDOWS\Tasks\Symantec NetDetect.job
2016-01-10 23:09 - 2004-01-24 17:28 - 00000000 ____D C:\WINDOWS
2016-01-10 23:05 - 2004-01-24 16:33 - 00977274 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-10 23:05 - 2001-08-31 16:00 - 00440128 ____C C:\WINDOWS\system32\perfh010.dat
2016-01-10 23:05 - 2001-08-31 16:00 - 00070544 ____C C:\WINDOWS\system32\perfc010.dat
2016-01-10 22:59 - 2010-04-18 21:37 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 22:59 - 2010-04-18 21:37 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 22:58 - 2014-10-01 23:31 - 00001238 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-179605362-725345543-1003UA.job
2016-01-10 22:54 - 2012-04-14 11:47 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-10 22:36 - 2015-03-22 22:30 - 00020910 _____ C:\Documents and Settings\Paolo\Documenti\Ravelli RC70 ditta Quaranta.doc.ccc
2016-01-10 22:36 - 2015-03-18 12:12 - 00639422 _____ C:\Documents and Settings\Paolo\Documenti\ord insula.pdf.ccc
2016-01-10 22:36 - 2012-12-08 22:04 - 00144990 ____C C:\Documents and Settings\Paolo\Documenti\modelloF24 saldo Sonego Paolo.pdf.ccc
2016-01-10 22:36 - 2010-05-23 22:14 - 00105902 ____C C:\Documents and Settings\Paolo\Documenti\raynaud.doc.ccc
2016-01-10 22:36 - 2008-03-20 21:52 - 00000000 ____D C:\eMule
2016-01-10 22:36 - 2008-03-20 18:57 - 00176270 ____C C:\Documents and Settings\Paolo\Documenti\venezia.jpg.ccc
2016-01-10 22:36 - 2004-02-14 23:56 - 00000000 ___RD C:\Documents and Settings\Paolo\Documenti
2016-01-10 22:36 - 2004-02-14 23:56 - 00000000 ___HD C:\Documents and Settings\Paolo\Modelli
2016-01-10 22:35 - 2008-03-18 13:14 - 00376238 ____C C:\Documents and Settings\Paolo\Documenti\floods Pietroburgo.xls.ccc
2016-01-10 22:35 - 2004-02-14 23:57 - 00000000 ___RD C:\Documents and Settings\Paolo\Documenti\Immagini
2016-01-10 22:33 - 2015-11-12 00:21 - 00034734 _____ C:\Documents and Settings\Paolo\Documenti\Armolipid prev FARMAN NEWCO SRL.doc.ccc
2016-01-10 22:33 - 2015-09-18 12:31 - 00000000 ____D C:\Documents and Settings\Paolo\Documenti\Download
2016-01-10 22:33 - 2015-07-13 21:31 - 00028078 _____ C:\Documents and Settings\Paolo\Desktop\zia rina.xls.ccc
2016-01-10 22:33 - 2015-07-11 23:38 - 00148286 _____ C:\Documents and Settings\Paolo\Desktop\visita urologica 20 06 14.jpg.ccc
2016-01-10 22:33 - 2015-02-28 00:22 - 00548782 _____ C:\Documents and Settings\Paolo\Desktop\vetrate o pannelli.doc.ccc
2016-01-10 22:33 - 2015-02-10 21:59 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\vetrate chiesetta e giullare
2016-01-10 22:33 - 2015-02-10 21:39 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\vetrate 60 per 90
2016-01-10 22:33 - 2015-01-10 12:40 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\Volotea - Riepilogo della tua prenotazione_files
2016-01-10 22:33 - 2014-12-14 18:57 - 00020398 ____C C:\Documents and Settings\Paolo\Desktop\Vetrate artistiche.doc.ccc
2016-01-10 22:33 - 2013-04-12 22:36 - 00000000 ____D C:\Documents and Settings\Paolo\Documenti\Alice Mail - Allegati 3_files
2016-01-10 22:33 - 2013-04-12 22:36 - 00000000 ____D C:\Documents and Settings\Paolo\Documenti\Alice Mail - Allegati 2_files
2016-01-10 22:33 - 2013-04-12 22:35 - 00000000 ____D C:\Documents and Settings\Paolo\Documenti\Alice Mail - Allegati_files
2016-01-10 22:33 - 2008-06-05 21:12 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\vladimiro
2016-01-10 22:32 - 2015-11-29 23:40 - 00369118 _____ C:\Documents and Settings\Paolo\Desktop\paolo pensione Corriere.jpg.ccc
2016-01-10 22:32 - 2015-11-29 23:15 - 00310702 _____ C:\Documents and Settings\Paolo\Desktop\paolo pensione Gazzettino.jpg.ccc
2016-01-10 22:32 - 2015-11-24 21:59 - 02975662 _____ C:\Documents and Settings\Paolo\Desktop\Presentazione Carmini 29 nov 15_finale.ppt.ccc
2016-01-10 22:32 - 2015-11-22 23:39 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\probiogermin fedel farma_files
2016-01-10 22:32 - 2015-09-20 22:45 - 00316334 _____ C:\Documents and Settings\Paolo\Desktop\Program_ICPSM_2020.doc.ccc
2016-01-10 22:32 - 2015-08-25 22:49 - 00028382 _____ C:\Documents and Settings\Paolo\Desktop\PREV13  elettroveneta 24 08 15.PDF.ccc
2016-01-10 22:32 - 2015-08-11 21:47 - 00063726 _____ C:\Documents and Settings\Paolo\Desktop\paolo ricerca sangue occulto 29 07 15.pdf.ccc
2016-01-10 22:32 - 2015-04-14 12:19 - 00022446 _____ C:\Documents and Settings\Paolo\Desktop\PAOLO riepilogo per dich redd 2014.doc.ccc
2016-01-10 22:32 - 2015-01-18 12:22 - 00085422 _____ C:\Documents and Settings\Paolo\Desktop\ristoranti vegetariani.doc.ccc
2016-01-10 22:32 - 2014-12-14 22:58 - 00036734 _____ C:\Documents and Settings\Paolo\Desktop\riepilogo Pierina saldo IMU.pdf.ccc
2016-01-10 22:32 - 2014-12-14 22:47 - 00036750 ____C C:\Documents and Settings\Paolo\Desktop\riepilogo Pierina saldo TASI.pdf.ccc
