Jump to content

gis74

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Ron, I am writing from another laptop now as unfortunately my one is completely dead. I can no longer start it, and whenever the startup is successful, it will fail very quickly showing strange drawings on the screen. I am not sure if it is hardware failure (as I suspect) or software failure (as I hope), but I have decided to re-install the operating system and give it a try with ubuntu. So I guess this request can be closed, just meant to say thank you for your help so far. Many thanks and take care, Davide
  2. Hi Ron, I am sure 100% I have admin rights. I have installed/removed software before (and indeed I installed AVG 2014 with the same user). I guess this is the problem with the infection I have got. If it is safe I would remove it forcefully. Let me know your thoughts.
  3. Hi Ron, sorry for the late reply but I have had internect connection issue at home for the last 3/4 days. I tried again to uninstall AVG from the control pane, but I am still getting the same error: You do not have sufficient access to uninstall AVG 2014. Please contact your system administrator Don't know what to do. Cheers, Davide
  4. Hi Ron, I have followed the instructions but I am afraid I had an issue. I ran combofix and after it completed the 50 stages a message appeared that it was removing a couple of files (can't remember the exact names but one of them was somehting like windowini). However once got to this stage the run seemed to be stuck and it stayed there for 3 hours. After this time I forcly rebooted the laptop. Now I cannot find any combofix.txt file in C:\. Any idea what was going on, should I re-run it and if the same thing happens wait for longer than 3 hours? Another thing worth mentioning is that as soon as I ran it I got a message saying that there was some component of AVG 2012 running and asking to disable them. I was surprise as I have installed AVG 2014 (and it is not working as mentioned previously) so I clicked the continue botton and pressed yes once been prompted that there might be some risk in continuing. Hope that all the above is clear, please advice and don't hesitate to ask if you need more info. Many thanks, Davide
  5. Hi Ron, log below. Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:18-06-2014 Ran by davide at 2014-06-19 21:00:06 Run:2 Running from C:\Users\davide\Desktop\INFECTION_201406 Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: H - H:\LaunchU3.exe -a Toolbar: HKLM - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File CHR Plugin: (Java™ Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe Task: {425AED47-3261-4060-B241-D569F66D467C} - \RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION Task: {4C79C113-6881-412B-A647-B497E0FEDA05} - \RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION Task: {AF756B4A-7BA0-4D21-B1D8-7B364807F99C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe ***************** HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully. 'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found. C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll not found. C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found. C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{425AED47-3261-4060-B241-D569F66D467C}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{425AED47-3261-4060-B241-D569F66D467C}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C79C113-6881-412B-A647-B497E0FEDA05}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C79C113-6881-412B-A647-B497E0FEDA05}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF756B4A-7BA0-4D21-B1D8-7B364807F99C}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF756B4A-7BA0-4D21-B1D8-7B364807F99C}' => Key deleted successfully. C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater' => Key deleted successfully. C:\Windows\Tasks\Google Software Updater.job => Moved successfully. ==== End of Fixlog ==== Cheers, Davide
  6. Hi Ron, below the logs: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014 Ran by davide (administrator) on DAVIDE-PC on 18-06-2014 21:06:36 Running from C:\Users\davide\Desktop\INFECTION_201406 Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Acer\ALaunch\ALaunchSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Windows\LogWatNT.exe () C:\Acer\Mobility Center\MobilityService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Realtek Semiconductor Corp.) C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-26] (HiTRUST) HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [772616 2007-08-15] (Dritek System Inc.) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.) HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-03] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-03] (NVIDIA Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-07] (AVAST Software) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify] => C:\Users\davide\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-27] (Spotify Ltd) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify Web Helper] => C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: H - H:\LaunchU3.exe -a Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm StartMenuInternet: IEXPLORE.EXE - iexplore.exe BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (HiTRUST) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST) Toolbar: HKLM - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll () Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default FF SearchEngineOrder.1: Yahoo! (Avast) FF Homepage: hxxp://www.chess.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13.1 - C:\Users\davide\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-it.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-it.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\hoepli.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-it.xml FF Extension: Link Password - C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\Extensions\LinkPassword@EvighetensFilosofi.xpi [2013-07-17] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09] FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-10] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07] FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\davide\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org Chrome: ======= CHR HomePage: https://uk.yahoo.com?fr=hp-avast&type=avastbcl CHR StartupUrls: "https://uk.yahoo.com?fr=hp-avast&type=avastbcl" CHR DefaultSearchKeyword: www.yahoo.com CHR DefaultSearchProvider: Yahoo! (Avast) CHR DefaultSearchURL: http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File CHR Plugin: (Java Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06] CHR Extension: (YouTube) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26] CHR Extension: (Google Search) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26] CHR Extension: (Skype Click to Call) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-22] CHR Extension: (Google Wallet) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16] CHR Extension: (Gmail) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-07] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ========================== Services (Whitelisted) ================= R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-07] (AVAST Software) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-26] (HiTRSUT) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-14] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-29] () [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 LogWatch; C:\Windows\LogWatNT.exe [50176 2000-06-08] () [File not signed] R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed] R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) [File not signed] S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] S3 OracleDBConsoleORCL11G; D:\app\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-07] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-07] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-06-07] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-07] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-06-07] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-06-07] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-06-07] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-06-07] () R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 iadusb; C:\Windows\System32\DRIVERS\glauiad.sys [30336 2006-07-27] (Conexant Systems Inc.) [File not signed] R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-08] () R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-25] (NewTech Infosystems, Inc.) [File not signed] R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-26] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-26] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-26] (HiTRUST) R1 RapportCerberus_42020; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-09] () R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-03] () R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-03] (Cyberlink Corp.