2016-01-10 22:32 - 2014-11-24 22:50 - 00193614 _____ C:\Documents and Settings\Paolo\Desktop\richiesta esami annuali a gennaio.jpg.ccc
2016-01-10 22:32 - 2014-11-24 22:39 - 12175342 _____ C:\Documents and Settings\Paolo\Desktop\scanner prg dia Lorenzago 03 09 2012.pdf.ccc
2016-01-10 22:32 - 2014-10-11 13:59 - 00030126 _____ C:\Documents and Settings\Paolo\Desktop\PELLET.doc.ccc
2016-01-10 22:32 - 2014-04-01 21:48 - 09679374 _____ C:\Documents and Settings\Paolo\Desktop\PRODOTTI PER LA CURA DI PORTE E FINESTRE.pdf.ccc
2016-01-10 22:32 - 2013-05-19 22:14 - 00041902 ____C C:\Documents and Settings\Paolo\Desktop\tassazione lavoro all'estero.doc.ccc
2016-01-10 22:32 - 2008-02-12 16:55 - 00457790 _____ C:\Documents and Settings\Paolo\Desktop\Treo750v_dun_en.pdf.ccc
2016-01-10 22:31 - 2015-12-10 11:15 - 00086190 _____ C:\Documents and Settings\Paolo\Desktop\paolo esami del 04 12 2015.pdf.ccc
2016-01-10 22:31 - 2015-11-30 23:34 - 00676942 _____ C:\Documents and Settings\Paolo\Desktop\Il genio del mare che vigila su Venezia _ ytali (2).pdf.ccc
2016-01-10 22:31 - 2015-11-24 23:45 - 00008158 _____ C:\Documents and Settings\Paolo\Desktop\info.js.ccc
2016-01-10 22:31 - 2015-11-22 16:51 - 00082670 _____ C:\Documents and Settings\Paolo\Desktop\paolo esami del 14 05 2015.pdf.ccc
2016-01-10 22:31 - 2015-11-22 16:51 - 00082606 _____ C:\Documents and Settings\Paolo\Desktop\paolo esami bimestrali 02 10 15 (1).pdf.ccc
2016-01-10 22:31 - 2015-11-11 10:28 - 00066478 _____ C:\Documents and Settings\Paolo\Desktop\formazione comune per ordine ing.doc.ccc
2016-01-10 22:31 - 2015-11-11 09:58 - 00192734 _____ C:\Documents and Settings\Paolo\Desktop\ordinanza 2.jpg.ccc
2016-01-10 22:31 - 2015-11-11 09:56 - 00176318 _____ C:\Documents and Settings\Paolo\Desktop\ordinanza 1.jpg.ccc
2016-01-10 22:31 - 2015-11-04 21:37 - 00113422 _____ C:\Documents and Settings\Paolo\Desktop\impegnativa eco prostata.jpg.ccc
2016-01-10 22:31 - 2015-10-28 08:46 - 00021422 _____ C:\Documents and Settings\Paolo\Desktop\lettera per Pieresca di Milano.doc.ccc
2016-01-10 22:31 - 2015-10-07 22:17 - 00082606 _____ C:\Documents and Settings\Paolo\Desktop\paolo esami bimestrali 02 10 15.pdf.ccc
2016-01-10 22:31 - 2015-10-07 22:11 - 00063790 _____ C:\Documents and Settings\Paolo\Desktop\inr paolo 02 10 15.pdf.ccc
2016-01-10 22:31 - 2015-09-19 13:57 - 00069134 _____ C:\Documents and Settings\Paolo\Desktop\esami paolo 17 09 15.pdf.ccc
2016-01-10 22:31 - 2015-09-18 12:35 - 00210574 _____ C:\Documents and Settings\Paolo\Desktop\ordinanza.jpg.ccc
2016-01-10 22:31 - 2015-09-16 07:35 - 00068206 _____ C:\Documents and Settings\Paolo\Desktop\esami Adi 10 09 15.pdf.ccc
2016-01-10 22:31 - 2015-06-16 22:06 - 00005950 _____ C:\Documents and Settings\Paolo\Desktop\firma Paolo.jpg.ccc
2016-01-10 22:31 - 2015-06-15 23:10 - 00055086 _____ C:\Documents and Settings\Paolo\Desktop\Paolo e Adi Lorenzago modelloF24semplificato (1).pdf.ccc
2016-01-10 22:31 - 2015-06-15 23:05 - 00030766 _____ C:\Documents and Settings\Paolo\Desktop\Paolo e Adi acconto Lorenzago riepilogoCalcolo.pdf.ccc
2016-01-10 22:31 - 2015-06-15 22:27 - 00031150 _____ C:\Documents and Settings\Paolo\Desktop\Paolo acconto ve riepilogoCalcoloIUC completo.pdf.ccc
2016-01-10 22:31 - 2015-03-19 22:00 - 00063790 _____ C:\Documents and Settings\Paolo\Desktop\inr 13 03 15.pdf.ccc
2016-01-10 22:31 - 2015-02-15 00:17 - 00031662 _____ C:\Documents and Settings\Paolo\Desktop\elenco vetrate solo titolo misure e data.xls.ccc
2016-01-10 22:31 - 2015-02-01 20:40 - 34434990 _____ C:\Documents and Settings\Paolo\Desktop\elenco vetrate completo.xls.ccc
2016-01-10 22:31 - 2014-12-14 22:56 - 00054958 ____C C:\Documents and Settings\Paolo\Desktop\modelloF24semplificato Pierina saldo IMU.pdf.ccc
2016-01-10 22:31 - 2014-12-14 22:46 - 00054958 ____C C:\Documents and Settings\Paolo\Desktop\modelloF24 saldo Pierina Tasi.pdf.ccc
2016-01-10 22:31 - 2014-12-14 19:06 - 00020398 _____ C:\Documents and Settings\Paolo\Desktop\OPERE PRESSO PRIVATI.doc.ccc
2016-01-10 22:31 - 2014-12-14 18:40 - 00020398 ____C C:\Documents and Settings\Paolo\Desktop\Opere nei luoghi di culto.doc.ccc
2016-01-10 22:31 - 2014-12-14 18:38 - 00020398 ____C C:\Documents and Settings\Paolo\Desktop\PANNELLI VETRO SMALTI E ORO.doc.ccc
2016-01-10 22:31 - 2014-12-09 22:45 - 00013966 _____ C:\Documents and Settings\Paolo\Desktop\Elettroveneta Presa_in_carico_Bonifico.pdf.ccc
2016-01-10 22:31 - 2014-12-08 22:27 - 00132126 ____C C:\Documents and Settings\Paolo\Desktop\Elettroveneta schema TV.jpg.ccc
2016-01-10 22:31 - 2014-12-07 23:52 - 00191230 _____ C:\Documents and Settings\Paolo\Desktop\Elettroveneta richiesta IVA ridotta.jpg.ccc
2016-01-10 22:31 - 2014-11-24 22:56 - 00164414 _____ C:\Documents and Settings\Paolo\Desktop\fattura Baldovin Mario oscuri.jpg.ccc
2016-01-10 22:31 - 2014-11-16 20:29 - 00130142 _____ C:\Documents and Settings\Paolo\Desktop\modifiche decoro cancello.jpg.ccc
2016-01-10 22:31 - 2014-10-26 21:12 - 00101806 _____ C:\Documents and Settings\Paolo\Desktop\Marty armonico demo.doc.ccc
2016-01-10 22:31 - 2014-05-11 23:33 - 00276222 ____C C:\Documents and Settings\Paolo\Desktop\Guida_bonus_mobili.pdf.ccc
2016-01-10 22:31 - 2014-05-11 23:32 - 00467326 ____C C:\Documents and Settings\Paolo\Desktop\Guida_ristrutturazioni_febbraio.2014.pdf.ccc
2016-01-10 22:31 - 2013-09-12 21:31 - 00183358 _____ C:\Documents and Settings\Paolo\Desktop\esami bimestrali centro trap TV.jpg.ccc
2016-01-10 22:31 - 2013-05-19 22:23 - 00374158 _____ C:\Documents and Settings\Paolo\Desktop\guida_non_residenti.pdf.ccc
2016-01-10 22:31 - 2013-05-19 22:07 - 00021934 _____ C:\Documents and Settings\Paolo\Desktop\Lavorando all'estero.doc.ccc
2016-01-10 22:31 - 2013-05-19 21:59 - 00021934 _____ C:\Documents and Settings\Paolo\Desktop\LAVORO ALL.doc.ccc
2016-01-10 22:31 - 2013-04-12 22:40 - 00226126 _____ C:\Documents and Settings\Paolo\Desktop\INCP13X000041345_00.pdf.ccc
2016-01-10 22:31 - 2012-12-27 21:52 - 00175502 ____C C:\Documents and Settings\Paolo\Desktop\esenzioni ticket.jpg.ccc
2016-01-10 22:31 - 2011-11-09 18:53 - 00020398 _____ C:\Documents and Settings\Paolo\Desktop\MR alberto canestrelli.doc.ccc
2016-01-10 22:31 - 2011-08-01 18:32 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\foto lorenzago
2016-01-10 22:31 - 2009-09-13 10:29 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\esa storm surge
2016-01-10 22:31 - 2008-05-31 23:36 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\frasi da ricordare
2016-01-10 22:31 - 2008-02-12 16:44 - 00006366 _____ C:\Documents and Settings\Paolo\Desktop\PALM_USBMDM.plmo.zip.ccc
2016-01-10 22:30 - 2015-11-13 23:09 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\Eco trasrettale prostata 12 11 15
2016-01-10 22:30 - 2015-10-02 14:02 - 00343022 _____ C:\Documents and Settings\Paolo\Desktop\ds2019alby2 001.jpg.ccc
2016-01-10 22:30 - 2015-10-02 13:12 - 00266142 _____ C:\Documents and Settings\Paolo\Desktop\ds2019alby1.jpg.ccc
2016-01-10 22:30 - 2015-06-16 22:16 - 00040030 _____ C:\Documents and Settings\Paolo\Desktop\dichiarazione_IVA_agevolata_Ev.doc.rtf.ccc
2016-01-10 22:30 - 2015-03-23 23:06 - 00184334 _____ C:\Documents and Settings\Paolo\Desktop\dia attestazione 22 03 15.jpg.ccc
2016-01-10 22:30 - 2015-03-12 22:55 - 00055070 _____ C:\Documents and Settings\Paolo\Desktop\delega carlos.pdf.ccc
2016-01-10 22:30 - 2015-03-09 23:08 - 00736174 _____ C:\Documents and Settings\Paolo\Desktop\Ecco la foto dibiolementi.doc.ccc
2016-01-10 22:30 - 2014-11-24 22:39 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\DIA n 3286 del 03 09 2012
2016-01-10 22:30 - 2014-11-24 22:35 - 00167134 ____C C:\Documents and Settings\Paolo\Desktop\dichiarazione IVA 10 %.jpg.ccc
2016-01-10 22:30 - 2006-10-04 20:43 - 00026030 _____ C:\Documents and Settings\Paolo\Desktop\distacco.doc.ccc
2016-01-10 22:28 - 2015-12-08 23:37 - 00063886 _____ C:\Documents and Settings\Paolo\Desktop\02 12 2015 Paolo INR.pdf.ccc
2016-01-10 22:28 - 2015-11-23 21:50 - 00069790 _____ C:\Documents and Settings\Paolo\Desktop\Adi esami 17 11 15.pdf.ccc
2016-01-10 22:28 - 2015-11-12 00:00 - 00022446 _____ C:\Documents and Settings\Paolo\Desktop\andelica cistiflux plus.doc.ccc
2016-01-10 22:28 - 2015-11-01 22:11 - 00069726 _____ C:\Documents and Settings\Paolo\Desktop\adi esami 27 10 15.pdf.ccc
2016-01-10 22:28 - 2015-10-27 21:33 - 00069614 _____ C:\Documents and Settings\Paolo\Desktop\adi esami 13 10 15.pdf.ccc
2016-01-10 22:28 - 2015-10-22 20:52 - 00152334 _____ C:\Documents and Settings\Paolo\Desktop\Adi pet tac 08 10 15 pag 02.jpg.ccc
2016-01-10 22:28 - 2015-10-22 20:49 - 00265422 _____ C:\Documents and Settings\Paolo\Desktop\Adi pet tac 08 10 15.jpg.ccc
2016-01-10 22:28 - 2015-10-11 14:27 - 00154494 _____ C:\Documents and Settings\Paolo\Desktop\Carlos Contarina spa 04.jpg.ccc
2016-01-10 22:28 - 2015-10-11 14:26 - 00345278 _____ C:\Documents and Settings\Paolo\Desktop\Carlos Contarina spa 03.jpg.ccc
2016-01-10 22:28 - 2015-10-11 14:24 - 00315310 _____ C:\Documents and Settings\Paolo\Desktop\Carlos Contarina spa 02.jpg.ccc
2016-01-10 22:28 - 2015-10-11 14:23 - 00276414 _____ C:\Documents and Settings\Paolo\Desktop\Carlos Contarina spa 01.jpg.ccc
2016-01-10 22:28 - 2015-10-10 22:51 - 00073758 _____ C:\Documents and Settings\Paolo\Desktop\adi 08 09 15.pdf.ccc
2016-01-10 22:28 - 2015-10-10 21:59 - 00064126 _____ C:\Documents and Settings\Paolo\Desktop\adi 22 09 15.pdf.ccc
2016-01-10 22:28 - 2015-10-07 22:05 - 00066110 _____ C:\Documents and Settings\Paolo\Desktop\adi tampone faringeo e nasale 02 10 15.pdf.ccc
2016-01-10 22:28 - 2015-09-20 16:29 - 00048558 _____ C:\Documents and Settings\Paolo\Desktop\Alberto conti vendita 20 09 2015.doc.ccc
2016-01-10 22:28 - 2015-09-01 08:04 - 00069694 _____ C:\Documents and Settings\Paolo\Desktop\adi esami 12 08 15.pdf.ccc