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] S0 yflxew; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-18 07:47 - 2014-06-18 07:47 - 00000000 ____D () C:\Users\davide\AppData\Local\CrashDumps 2014-06-14 08:30 - 2014-06-15 10:26 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job 2014-06-12 06:49 - 2014-06-18 21:06 - 00000000 ____D () C:\FRST 2014-06-11 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-06-11 20:51 - 2014-06-11 20:55 - 00000000 ____D () C:\AdwCleaner 2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT 2014-06-11 20:13 - 2014-06-18 21:06 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406 2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-10 22:52 - 2014-06-11 21:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-10 22:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-10 22:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-10 22:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT 2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp 2014-06-08 22:40 - 2014-06-11 20:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software 2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-07 18:29 - 2014-06-07 18:30 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2014-06-18 21:06 - 2014-06-12 06:49 - 00000000 ____D () C:\FRST 2014-06-18 21:06 - 2014-06-11 20:13 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406 2014-06-18 21:01 - 2008-01-17 05:12 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Skype 2014-06-18 20:09 - 2014-05-09 21:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-18 19:33 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-18 19:31 - 2011-11-11 00:54 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-18 19:29 - 2013-06-15 13:07 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Spotify 2014-06-18 19:27 - 2009-05-03 09:41 - 00027934 _____ () C:\ProgramData\nvModes.001 2014-06-18 19:27 - 2008-11-23 11:44 - 00000000 ____D () C:\Program Files\Password Safe 2014-06-18 19:26 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-18 19:26 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-18 19:26 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-18 08:32 - 2006-11-02 14:01 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-18 07:47 - 2014-06-18 07:47 - 00000000 ____D () C:\Users\davide\AppData\Local\CrashDumps 2014-06-17 19:54 - 2009-05-03 09:40 - 00027934 _____ () C:\ProgramData\nvModes.dat 2014-06-15 10:26 - 2014-06-14 08:30 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job 2014-06-13 19:40 - 2008-03-21 13:26 - 00016249 _____ () C:\Windows\UEDIT32.INI 2014-06-11 21:03 - 2014-06-10 22:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-11 20:58 - 2013-01-21 07:47 - 00100022 _____ () C:\Windows\PFRO.log 2014-06-11 20:55 - 2014-06-11 20:51 - 00000000 ____D () C:\AdwCleaner 2014-06-11 20:40 - 2014-06-08 22:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-11 20:26 - 2008-02-17 14:34 - 00000000 ____D () C:\Windows\PCHEALTH 2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT 2014-06-11 12:41 - 2010-11-16 02:24 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT 2014-06-10 21:16 - 2008-03-18 10:06 - 00000000 ____D () C:\Users\davide\AppData\Roaming\uTorrent 2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp 2014-06-09 08:45 - 2013-07-07 20:25 - 250185706 _____ () C:\Windows\MEMORY.DMP 2014-06-09 08:45 - 2008-11-24 00:58 - 00000000 ____D () C:\Windows\Minidump 2014-06-09 07:40 - 2012-04-05 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-09 07:40 - 2011-05-13 20:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-08 18:35 - 2008-01-17 04:57 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Mozilla 2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-08 08:39 - 2008-01-17 05:11 - 00000000 ____D () C:\Program Files\Google 2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software 2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-07 18:37 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-07 18:30 - 2014-06-07 18:29 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-07 14:26 - 2013-09-27 20:20 - 00000000 ____D () C:\ProgramData\AVG2014 2014-06-04 06:47 - 2013-03-11 13:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-23 07:53 - 2009-05-22 07:26 - 00000000 ___RD () C:\Program Files\Skype 2014-05-23 07:53 - 2008-01-17 05:10 - 00000000 ____D () C:\ProgramData\Skype 2014-05-21 20:41 - 2010-11-11 15:22 - 00008224 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-05-19 21:45 - 2013-01-14 08:04 - 00038164 _____ () C:\Windows\WindowsUpdate.log Some content of TEMP: ==================== C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-18 19:33 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-06-2014 Ran by davide at 2014-06-18 21:07:56 Running from C:\Users\davide\Desktop\INFECTION_201406 Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 1.7.7 - ) µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.) ACE Stream Media 2.0.13.1 (HKCU\...\ACEStream) (Version: 2.0.13.1 - ACE Stream Media) Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation) Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.10 - SUYIN) Acer Crystal Eye Webcam Video Class Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin) Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - ) Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.) Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.) Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4010 - Acer Inc.) Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4021 - Acer Inc.) Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.) Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.) Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.20070515 - Acer Inc.) Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) AllFusion ERwin Data Modeler (HKLM\...\{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}) (Version: - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - Alps Electric) Anteprima (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.) Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: -2.2004883523.2004883164.4536708 - Audible, Inc.) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies) AVG 2014 (Version: 14.0.3972 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.) Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform) Chessmaster Grandmaster Edition (HKLM\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) Chessmaster Grandmaster Edition (Version: 1.00.0000 - Ubisoft) Hidden Deep Fritz 13 (HKLM\...\{0D381F4A-BB1D-4D86-A9CE-E0C61E5C3B0E}) (Version: 13.10.0.0 - ChessBase) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) Hattrick Organizer (remove only) (HKLM\...\Hattrick Organizer) (Version: - ) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) iTunes (HKLM\...\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}) (Version: 10.0.1.22 - Apple Inc.) Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java DB 10.4.2.1 (HKLM\...