2016-01-10 22:28 - 2015-08-12 22:08 - 00012062 _____ C:\Documents and Settings\Paolo\Desktop\41347_11384.pdf.ccc
2016-01-10 22:28 - 2015-08-12 21:41 - 00074606 _____ C:\Documents and Settings\Paolo\Desktop\Adi esami 29 07 15.pdf.ccc
2016-01-10 22:28 - 2015-07-15 21:11 - 00069550 _____ C:\Documents and Settings\Paolo\Desktop\Adi esami 14 07 15.pdf.ccc
2016-01-10 22:28 - 2015-07-08 20:57 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\alberto
2016-01-10 22:28 - 2015-06-15 22:47 - 00031166 _____ C:\Documents and Settings\Paolo\Desktop\Adi acconto ve riepilogoCalcoloIUC (1).pdf.ccc
2016-01-10 22:28 - 2015-06-05 17:25 - 00095550 _____ C:\Documents and Settings\Paolo\Desktop\Carlos questura Ve.jpg.ccc
2016-01-10 22:28 - 2015-04-27 10:58 - 04524222 _____ C:\Documents and Settings\Paolo\Desktop\2014_GPRS_RAVELLI_IT.pdf.ccc
2016-01-10 22:28 - 2015-03-31 07:56 - 00013982 _____ C:\Documents and Settings\Paolo\Desktop\20150331-Presa_in_carico_Bonifico stufe pellet.pdf.ccc
2016-01-10 22:28 - 2015-03-12 22:57 - 00086622 _____ C:\Documents and Settings\Paolo\Desktop\Carta_d'Identita carlos B-W.jpeg.ccc
2016-01-10 22:28 - 2015-02-28 12:21 - 00065534 _____ C:\Documents and Settings\Paolo\Desktop\circolare_485.pdf.ccc
2016-01-10 22:28 - 2015-02-22 16:44 - 00229918 _____ C:\Documents and Settings\Paolo\Desktop\appunti vetrate pag6.jpg.ccc
2016-01-10 22:28 - 2015-02-22 16:43 - 00286494 _____ C:\Documents and Settings\Paolo\Desktop\appunti vetrate pag5.jpg.ccc
2016-01-10 22:28 - 2015-02-22 16:42 - 00290654 _____ C:\Documents and Settings\Paolo\Desktop\appunti vetrate pag4.jpg.ccc
2016-01-10 22:28 - 2015-02-22 16:40 - 00242846 _____ C:\Documents and Settings\Paolo\Desktop\appunti vetrate pag3.jpg.ccc
2016-01-10 22:28 - 2015-02-22 16:39 - 00295918 _____ C:\Documents and Settings\Paolo\Desktop\appunti vetrate pag2.jpg.ccc
2016-01-10 22:28 - 2015-02-22 16:38 - 00292398 _____ C:\Documents and Settings\Paolo\Desktop\appunti vetrate pag1.jpg.ccc
2016-01-10 22:28 - 2015-01-26 18:06 - 00023982 _____ C:\Documents and Settings\Paolo\Desktop\azioni 26 01 15.doc.ccc
2016-01-10 22:28 - 2015-01-18 22:21 - 00135662 _____ C:\Documents and Settings\Paolo\Desktop\cambio.jpg.ccc
2016-01-10 22:28 - 2014-12-09 22:56 - 00013870 _____ C:\Documents and Settings\Paolo\Desktop\bonifico saldo Baldovin.pdf.ccc
2016-01-10 22:28 - 2014-11-16 20:28 - 00046942 _____ C:\Documents and Settings\Paolo\Desktop\colore cancello.jpg.ccc
2016-01-10 22:28 - 2014-11-10 21:43 - 00031150 _____ C:\Documents and Settings\Paolo\Desktop\CONVENZIONE PENN STATE COMUNE.doc.ccc
2016-01-10 22:28 - 2014-10-26 23:13 - 00020910 _____ C:\Documents and Settings\Paolo\Desktop\Consiglio di Stato scia ecc.doc.ccc
2016-01-10 22:28 - 2013-05-19 21:56 - 00064942 _____ C:\Documents and Settings\Paolo\Desktop\05 TASSAZIONE DEI LAVORATORI ITALIANI ALL.doc.ccc
2016-01-10 22:28 - 2013-05-11 22:21 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\cartuccia 1Gb orchidee robertiana 2012
2016-01-10 22:28 - 2012-02-02 22:32 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\compleanno
2016-01-10 22:28 - 2012-01-30 23:16 - 00000000 ____D C:\Documents and Settings\Paolo\Desktop\assicurazione zia Rina
2016-01-10 22:28 - 2011-12-26 18:43 - 00471246 ____C C:\Documents and Settings\Paolo\Desktop\bando[1].pdf.ccc
2016-01-10 22:28 - 2008-02-26 19:04 - 00000000 ____D C:\Documents and Settings\Paolo\Dati applicazioni\Skype
2016-01-10 22:27 - 2004-02-14 23:56 - 00000000 __RHD C:\Documents and Settings\Paolo\Dati applicazioni
2016-01-10 22:27 - 2004-01-24 16:33 - 00000000 ___HD C:\Documents and Settings\Default User\Modelli
2016-01-10 20:27 - 2012-03-12 19:29 - 00000318 _____ C:\WINDOWS\Tasks\IRQG.job
2016-01-10 20:27 - 2004-01-24 16:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-10 15:05 - 2004-02-14 23:56 - 00000306 ___SH C:\Documents and Settings\Paolo\ntuser.ini
2016-01-10 15:05 - 2004-01-24 17:04 - 00032472 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-09 19:58 - 2014-10-01 23:31 - 00001186 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-179605362-725345543-1003Core.job
2016-01-08 22:59 - 2004-02-14 23:56 - 00000000 ___HD C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni
2016-01-06 11:11 - 2001-08-31 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-04 16:54 - 2012-04-14 11:47 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-04 16:54 - 2012-04-14 11:47 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-28 21:55 - 2004-02-02 23:19 - 00002531 _____ C:\Documents and Settings\Paolo\Desktop\Microsoft Office Word 2003.lnk
2015-12-26 23:55 - 2004-01-24 16:33 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi
2015-12-26 20:12 - 2014-10-01 23:36 - 00001818 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-12-26 19:53 - 2004-01-24 16:33 - 00000000 ___RD C:\Programmi
 
==================== Files in the root of some directories =======
 
2016-01-10 22:27 - 2016-01-10 22:27 - 0327680 _____ () C:\Documents and Settings\Paolo\Dati applicazioni\gxhdu-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 0327680 _____ () C:\Documents and Settings\Paolo\Dati applicazioni\ntoxk-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 0327680 _____ () C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
2008-01-12 16:45 - 2015-02-10 22:05 - 0011264 _____ () C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-26 19:07 - 2008-02-26 19:07 - 0000032 ____C () C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-01-03 20:38 - 2015-06-16 20:41 - 0065056 ____C () C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log
 
Some files in TEMP:
====================
C:\Documents and Settings\Paolo\Impostazioni locali\Temp\1.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================


{b]Addition.txt Log[/b]:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Paolo (2016-01-10 23:19:08)
Running from C:\Documents and Settings\Paolo\Documenti\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2004-01-24 16:00:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Adelaide (S-1-5-21-796845957-179605362-725345543-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Adelaide
Administrator (S-1-5-21-796845957-179605362-725345543-500 - Administrator - Enabled)
Guest (S-1-5-21-796845957-179605362-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-796845957-179605362-725345543-1000 - Limited - Disabled)
Paolo (S-1-5-21-796845957-179605362-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Paolo
SUPPORT_388945a0 (S-1-5-21-796845957-179605362-725345543-1002 - Limited - Disabled)
user (S-1-5-21-796845957-179605362-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG update module (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus (Enabled - Up to date) {B5510F6F-87E1-47F7-A411-360BC453007C}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2DTS2004pack (HKLM\...\ST6UNST #1) (Version: - )
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop 5.5 (HKLM\...\Adobe Photoshop 5.5) (Version: 5.5 - Adobe Systems, Inc.)
Adobe Reader 7.0 - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-A70000000000}) (Version: 007.000.000 - Adobe Systems Incorporated\0)
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
ATI - Programma di disinstallazione (HKLM\...\All ATI Software) (Version: 6.14.10.1005 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5046 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 7.94-030917m-011435C-ATI - )
ATI HydraVision (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: - )
AutoCAD 2004 (HKLM\...\{5783F2D7-0201-0410-0002-0060B0CE6BBA}) (Version: 16.0.0.086 - Autodesk)
AutoCAD Express Tools Volumes 1-9 (HKLM\...\{5783F2D7-0211-0409-0000-0060B0CE6BBA}) (Version: 1.0.0.0 - Autodesk)
Autodesk Express Viewer (HKLM\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version: - )
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C309a (Version: 120.0.202.000 - Hewlett-Packard) Hidden
CC_ccStart (Version: 2.0.0.635 - Symantec Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version: - )
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version: - )
Creative Live! Cam Manager (HKLM\...\Creative Live! Cam Manager) (Version: - )
Creative Live! Cam Video IM Driver (1.01.01.00) (HKLM\...\Creative VF0220) (Version: - )
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: - )
Creative System Information (HKLM\...\SysInfo) (Version: - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D2300 (Version: 70.0.260.000 - Hewlett-Packard) Hidden
D2300_Help (Version: 70.0.260.000 - Hewlett-Packard) Hidden
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Disinstallazione di Serie HP DeskJet 710C (HKLM\...\HP DeskJet 710C Series) (Version: - )
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
DocX Viewer version 1.2 (HKLM\...\DocX Viewer_is1) (Version: 1.2 - )
Driver Detective (HKLM\...\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}) (Version: 7.0.0 - PC Drivers HeadQuarters)
DVDXCopy 1.2.1 b628 (remove only) (HKLM\...\DVDXCopy) (Version: - )
eMule (HKLM\...\eMule) (Version: - )
Enable S3 for USB Device (HKLM\...\Enable S3 for USB Device) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM\...\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}) (Version: 4.2.205.5730 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HASP Device Driver (HKLM\...\HASP Device Driver) (Version: - )
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart and Deskjet 7.0 Software (ita) (HKLM\...\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}) (Version: 7.1 - HP)
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{2D250E57-9890-44a6-B08F-5C02C991EF24}) (Version: 12.0 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
hph_ProductContext (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_readme (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_software (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_software_req (Version: 70.0.260.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel® PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.4.1.2056 - Symantec Corporation)
Look@LAN 2.50 Build 35 (HKLM\...\Look@LAN_1.0) (Version: - )
Manuale dell'utente di Creative Live! Cam Video IM (Italiano) (HKLM\...\Manuale dell'utente di Creative Live! Cam Video IM Italian) (Version: - )
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
MATLAB Family of Products Release 14 (HKLM\...\MatlabR14) (Version: - )
Media Center 9.1 (HKLM\...\Media Center 9.1) (Version: 9.1 - J. River, Inc.)
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 it) (HKLM\...\Mozilla Firefox 30.0 (x86 it)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Norton AntiVirus 2004 (Version: 10.00.00 - Symantec Corporation) Hidden
Norton WMI Update (HKLM\...\{1526D87C-A955-4FAB-BF18-697BA457E352}) (Version: 2005.1.0.111 - Symantec Corporation)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PS_AIO_05_C309_Software_Min (Version: 120.0.206.000 - Hewlett-Packard) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
SafeCast Shared Components (HKLM\...\CdaC13Ba) (Version: - Macrovision)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shockwave (HKLM\...\Shockwave) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SightSpeed (remove only) (HKLM\...\SightSpeed) (Version: 4.5 (4543) - SightSpeed Inc.)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Symantec Network Drivers Update (Version: 5.4.3.11 - Symantec Corporation) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TELEMAC System V5.4 (HKLM\...\{96ED8D83-A4F9-11D4-9297-0050DA349C72}) (Version: - )
TextPad 4.7 (HKLM\...\{B510A987-487E-4C66-9F4F-D386AC275715}) (Version: 4.7.2 - Nome società)
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UltraVNC v1.0.2 (HKLM\...\{A8AD990E-355A-4413-8647-A9B168978423}_is1) (Version: 1.1.0.2 - UltraVNC)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144514 - Microsoft Corporation)
WinMX (HKLM\...\WinMX) (Version: - )
WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 8.1 SR-1 (5266) - WinZip Computing, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programmi\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programmi\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-179605362-725345543-1003Core.job => C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-179605362-725345543-1003UA.job => C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\IRQG.job => C:\WINDOWS\System32\rundll32.exe1 C:\WINDOWS\System32\netevente.dll
Task: C:\WINDOWS\Tasks\Norton AntiVirus - Scansione del computer.job => C:\PROGRA~1\NORTON~1\Navw32.exei/task C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Tasks\mycomp.sca
Task: C:\WINDOWS\Tasks\Symantec NetDetect.job => C:\Programmi\Symantec\LiveUpdate\NDetect.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2003-09-12 15:35 - 2003-09-12 15:35 - 00086016 _____ () C:\WINDOWS\system32\Ati2evxx.dll
2003-09-12 15:33 - 2003-09-12 15:33 - 00376832 _____ () C:\WINDOWS\System32\Ati2evxx.exe
1998-09-25 09:56 - 1998-09-25 09:56 - 00048292 _____ () C:\WINDOWS\system32\HPFlpm13.dll
1998-09-25 09:56 - 1998-09-25 09:56 - 00072368 _____ () C:\WINDOWS\system32\HPFCOM13.DLL
1998-09-25 09:56 - 1998-09-25 09:56 - 00033384 _____ () C:\WINDOWS\system32\HPFIOP13.DLL
1998-09-25 09:56 - 1998-09-25 09:56 - 00137232 _____ () C:\WINDOWS\system32\HPFMLC13.dll
1998-09-25 09:56 - 1998-09-25 09:56 - 00057240 _____ () C:\WINDOWS\system32\HPFMEM13.dll
2006-01-08 17:36 - 2001-08-30 23:07 - 00165888 _____ () C:\WINDOWS\System32\hpgt53.dll
2003-09-12 15:33 - 2003-09-12 15:33 - 00376832 _____ () C:\WINDOWS\system32\Ati2evxx.exe
2004-01-30 23:36 - 2002-05-15 03:42 - 00123392 _____ () C:\Programmi\WinRAR\rarext.dll
2004-01-24 10:34 - 2008-04-13 19:13 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-03-20 17:54 - 2006-06-09 16:48 - 00253952 ____C () C:\Programmi\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll
2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ () C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
2015-12-24 19:23 - 2015-12-24 07:46 - 16792256 _____ () C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-31 16:00 - 2001-08-31 16:00 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-796845957-179605362-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
DNS Servers: 212.216.112.112 - 212.216.172.62
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.exe.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk => C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupreg: AVG_UI => "C:\Programmi\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Programmi\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: MSMSGS => "C:\Programmi\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NBJ => "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
MSCONFIG\startupreg: Skype => "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Programmi\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Programmi\TeamViewer\Version9\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [10109:TCP] => Enabled:Windows Core Service