\{926C96FB-9D0A-4504-8000-C6D3A4A3118E}) (Version: 10.4.2.1 - Sun Microsystems, Inc) Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.) Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) Java SE Development Kit 6 Update 16 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.) Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Menu intelligenti (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office Live Meeting 2007 (HKLM\...\{7DB92914-0A00-48C6-8DBB-F8E9D02B78B1}) (Version: 8.0.6362.41 - Microsoft Corporation) Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 it) (HKLM\...\Mozilla Firefox 29.0.1 (x86 it)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MT882 (HKLM\...\MT882) (Version: - ) NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems) NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation) OpenOffice.org 3.1 (HKLM\...\{43A650AA-D1DC-4C52-8819-D7848B3A08DA}) (Version: 3.1.9399 - OpenOffice.org) Password Safe (HKLM\...\Password Safe) (Version: - ) PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation) Quest SQL Tuning (HKLM\...\Quest SQL Tuning) (Version: - ) QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.) Rapport (HKLM\...\Rapport_msi) (Version: 3.5.1205.11 - Trusteer) Rapport (Version: 3.5.1205.11 - Trusteer) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Recuva (remove only) (HKLM\...\Recuva) (Version: - Piriform) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) Self Test Practice Test Engine (HKLM\...\Self Test Practice Test Engine) (Version: - Self Test Software ) Self Test Software: Exam 1Z0-052 (HKLM\...\Self Test Software: Exam 1Z0-052 ) (Version: - Self Test Software) Self Test Software: Exam 1Z0-053 (HKLM\...\Self Test Software: Exam 1Z0-053 ) (Version: - Self Test Software) Self Test Software: Exam 1Z0-147 (HKLM\...\Self Test Software: Exam 1Z0-147 ) (Version: - Self Test Software) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Strumento di caricamento di Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) TreeSize Free V2.3.3 (HKLM\...\TreeSize Free_is1) (Version: - JAM Software) UltraEdit-32 (HKLM\...\{43B6667D-7520-4186-B05B-F5C0494C495D}) (Version: 10.00c - IDM Computer Solutions, Inc.) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Favorites per Windows Live Toolbar (HKLM\...\{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}) (Version: 03.01.0146 - Microsoft Corporation) Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - ) Yahoo! Toolbar con blocco Pop-Up (HKLM\...\Yahoo! Companion) (Version: - ) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {425AED47-3261-4060-B241-D569F66D467C} - \RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {4C79C113-6881-412B-A647-B497E0FEDA05} - \RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION Task: {516A84ED-A102-49BC-A9DB-B6DE5E2EB48E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-07] (AVAST Software) Task: {AF756B4A-7BA0-4D21-B1D8-7B364807F99C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-09] (Adobe Systems Incorporated) Task: {E15E8110-6E24-47BC-A3A0-BC44B544DB5A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-18 19:27 - 2014-06-18 19:27 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061800\algo.dll 2007-07-25 12:19 - 2007-01-26 22:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe 2000-06-08 13:15 - 2000-06-08 13:15 - 00050176 _____ () C:\Windows\LogWatNT.exe 2007-04-26 00:30 - 2007-04-26 00:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll 2007-04-26 00:31 - 2007-04-26 00:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll 2009-06-12 21:17 - 2009-06-10 21:08 - 00140800 _____ () C:\Program Files\WinRAR\rarext.dll 2003-05-07 11:00 - 2003-05-07 11:00 - 00018944 ____N () C:\Program Files\UltraEdit\ue32ctmn.dll 2007-07-25 11:59 - 2006-11-24 20:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe 2007-07-25 11:59 - 2006-10-24 18:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll 2007-07-25 11:57 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll 2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll 2007-12-08 10:39 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll 2007-07-25 11:43 - 2007-06-29 02:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2007-07-25 11:43 - 2007-06-29 02:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll 2007-07-25 11:43 - 2007-06-29 02:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll 2014-06-07 18:37 - 2014-06-07 18:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2014-05-09 21:56 - 2014-05-09 21:56 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup MSCONFIG\startupreg: Google Update => "C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter #2 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #4 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #5 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #6 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Multimedia Video Controller Description: Multimedia Video Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/18/2014 07:47:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 29.0.1.5239, time stamp 0x536995c2, faulting module mozalloc.dll, version 29.0.1.5239, time stamp 0x536968fa, exception code 0x80000003, fault offset 0x0000119c, process id 0xb0c, application start time 0xplugin-container.exe0. System errors: ============= Error: (06/18/2014 07:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Ricoh xD-Picture Card Driver%%1058 Error: (06/18/2014 07:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: rimmptsk%%1058 Error: (06/18/2014 07:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (06/18/2014 07:26:11 PM) (Source: HTTP) (EventID: 15016) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (06/18/2014 07:26:11 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Error: (06/18/2014 06:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Ricoh xD-Picture Card Driver%%1058 Error: (06/18/2014 06:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: rimmptsk%%1058 Error: (06/18/2014 06:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (06/18/2014 06:39:23 AM) (Source: HTTP) (EventID: 15016) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (06/18/2014 06:39:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Microsoft Office Sessions: ========================= Error: (06/18/2014 07:47:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe29.0.1.5239536995c2mozalloc.dll29.0.1.5239536968fa800000030000119cb0c01cf8aba901f4b57 CodeIntegrity Errors: =================================== Date: 2014-06-18 21:07:46.669 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:46.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:46.347 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:46.177 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:45.392 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:45.224 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:45.063 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:44.903 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:14.101 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-18 21:07:13.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 1790.19 MB Available physical RAM: 688.23 MB Total Pagefile: 3831.88 MB Available Pagefile: 2177.96 MB Total Virtual: 2047.88 MB Available Virtual: 1905.04 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:32.51 GB) (Free:2.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:32.26 GB) (Free:4.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 75 GB) (Disk ID: 6D41B077) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=33 GB) - (Type=06) Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks, Davide
  7. Hi Ron, I am still unable to uninstall AVG, getting the following error: You do not have sufficient access to uninstall AVG 2014. Please contact your system administrator. Can I do the job just running avg_remover_stf_x86_2014_4116.exe? Thanks, Davide
  8. Hi Rob, below the content of fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014 Ran by davide at 2014-06-13 19:37:32 Run:1 Running from C:\Users\davide\Desktop\INFECTION_201406 Boot Mode: Normal ============================================== Content of fixlist: ***************** AlternateDataStreams: C:\ProgramData\TEMP:30A9E86A AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll No File BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: No Name - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) C:\ProgramData\AgowEjxi.dat C:\ProgramData\ezsid.dat C:\Users\davide\AppData\Local\Temp\AskSLib.dll C:\Users\davide\AppData\Local\Temp\htmlayout.dll C:\Users\davide\AppData\Local\Temp\Quarantine.exe C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe C:\Users\davide\AppData\Local\Temp\SkypeSetup.exe CHR DefaultSearchURL: http://uk.yhs4.searc...p={searchTerms} CHR HomePage: http://search.yahoo....=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....=utf-8&fr=b1ie7 SearchScopes: HKLM - DefaultScope value is missing. ShortcutTarget: FREE OFFER from Audible.com.lnk -> C:\TEMP\HelpInstaller_StartUp.exe (No File) Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe Task: {1CC453E2-3960-47A1-8A19-3FAC7FB411D3} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\davide\AppData\Local\Temp\Otd.exe <==== ATTENTION Task: {304B6AD3-B780-417B-B97B-649A09B560C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.) Task: {36A646F4-8E18-4FFC-85CB-4AC37C8B988C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.) Task: {66522508-19F4-44E4-8058-EFE5DB84EE5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.) Task: {72DC3FF6-75E4-4697-A025-AB34D1FE83D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.) Task: {88F9713C-89A8-405F-A886-9E4A874A94E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.) Task: {AADB1C08-02BF-469C-8248-5BB0EC7FE416} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.) Task: {D324168B-A6D0-41E5-8079-FE76A025BE9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.) Task: {E84C75AC-BEFD-4B7E-ABA6-5CBFA60BDEDD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) ***************** C:\ProgramData\TEMP => ":30A9E86A" ADS removed successfully. C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully. C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}' => Key deleted successfully. 'HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}' => Key deleted successfully. 'HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully. 'HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully. 'HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}' => Key deleted successfully. 'HKCR\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}' => Key deleted successfully. 'HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}' => Key deleted successfully. 'HKCR\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}' => Key deleted successfully. "C:\ProgramData\AgowEjxi.dat" => File/Directory not found. C:\ProgramData\ezsid.dat => Moved successfully. C:\Users\davide\AppData\Local\Temp\AskSLib.dll => Moved successfully. C:\Users\davide\AppData\Local\Temp\htmlayout.dll => Moved successfully. C:\Users\davide\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully. C:\Users\davide\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. CHR DefaultSearchURL: http://uk.yhs4.searc...p={searchTerms} ==> The Chrome "Settings" can be used to fix the entry. CHR HomePage: https://uk.yahoo.com...t&type=avastbcl ==> The Chrome "Settings" can be used to fix the entry. C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll not found. C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found. CHR StartupUrls: "https://uk.yahoo.com...&type=avastbcl" ==> The Chrome "Settings" can be used to fix the entry. 'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}' => Key deleted successfully. 'HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}' => Key deleted successfully. 'HKCR\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}' => Key deleted successfully. 'HKCR\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}' => Key deleted successfully. 'HKCR\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}' => Key deleted successfully. 'HKCR\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}' => Key deleted successfully. 'HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}' => Key deleted successfully. 'HKLM\Software\MozillaPlugins\@java.com/JavaPlugin' => Key deleted successfully. C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => Moved successfully. 'HKCR\PROTOCOLS\Handler\livecall' => Key deleted successfully. 'HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}' => Key deleted successfully. 'HKCR\PROTOCOLS\Handler\msnim' => Key deleted successfully. 'HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM => Unable to delete Group Policy Restriction on software HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CTRegRun => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WarReg_PopUp => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => value deleted successfully. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}' => Key deleted successfully. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}' => Key deleted successfully. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28671b3e-cbe3-11dc-8dd3-001b3874270b}' => Key deleted successfully. 'HKCR\CLSID\{28671b3e-cbe3-11dc-8dd3-001b3874270b}'=> Key not found. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{593a52ba-c50b-11e1-a0e1-001b3874270b}' => Key deleted successfully. 'HKCR\CLSID\{593a52ba-c50b-11e1-a0e1-001b3874270b}'=> Key not found. HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder => value deleted successfully. HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AgowEjxi => value deleted successfully. HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0214c => value deleted successfully. HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1213b => value deleted successfully. HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully. HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => value deleted successfully. 'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\exefile' => Key deleted successfully. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8335F45-3203-48B1-A2F7-40DE58D666AA}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{D8335F45-3203-48B1-A2F7-40DE58D666AA}'=> Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. C:\TEMP\HelpInstaller_StartUp.exe not found. C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk => Moved successfully. C:\Windows\Tasks\Google Software Updater.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC453E2-3960-47A1-8A19-3FAC7FB411D3}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC453E2-3960-47A1-8A19-3FAC7FB411D3}' => Key deleted successfully. C:\Windows\System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{304B6AD3-B780-417B-B97B-649A09B560C9}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{304B6AD3-B780-417B-B97B-649A09B560C9}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A646F4-8E18-4FFC-85CB-4AC37C8B988C}'=> Key not found. C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66522508-19F4-44E4-8058-EFE5DB84EE5F}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66522508-19F4-44E4-8058-EFE5DB84EE5F}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72DC3FF6-75E4-4697-A025-AB34D1FE83D7}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DC3FF6-75E4-4697-A025-AB34D1FE83D7}' => Key deleted successfully. C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88F9713C-89A8-405F-A886-9E4A874A94E5}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88F9713C-89A8-405F-A886-9E4A874A94E5}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AADB1C08-02BF-469C-8248-5BB0EC7FE416}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AADB1C08-02BF-469C-8248-5BB0EC7FE416}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D324168B-A6D0-41E5-8079-FE76A025BE9C}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D324168B-A6D0-41E5-8079-FE76A025BE9C}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E84C75AC-BEFD-4B7E-ABA6-5CBFA60BDEDD}'=> Key not found. C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000' => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully. 'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}' => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. 'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}' => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully. 'HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value deleted successfully. 'HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}'=> Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully. 'HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}'=> Key not found. ==== End of Fixlog ==== Thanks, Davide