==================== Restore Points =========================

02-11-2015 22:42:01 Punto di arresto del sistema
13-11-2015 22:36:59 Punto di arresto del sistema
16-11-2015 22:41:08 Punto di arresto del sistema
18-11-2015 09:05:17 Punto di arresto del sistema
22-11-2015 11:16:04 Punto di arresto del sistema
28-11-2015 22:49:21 Punto di arresto del sistema
29-11-2015 23:30:40 Punto di arresto del sistema
01-12-2015 22:51:22 Punto di arresto del sistema
05-12-2015 12:16:12 Punto di arresto del sistema
08-12-2015 22:50:35 Punto di arresto del sistema
13-12-2015 23:21:28 Punto di arresto del sistema
22-12-2015 00:03:41 Punto di arresto del sistema
26-12-2015 20:53:06 Punto di arresto del sistema
29-12-2015 00:11:21 Punto di arresto del sistema
04-01-2016 22:20:02 Punto di arresto del sistema
06-01-2016 13:25:57 Punto di arresto del sistema
08-01-2016 21:50:48 Punto di arresto del sistema
09-01-2016 22:20:24 Punto di arresto del sistema

==================== Faulty Device Manager Devices =============

Name: Intel® PRO/100 VE Network Connection
Description: Intel® PRO/100 VE Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E100B
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Parallel Device
Description: Parallel Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service: HPFECP13
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2015 07:22:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: PORTATILE-GIGIO)
Description: Prodotto: Norton WMI Update -- Un prodotto che richiede Norton WMI Update è già installato sul sistema.

Error: (03/18/2015 10:30:07 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Timeout. Operazione non riuscita.

Error: (10/01/2014 10:54:29 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Impossibile estrarre l'elenco principale di altri produttori dal file .cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo di validità se verificato rispetto all'ora corrente del sistema o al timestamp sul file firmato.

Error: (10/01/2014 10:54:29 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Impossibile estrarre l'elenco principale di altri produttori dal file .cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo di validità se verificato rispetto all'ora corrente del sistema o al timestamp sul file firmato.

Error: (09/28/2014 07:52:48 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Prodotto: AVG 2014 -- Errore 1311. SA_Error1311: StandardAction(0xC007051F): File d'origine non trovato(CAB): C:\Documents and Settings\All Users\Dati applicazioni\AVG2014\SetupBackup\lng_esx.cab. Assicurarsi che il file esista e sia possibile accedervi.

Error: (09/28/2014 07:52:45 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Prodotto: AVG 2014 -- Errore 1311. SA_Error1311: StandardAction(0xC007051F): File d'origine non trovato(CAB): C:\Documents and Settings\All Users\Dati applicazioni\AVG2014\SetupBackup\lng_ztx.cab. Assicurarsi che il file esista e sia possibile accedervi.

Error: (09/28/2014 07:52:43 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Prodotto: AVG 2014 -- Errore 1311. SA_Error1311: StandardAction(0xC007051F): File d'origine non trovato(CAB): C:\Documents and Settings\All Users\Dati applicazioni\AVG2014\SetupBackup\lng_zhx.cab. Assicurarsi che il file esista e sia possibile accedervi.