  9. Hi Ron, below the logs for all the scans you required: MBAM (first scan): Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/06/2014 Scan Time: 19.50.07 Logfile: mbam_scan_log_20140611.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.11.07 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 1 CPU: x86 File System: NTFS User: davide Scan Type: Threat Scan Result: Completed Objects Scanned: 260565 Time Elapsed: 19 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x86 Ran by davide on 11/06/2014 at 20.34.24,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\davide\AppData\Roaming\software" Successfully deleted: [Folder] "C:\Users\davide\Local Settings\Application Data\apn" ~~~ FireFox Successfully deleted the following from C:\Users\davide\AppData\Roaming\mozilla\firefox\profiles\au2a16jx.default\prefs.js user_pref("browser.search.defaulturl", "hxxp://uk.yhs4.search.yahoo.com/yhs/search"); user_pref("keyword.URL", "hxxp://uk.yhs4.search.yahoo.com/yhs/search"); Emptied folder: C:\Users\davide\AppData\Roaming\mozilla\firefox\profiles\au2a16jx.default\minidumps [178 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11/06/2014 at 20.46.12,33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v3.212 - Report created 11/06/2014 at 20:55:07 # Updated 05/06/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 1 (32 bits) # Username : davide - DAVIDE-PC # Running from : C:\Users\davide\Desktop\INFECTION_201406\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\SoftWarehouse ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56318BE3-354D-41B2-B403-FD233778BACF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} ***** [ Browsers ] ***** -\\ Internet Explorer v7.0.6001.18294 -\\ Mozilla Firefox v29.0.1 (it) [ File : C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\prefs.js ] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2728 octets] - [11/06/2014 20:51:30] AdwCleaner[s0].txt - [2689 octets] - [11/06/2014 20:55:07] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2749 octets] ########## MBAM (second scan): Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/06/2014 Scan Time: 21.05.12 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.11.07 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 1 CPU: x86 File System: NTFS User: davide Scan Type: Threat Scan Result: Completed Objects Scanned: 260771 Time Elapsed: 22 min, 37 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ESET: C:\Users\davide\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\Users\davide\Downloads\SoftonicDownloader37870.exe Win32/SoftonicDownloader.A potentially unwanted application D:\SOFTWARE\Setup-SopCast-3.5.0-2012-3-22.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application D:\SOFTWARE\veetle-0.9.19.exe Win32/OpenCandy potentially unsafe application FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 Ran by davide (administrator) on DAVIDE-PC on 12-06-2014 06:49:33 Running from C:\Users\davide\Desktop\INFECTION_201406 Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Acer\ALaunch\ALaunchSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Windows\LogWatNT.exe () C:\Acer\Mobility Center\MobilityService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Realtek Semiconductor Corp.) C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (IDM Computer Solutions, Inc.) C:\Program Files\UltraEdit\uedit32.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-26] (HiTRUST) HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink) HKLM\...\Run: [Acer Tour] => [X] HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [772616 2007-08-15] (Dritek System Inc.) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.) HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.) HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-03] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-03] (NVIDIA Corporation) HKLM\...\Run: [CTRegRun] => C:\Windows\CTRegRun.EXE [41984 1999-10-10] (Creative Technology Ltd ) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [274608 2010-12-10] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-07] (AVAST Software) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKU\.DEFAULT\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [Acer Tour Reminder] => [X] HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [Google Update] => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-11-28] (Google Inc.) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify] => C:\Users\davide\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-27] (Spotify Ltd) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify Web Helper] => C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\davide\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=1213b HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\davide\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=0214c HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [AgowEjxi] => regsvr32.exe "C:\ProgramData\AgowEjxi.dat" HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: H - H:\LaunchU3.exe -a HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: {28671b3e-cbe3-11dc-8dd3-001b3874270b} - H:\LaunchU3.exe -a HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: {593a52ba-c50b-11e1-a0e1-001b3874270b} - F:\ HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION! Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk ShortcutTarget: FREE OFFER from Audible.com.lnk -> C:\TEMP\HelpInstaller_StartUp.exe (No File) Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {D8335F45-3203-48B1-A2F7-40DE58D666AA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (HiTRUST) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll No File BHO: No Name - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll () Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default FF SearchEngineOrder.1: Yahoo! (Avast) FF Homepage: hxxp://www.chess.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13.1 - C:\Users\davide\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-it.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-it.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\hoepli.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-it.xml FF Extension: Link Password - C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\Extensions\LinkPassword@EvighetensFilosofi.xpi [2013-07-17] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09] FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-10] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07] FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\davide\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org Chrome: ======= CHR HomePage: https://uk.yahoo.com?fr=hp-avast&type=avastbcl CHR StartupUrls: "https://uk.yahoo.com?fr=hp-avast&type=avastbcl" CHR DefaultSearchKeyword: www.yahoo.com CHR DefaultSearchProvider: Yahoo! (Avast) CHR DefaultSearchURL: http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File CHR Plugin: (Java Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06] CHR Extension: (YouTube) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26] CHR Extension: (Google Search) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26] CHR Extension: (Skype Click to Call) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-22] CHR Extension: (Google Wallet) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16] CHR Extension: (Gmail) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-07] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ========================== Services (Whitelisted) ================= R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-07] (AVAST Software) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-26] (HiTRSUT) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-14] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-29] () [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 LogWatch; C:\Windows\LogWatNT.exe [50176 2000-06-08] () [File not signed] R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed] R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) [File not signed] S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] S3 OracleDBConsoleORCL11G; D:\app\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-07] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-07] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-06-07] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-07] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-06-07] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-06-07] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-06-07] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-06-07] () R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 iadusb; C:\Windows\System32\DRIVERS\glauiad.sys [30336 2006-07-27] (Conexant Systems Inc.) [File not signed] R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-08] () R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-25] (NewTech Infosystems, Inc.) [File not signed] R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-26] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-26] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-26] (HiTRUST) R1 RapportCerberus_42020; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-09] () R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-03] () R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-03] (Cyberlink Corp.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] S0 yflxew; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-12 06:49 - 2014-06-12 06:49 - 00000000 ____D () C:\FRST 2014-06-11 21:34 - 2014-06-11 21:34 - 00000000 ____D () C:\Program Files\ESET 2014-06-11 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-06-11 20:51 - 2014-06-11 20:55 - 00000000 ____D () C:\AdwCleaner 2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT 2014-06-11 20:13 - 2014-06-12 06:49 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406 2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-10 22:52 - 2014-06-11 21:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-10 22:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-10 22:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-10 22:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT 2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp 2014-06-08 22:40 - 2014-06-11 20:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software 2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-07 18:29 - 2014-06-07 18:30 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2014-06-12 06:51 - 2008-01-16 04:10 - 00000000 ____D () C:\Users\davide\AppData\Local\Temp 2014-06-12 06:49 - 2014-06-12 06:49 - 00000000 ____D () C:\FRST 2014-06-12 06:49 - 2014-06-11 20:13 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406 2014-06-12 06:47 - 2008-03-21 13:26 - 00016231 _____ () C:\Windows\UEDIT32.INI 2014-06-12 06:00 - 2008-01-17 05:12 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Skype 2014-06-12 04:59 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-12 04:59 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-11 21:34 - 2014-06-11 21:34 - 00000000 ____D () C:\Program Files\ESET 2014-06-11 21:30 - 2009-05-03 09:41 - 00027934 _____ () C:\ProgramData\nvModes.001 2014-06-11 21:30 - 2009-05-03 09:40 - 00027934 _____ () C:\ProgramData\nvModes.dat 2014-06-11 21:03 - 2014-06-10 22:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-11 21:03 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-11 21:00 - 2013-06-15 13:07 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Spotify 2014-06-11 20:59 - 2010-11-16 02:22 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-11 20:59 - 2008-11-23 11:44 - 00000000 ____D () C:\Program Files\Password Safe 2014-06-11 20:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-11 20:58 - 2013-01-21 07:47 - 00100022 _____ () C:\Windows\PFRO.log 2014-06-11 20:57 - 2006-11-02 14:01 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-11 20:55 - 2014-06-11 20:51 - 00000000 ____D () C:\AdwCleaner 2014-06-11 20:40 - 2014-06-08 22:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-11 20:33 - 2009-06-27 21:54 - 00001164 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job 2014-06-11 20:31 - 2010-11-16 02:22 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-11 20:26 - 2008-02-17 14:34 - 00000000 ____D () C:\Windows\PCHEALTH 2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT 2014-06-11 17:28 - 2011-11-11 00:54 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-11 14:06 - 2009-03-25 00:05 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job 2014-06-11 12:41 - 2010-11-16 02:24 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-11 07:33 - 2009-06-27 21:54 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job 2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT 2014-06-10 21:16 - 2008-03-18 10:06 - 00000000 ____D () C:\Users\davide\AppData\Roaming\uTorrent 2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp 2014-06-09 08:45 - 2013-07-07 20:25 - 250185706 _____ () C:\Windows\MEMORY.DMP 2014-06-09 08:45 - 2008-11-24 00:58 - 00000000 ____D () C:\Windows\Minidump 2014-06-09 07:40 - 2012-04-05 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-09 07:40 - 2011-05-13 20:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-08 18:35 - 2008-01-17 04:57 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Mozilla 2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-08 08:39 - 2008-01-17 05:11 - 00000000 ____D () C:\Program Files\Google 2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software 2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815 2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-07 18:37 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-07 18:30 - 2014-06-07 18:29 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-07 14:26 - 2013-09-27 20:20 - 00000000 ____D () C:\ProgramData\AVG2014 2014-06-04 06:47 - 2013-03-11 13:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-23 07:53 - 2009-05-22 07:26 - 00000000 ___RD () C:\Program Files\Skype 2014-05-23 07:53 - 2008-01-17 05:10 - 00000000 ____D () C:\ProgramData\Skype 2014-05-21 20:41 - 2010-11-11 15:22 - 00008224 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-05-19 21:45 - 2013-01-14 08:04 - 00038164 _____ () C:\Windows\WindowsUpdate.log 2014-05-19 21:19 - 2014-05-09 21:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox Files to move or delete: ==================== C:\ProgramData\ezsid.dat Some content of TEMP: ==================== C:\Users\davide\AppData\Local\Temp\AskSLib.dll C:\Users\davide\AppData\Local\Temp\htmlayout.dll C:\Users\davide\AppData\Local\Temp\Quarantine.exe C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe C:\Users\davide\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-11 21:05 ==================== End Of Log ============================ FRST (addition log): Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 Ran by davide at 2014-06-12 06:51:38 Running from C:\Users\davide\Desktop\INFECTION_201406 Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 1.7.7 - ) µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.) ACE Stream Media 2.0.13.1 (HKCU\...\ACEStream) (Version: 2.0.13.1 - ACE Stream Media) Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation) Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.10 - SUYIN) Acer Crystal Eye Webcam Video Class Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin) Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - ) Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.) Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.) Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4010 - Acer Inc.) Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4021 - Acer Inc.) Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.) Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.) Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.20070515 - Acer Inc.) Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) AllFusion ERwin Data Modeler (HKLM\...\{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}) (Version: - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - Alps Electric) Anteprima (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.) Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: -2.2004883523.2004883164.4536708 - Audible, Inc.) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies) AVG 2014 (Version: 14.0.3964 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.) Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform) Chessmaster Grandmaster Edition (HKLM\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft) Chessmaster Grandmaster Edition (Version: 1.00.0000 - Ubisoft) Hidden Deep Fritz 13 (HKLM\...\{0D381F4A-BB1D-4D86-A9CE-E0C61E5C3B0E}) (Version: 13.10.0.0 - ChessBase) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) Hattrick Organizer (remove only) (HKLM\...\Hattrick Organizer) (Version: - ) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) iTunes (HKLM\...\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}) (Version: 10.0.1.22 - Apple Inc.) Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java DB 10.4.2.1 (HKLM\...\{926C96FB-9D0A-4504-8000-C6D3A4A3118E}) (Version: 10.4.2.1 - Sun Microsystems, Inc) Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.) Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) Java SE Development Kit 6 Update 16 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.) Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Menu intelligenti (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office Live Meeting 2007 (HKLM\...\{7DB92914-0A00-48C6-8DBB-F8E9D02B78B1}) (Version: 8.0.6362.41 - Microsoft Corporation) Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Mozilla Firefox 29.0.1 (x86 it) (HKLM\...\Mozilla Firefox 29.0.1 (x86 it)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MT882 (HKLM\...\MT882) (Version: - ) NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems) NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation) OpenOffice.org 3.1 (HKLM\...\{43A650AA-D1DC-4C52-8819-D7848B3A08DA}) (Version: 3.1.9399 - OpenOffice.org) Password Safe (HKLM\...\Password Safe) (Version: - ) PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation) Quest SQL Tuning (HKLM\...\Quest SQL Tuning) (Version: - ) QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.) Rapport (HKLM\...\Rapport_msi) (Version: 3.5.1205.11 - Trusteer) Rapport (Version: 3.5.1205.11 - Trusteer) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Recuva (remove only) (HKLM\...\Recuva) (Version: - Piriform) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) Self Test Practice Test Engine (HKLM\...\Self Test Practice Test Engine) (Version: - Self Test Software ) Self Test Software: Exam 1Z0-052 (HKLM\...\Self Test Software: Exam 1Z0-052 ) (Version: - Self Test Software) Self Test Software: Exam 1Z0-053 (HKLM\...\Self Test Software: Exam 1Z0-053 ) (Version: - Self Test Software) Self Test Software: Exam 1Z0-147 (HKLM\...\Self Test Software: Exam 1Z0-147 ) (Version: - Self Test Software) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Strumento di caricamento di Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) TreeSize Free V2.3.3 (HKLM\...\TreeSize Free_is1) (Version: - JAM Software) UltraEdit-32 (HKLM\...\{43B6667D-7520-4186-B05B-F5C0494C495D}) (Version: 10.00c - IDM Computer Solutions, Inc.) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Favorites per Windows Live Toolbar (HKLM\...\{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}) (Version: 03.01.0146 - Microsoft Corporation) Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - ) Yahoo! Toolbar con blocco Pop-Up (HKLM\...\Yahoo! Companion) (Version: - ) ==================== Restore Points ========================= 11-06-2014 22:29:07 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC453E2-3960-47A1-8A19-3FAC7FB411D3} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\davide\AppData\Local\Temp\Otd.exe <==== ATTENTION Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {304B6AD3-B780-417B-B97B-649A09B560C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.) Task: {36A646F4-8E18-4FFC-85CB-4AC37C8B988C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {516A84ED-A102-49BC-A9DB-B6DE5E2EB48E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-07] (AVAST Software) Task: {66522508-19F4-44E4-8058-EFE5DB84EE5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.) Task: {72DC3FF6-75E4-4697-A025-AB34D1FE83D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.) Task: {88F9713C-89A8-405F-A886-9E4A874A94E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.) Task: {AADB1C08-02BF-469C-8248-5BB0EC7FE416} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.) Task: {AF756B4A-7BA0-4D21-B1D8-7B364807F99C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-09] (Adobe Systems Incorporated) Task: {D324168B-A6D0-41E5-8079-FE76A025BE9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.) Task: {E15E8110-6E24-47BC-A3A0-BC44B544DB5A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {E84C75AC-BEFD-4B7E-ABA6-5CBFA60BDEDD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-11 10:47 - 2014-06-11 10:47 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061100\algo.dll 2014-06-12 00:59 - 2014-06-12 00:59 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061101\algo.dll 2007-07-25 12:19 - 2007-01-26 22:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe 2000-06-08 13:15 - 2000-06-08 13:15 - 00050176 _____ () C:\Windows\LogWatNT.exe 2007-07-25 11:59 - 2006-11-24 20:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe 2007-07-25 11:59 - 2006-10-24 18:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll 2007-07-25 11:57 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll 2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll 2007-07-25 11:43 - 2007-06-29 02:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2007-07-25 11:43 - 2007-06-29 02:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll 2007-07-25 11:43 - 2007-06-29 02:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll 2007-04-26 00:30 - 2007-04-26 00:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll 2007-04-26 00:31 - 2007-04-26 00:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll 2009-06-12 21:17 - 2009-06-10 21:08 - 00140800 _____ () C:\Program Files\WinRAR\rarext.dll 2003-05-07 11:00 - 2003-05-07 11:00 - 00018944 ____N () C:\Program Files\UltraEdit\ue32ctmn.dll 2007-12-08 10:39 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll 2010-08-10 00:01 - 2010-08-10 00:01 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-06-07 18:37 - 2014-06-07 18:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2014-05-09 21:56 - 2014-05-09 21:56 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:30A9E86A AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\exefile: <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup MSCONFIG\startupreg: Google Update => "C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun ==================== Faulty Device Manager Devices ============= Name: Microsoft ISATAP Adapter #2 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #4 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #5 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft ISATAP Adapter #6 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Multimedia Video Controller Description: Multimedia Video Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (06/11/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Ricoh