Error: (09/28/2014 07:52:40 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Prodotto: AVG 2014 -- Errore 1311. SA_Error1311: StandardAction(0xC007051F): File d'origine non trovato(CAB): C:\Documents and Settings\All Users\Dati applicazioni\AVG2014\SetupBackup\lng_trx.cab. Assicurarsi che il file esista e sia possibile accedervi.

Error: (09/28/2014 07:52:38 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Prodotto: AVG 2014 -- Errore 1311. SA_Error1311: StandardAction(0xC007051F): File d'origine non trovato(CAB): C:\Documents and Settings\All Users\Dati applicazioni\AVG2014\SetupBackup\lng_rux.cab. Assicurarsi che il file esista e sia possibile accedervi.

Error: (09/28/2014 07:52:36 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Prodotto: AVG 2014 -- Errore 1311. SA_Error1311: StandardAction(0xC007051F): File d'origine non trovato(CAB): C:\Documents and Settings\All Users\Dati applicazioni\AVG2014\SetupBackup\lng_msx.cab. Assicurarsi che il file esista e sia possibile accedervi.


System errors:
=============
Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Security Center terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Helper Support terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Task Update terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Helper Network terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio wkicnvxvk terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Config Center terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Windows Server terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio System Shell terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Support Installer terminato con l'errore:
%%126

Error: (01/10/2016 08:29:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Server Image terminato con l'errore:
%%126


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 56%
Total physical RAM: 1023.48 MB
Available physical RAM: 440.14 MB
Total Virtual: 2464.77 MB
Available Virtual: 1432.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.32 GB) (Free:16.78 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Volume) (Fixed) (Total:114.49 GB) (Free:29.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 76.3 GB) (Disk ID: E6A3E6A3)
Partition 1: (Active) - (Size=76.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 114.5 GB) (Disk ID: E6D7E6D7)
Partition 1: (Not Active) - (Size=114.5 GB) - (Type=42)

==================== End of Addition.txt ============================

Attached Files


Edited by Valinorum, 11 January 2016 - 01:05 AM.
Pasted Addition.txt log from the attachment.


BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 11 January 2016 - 01:04 AM

Hi venexiano, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

I have bad news for you. Your system has been infected by one of the variants of Teslacrypt Ransomware. We can remove the malware from your system but there are no ways to recover your files unless you have external backup.


 
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [fgdh4563] => C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe [327680 2016-01-10] ()
      HKU\S-1-5-21-796845957-179605362-725345543-1004\...\Run: [fgdh4563] => C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe [327680 2016-01-10] ()
      HKU\S-1-5-21-796845957-179605362-725345543-1004\...\MountPoints2: {525a4590-5af5-11e0-babf-000475e804df} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
      HKU\S-1-5-21-796845957-179605362-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.it/
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
      SearchScopes: HKLM -> DefaultScope value is missing
      NETSVC: jwwegzr -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: pgqftltot -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: rhrmzv -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: vfskv -> C:\Programmi\Movie Maker\gewqz.dll ==> No File
      NETSVC: rkickiin -> C:\Programmi\Internet Explorer\gewqz.dll ==> No File
      NETSVC: qwuhkkjuw -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
      NETSVC: kjmavsp -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
      NETSVC: xnnrmuze -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
      NETSVC: wfexm -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
      NETSVC: jzzotdtm -> C:\Programmi\Internet Explorer\gewqz.dll ==> No File
      NETSVC: fmnpfi -> C:\Documents and Settings\Paolo\Dati applicazioni\gewqz.dll ==> No File
      NETSVC: okhmsx -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
      NETSVC: xwlrbs -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: wibvq -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: kwanzz -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: idwuec -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: rnkfbnfq -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: vbrzfffq -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: ljalmow -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: wqbvswm -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: adyndrcxx -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: xknqgaxle -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: nkbfmaxo -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: pzckii -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: tlxyeb -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: xgkifr -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: zzxkvvnej -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: xtqrq -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: qnzhfjbt -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: puzmzc -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
      NETSVC: vjcmwq -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: wijllm -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: gtcqssmfb -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: zuwlgzal -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: favtm -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: krsomwwe -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: dersvme -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: weealy -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: psdsk -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: pvmdtpqh -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: euxjwsc -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: qazewmxkp -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: ooaiy -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: wujtjgsy -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: xpvijewq -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: pseto -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: usjdir -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: vdleg -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: tnramnj -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
      NETSVC: mqsvjvraf -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
      NETSVC: ydgcvqlup -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: kbvnbds -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: qeygkg -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
      NETSVC: poykftz -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: rokgvjbk -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: dmhasxj -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: wkfqspzqy -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: mfahuont -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: liswelxa -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: qqxvtdu -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: rmwdxone -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: yqwcva -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: nkpds -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: zzpse -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: rekwyllz -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: lbbkapd -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: azrlyi -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: jhlxrjnif -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: kskpnx -> C:\WINDOWS\system32\gewqz.dll ==> No File
      NETSVC: btohmd -> C:\Programmi\Movie Maker\gewqz.dll ==> No File
      2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
      2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\ntoxk-a.exe
      2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\gxhdu-a.exe
      2016-01-10 22:27 - 2016-01-10 22:27 - 00000254 _____ C:\Documents and Settings\Paolo\Documenti\recover_file_utjqsvdiv.txt
      C:\Documents and Settings\Paolo\Impostazioni locali\Temp\1.exe
      cmd: bitsadmin /reset /allusers
      cmd: ipconfig /flushdns
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 14 January 2016 - 09:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 17 January 2016 - 09:55 PM

This topic has been re-opened at the request of the person who originally posted.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 20 January 2016 - 11:20 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 24 January 2016 - 09:29 AM

This topic has been re-opened at the request of the person who originally posted.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 venexiano

venexiano
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 24 January 2016 - 03:54 PM

Hi,

 

sorry when I saw your private message I already run the FRST fix (after bloodydoll's program successfully decripted all the files in my computer). Here is FRST log:

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Paolo (2016-01-24 13:25:16) Run:1
Running from C:\Documents and Settings\Paolo\Desktop
Loaded Profiles: Paolo (Available Profiles: user & Paolo & Adelaide)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
HKLM\...\Run: [] => [X]
HKLM\...\Run: [fgdh4563] => C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe [327680 2016-01-10] ()
HKU\S-1-5-21-796845957-179605362-725345543-1004\...\Run: [fgdh4563] => C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe [327680 2016-01-10] ()
HKU\S-1-5-21-796845957-179605362-725345543-1004\...\MountPoints2: {525a4590-5af5-11e0-babf-000475e804df} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-796845957-179605362-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.it/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
NETSVC: jwwegzr -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pgqftltot -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rhrmzv -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: vfskv -> C:\Programmi\Movie Maker\gewqz.dll ==> No File
NETSVC: rkickiin -> C:\Programmi\Internet Explorer\gewqz.dll ==> No File
NETSVC: qwuhkkjuw -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: kjmavsp -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: xnnrmuze -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: wfexm -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: jzzotdtm -> C:\Programmi\Internet Explorer\gewqz.dll ==> No File
NETSVC: fmnpfi -> C:\Documents and Settings\Paolo\Dati applicazioni\gewqz.dll ==> No File
NETSVC: okhmsx -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: xwlrbs -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wibvq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: kwanzz -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: idwuec -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rnkfbnfq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: vbrzfffq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: ljalmow -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wqbvswm -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: adyndrcxx -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xknqgaxle -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: nkbfmaxo -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pzckii -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: tlxyeb -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xgkifr -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: zzxkvvnej -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xtqrq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qnzhfjbt -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: puzmzc -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: vjcmwq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wijllm -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: gtcqssmfb -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: zuwlgzal -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: favtm -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: krsomwwe -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: dersvme -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: weealy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: psdsk -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pvmdtpqh -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: euxjwsc -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qazewmxkp -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: ooaiy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wujtjgsy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: xpvijewq -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: pseto -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: usjdir -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: vdleg -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: tnramnj -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: mqsvjvraf -> C:\WINDOWS\TEMP\\gewqz.dll ==> No File
NETSVC: ydgcvqlup -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: kbvnbds -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qeygkg -> C:\Documents and Settings\NetworkService\Dati applicazioni\gewqz.dll ==> No File
NETSVC: poykftz -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rokgvjbk -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: dmhasxj -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: wkfqspzqy -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: mfahuont -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: liswelxa -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: qqxvtdu -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rmwdxone -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: yqwcva -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: nkpds -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: zzpse -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: rekwyllz -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: lbbkapd -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: azrlyi -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: jhlxrjnif -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: kskpnx -> C:\WINDOWS\system32\gewqz.dll ==> No File
NETSVC: btohmd -> C:\Programmi\Movie Maker\gewqz.dll ==> No File
2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\ntoxk-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 00327680 _____ C:\Documents and Settings\Paolo\Dati applicazioni\gxhdu-a.exe
2016-01-10 22:27 - 2016-01-10 22:27 - 00000254 _____ C:\Documents and Settings\Paolo\Documenti\recover_file_utjqsvdiv.txt
C:\Documents and Settings\Paolo\Impostazioni locali\Temp\1.exe
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\fgdh4563 => value removed successfully.
HKU\S-1-5-21-796845957-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\fgdh4563 => value removed successfully.
"HKU\S-1-5-21-796845957-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{525a4590-5af5-11e0-babf-000475e804df}" => key removed successfully.
HKCR\CLSID\{525a4590-5af5-11e0-babf-000475e804df} => key not found. 
HKU\S-1-5-21-796845957-179605362-725345543-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs jwwegzr => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pgqftltot => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rhrmzv => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vfskv => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rkickiin => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs qwuhkkjuw => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs kjmavsp => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xnnrmuze => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wfexm => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs jzzotdtm => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs fmnpfi => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs okhmsx => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xwlrbs => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wibvq => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs kwanzz => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs idwuec => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rnkfbnfq => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vbrzfffq => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ljalmow => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wqbvswm => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs adyndrcxx => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xknqgaxle => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs nkbfmaxo => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pzckii => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs tlxyeb => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xgkifr => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs zzxkvvnej => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xtqrq => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs qnzhfjbt => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs puzmzc => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vjcmwq => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wijllm => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs gtcqssmfb => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs zuwlgzal => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs favtm => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs krsomwwe => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs dersvme => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs weealy => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs psdsk => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pvmdtpqh => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs euxjwsc => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs qazewmxkp => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ooaiy => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wujtjgsy => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xpvijewq => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pseto => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs usjdir => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vdleg => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs tnramnj => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mqsvjvraf => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ydgcvqlup => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs kbvnbds => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs qeygkg => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs poykftz => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rokgvjbk => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs dmhasxj => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wkfqspzqy => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mfahuont => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs liswelxa => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs qqxvtdu => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rmwdxone => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs yqwcva => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs nkpds => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs zzpse => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rekwyllz => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs lbbkapd => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs azrlyi => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs jhlxrjnif => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs kskpnx => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs btohmd => value removed successfully.
"C:\Documents and Settings\Paolo\Dati applicazioni\phpgj-a.exe" => not found.
C:\Documents and Settings\Paolo\Dati applicazioni\ntoxk-a.exe => moved successfully
C:\Documents and Settings\Paolo\Dati applicazioni\gxhdu-a.exe => moved successfully
C:\Documents and Settings\Paolo\Documenti\recover_file_utjqsvdiv.txt => moved successfully
C:\Documents and Settings\Paolo\Impostazioni locali\Temp\1.exe => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
"bitsadmin" non  riconosciuto come comando interno o esterno,
 un programma eseguibile o un file batch.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
 
Configurazione IP di Windows
 
 
 
Svuotata la cache del resolver DNS.
 
 
========= End of CMD: =========
 
EmptyTemp: => 429.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:27:14 ====


#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 24 January 2016 - 10:59 PM

Please post a fresh FRST scan log for my perusal.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 27 January 2016 - 10:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,775 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:32 AM

Posted 02 February 2016 - 12:56 PM

This topic has been re-opened at the request of the person who originally posted.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 06 February 2016 - 10:18 AM

Greetings,

I am stepping in for Valinorum who will be away for a short period of time so that there will not be any delay on our end in assisting your.

Though you have asked for the topic to be re-opened you have not replied.

If you fail to reply within the next 24 hours this Topic will be permanently closed and you will need to open a new Topic.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 PM

Posted 07 February 2016 - 10:13 AM

Due to the lack of feedback, this topic is now permanently closed.

 

If you still desire assistance please post a new Topic when you have the availability to reply in a timely fashion.


Edited by Oh My!, 07 February 2016 - 10:15 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users