xD-Picture Card Driver%%1058 Error: (06/11/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: rimmptsk%%1058 Error: (06/11/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (06/11/2014 08:59:01 PM) (Source: HTTP) (EventID: 15016) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (06/11/2014 08:59:01 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-06-12 06:51:27.952 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:51:27.795 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:51:27.632 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:51:27.475 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:51:27.052 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:51:26.895 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:51:26.736 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:51:26.537 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:50:54.563 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-12 06:50:54.396 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 71% Total physical RAM: 1790.19 MB Available physical RAM: 510.02 MB Total Pagefile: 3831.8 MB Available Pagefile: 1944.09 MB Total Virtual: 2047.88 MB Available Virtual: 1891.53 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:32.51 GB) (Free:3.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:32.26 GB) (Free:2.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 75 GB) (Disk ID: 6D41B077) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=33 GB) - (Type=06) Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Hope I did everything right . Thanks, Davide
  10. Hi Ron, below I have copied and pasted the log files you required: Rkill: Rkill 2.6.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/10/2014 10:45:44 PM in x86 mode. Windows Version: Windows Vista Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\LogWatNT.exe (PID: 3656) [WD-HEUR] * C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe (PID: 5204) [uP-HEUR] * C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe (PID: 5204) [T-HEUR] 3 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Defender Disabled [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Windows Firewall (MpsSvc) is not Running. Startup Type set to: Disabled * Windows Defender (WinDefend) is not Running. Startup Type set to: Disabled * Security Center (wscsvc) is not Running. Startup Type set to: Disabled * Windows Update (wuauserv) is not Running. Startup Type set to: Disabled * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 06/10/2014 10:47:49 PM Execution time: 0 hours(s), 2 minute(s), and 4 seconds(s) MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/06/2014 Scan Time: 22.57.15 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.10.08 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 1 CPU: x86 File System: NTFS User: davide Scan Type: Threat Scan Result: Completed Objects Scanned: 260150 Time Elapsed: 20 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-2555903305-2322544514-184203740-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [c1f176fdc8b384b20b36c2e9d62c20e0], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy, , [d1e175fe87f40d29a13994f1ee140cf4], PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy\BE41AE05FBC44BD2B9D0264D7A453B50, , [d1e175fe87f40d29a13994f1ee140cf4], PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy\OpenCandy_BE41AE05FBC44BD2B9D0264D7A453B50, , [d1e175fe87f40d29a13994f1ee140cf4], Files: 6 PUP.Optional.InstalleRex, C:\Users\davide\AppData\Local\Temp\rrXD6kNe.exe.part, , [39794e25fd7e95a1df070515ee139e62], PUP.Optional.OneClickDownloader.A, C:\Users\davide\AppData\Local\Temp\Hx8xX2RN.exe.part, , [dad823502a51d165b708b460da273ec2], PUP.Optional.OneClickDownloader.A, C:\Users\davide\AppData\Local\Temp\KxG4aPn_.exe.part, , [b200670c67140135e7d85abad82923dd], PUP.Optional.Installex, C:\Users\davide\AppData\Local\Temp\bYc8HG_q.exe.part, , [8f2394df1a61280eee679375768bdf21], PUP.Optional.Softonic.A, C:\Users\davide\Downloads\SoftonicDownloader_per_veetle.exe, , [a30f78fbd2a99f97913af52dd82948b8], PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy\BE41AE05FBC44BD2B9D0264D7A453B50\DivXInstaller.exe, , [d1e175fe87f40d29a13994f1ee140cf4], Physical Sectors: 0 (No malicious items detected) (end) RogueKiller: RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version Started in : Normal mode User : davide [Admin rights] Mode : Scan -- Date : 06/10/2014 23:43:19 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 13 ¤¤¤ [suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CTRegRun : C:\Windows\CTRegRun.EXE -> FOUND [suspicious.Path] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1213b : C:\Users\davide\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=1213b -> FOUND [suspicious.Path] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0214c : C:\Users\davide\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=0214c -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LogWatch -> FOUND [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LogWatch -> FOUND [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.StartMenu] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> FOUND [PUM.StartMenu] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND [PUM.StartMenu] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> FOUND [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \\{A5A0891D-0AEB-443C-97A5-6ABDE6DA1C95} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\davide\Desktop\Counter Strike Condition Zero\cs2\autorun.exe" -d "C:\Users\davide\Desktop\Counter Strike Condition Zero\cs2") -> FOUND ¤¤¤ Files : 1 ¤¤¤ [suspicious.Path][File] FREE OFFER from Audible.com.lnk -- C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk [LNK@] C:\TEMP\HelpInstaller_StartUp.exe -URL -> FOUND ¤¤¤ HOSTS File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 4 ¤¤¤ [sSDT:Addr] NtCreateThreadEx[382] : C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys @ 0x8d7e7640 [EAT:Addr] (explorer.exe) MLANG.dll - DllCanUnloadNow : C:\Windows\System32\SndVolSSO.dll @ 0x73e8155f [EAT:Addr] (explorer.exe) MLANG.dll - DllGetClassObject : C:\Windows\System32\SndVolSSO.dll @ 0x73e84852 [EAT:Addr] (explorer.exe) MLANG.dll - DllMain : C:\Windows\System32\SndVolSSO.dll @ 0x73e812fb ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541680J9SA00 ATA Device +++++ --- User --- [MBR] 1eb16b49d0102c261969e5c96e8b27db [bSP] 6d50d808b3d0f183719f6ce73c16390a : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 MB 1 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 20467712 | Size: 33294 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 88653824 | Size: 33030 MB User = LL1 ... OK User = LL2 ... OK Please let me know if that's what you were expecting from me. Thanks again for your help. Davide
  11. Hi Ron, thanks for your reply!! I won't be able to go through the steps above today as I haven't my laptop with me, but I will certanly do it tomorrow. Thanks for your help, Davide
  12. Hi guys, is anyone able to advice please? Even a quick advice on which direction I should investigate would be much appreciated. Thanks for your help Davide
  13. Hi there, I am afraid my laptop got an infection: AVG 2014 icon disappeared from the taskbar and if I try to run it I get a pop-up with the following error: This program is blocked by group policy. For more information, contact the system administrator The same thing is happening for mbam. Before the problem happend I remember AVG prompted that it had found a threat and asked to remove it and restart the system. I followed the instruction without paying too much attention, so I cannot say what it was exactly. I run on Windows Vista Home Premium (32-bit). I did some research and I saw other people got the same infection, but I did not understand exactly what I am supposed to do because of my limited knowledge on the topic (virus, malware etc ..). Could someone please help me with this? Many thanks, Davide
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.