Auronzolo

You can close the topic, tomorrow I will follow what you told me. I have to thank you for your help, you did it like if it was a job. Have a nice evening!

I did another full system scan but no malwares were detected, very helpful! Thank you very much for all your help. A question: do you think someway that Trojan has damaged some application or service? For istance, svchost.exe, jusched.exe and so on. I mean, now all the malwares have been removed, should i do some other stuff? And another thing: My antivirus is Microsoft Security Essential, do you know a good one free, in terms of speed and efficiency. Send me a PM if it's a problem here in the forum.

Good evening and thank you for the reply. OTM LOG All processes killed========== FILES ==========C:\Program Files\Common Files\SpeedBit\SBUpdate folder moved successfully.C:\Program Files\Common Files\SpeedBit folder moved successfully.C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\jusched[1].exe moved successfully.C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe moved successfully.C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ELDYM8B\SearchIndexer[1].exe moved successfully.C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\ssl[1].exe moved successfully.C:\Users\Auron\Downloads\ccsetup404.exe moved successfully.E:\Download\CrystalDiskInfo5_6_2-en.exe moved successfully.E:\Download\disk-defrag-setup.exe moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Auron->Temp folder emptied: 2727 bytes->Temporary Internet Files folder emptied: 81060539 bytes->Java cache emptied: 121842 bytes->FireFox cache emptied: 900661 bytes->Google Chrome cache emptied: 392362107 bytes->Flash cache emptied: 592 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 5324 bytesSession Manager Temp folder emptied: 5670 bytesSession Manager Tmp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytesRecycleBin emptied: 10315 bytes Total Files Cleaned = 453,00 mb OTM by OldTimer - Version 3.1.21.0 log created on 06092014_194427 Files moved on Reboot...C:\Users\Auron\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... MALWAREBYTES LOG Malwarebytes Anti-Malwarewww.malwarebytes.org Data scansione: 09/06/2014Ora scansione: 19:47:44File di log: Amministratore: Si Versione: 2.00.2.1012Database malware: v2014.06.09.05Database rootkit: v2014.06.02.01Licenza: FreeProtezione da malware: DisattivataProtezione da siti web nocivi: DisattivataSelf-protection: Disattivata SO: Windows 7 Service Pack 1CPU: x64File system: NTFSUtente: Auron Tipo di scansione: Scansione personalizzataRisultati: CompletataElementi analizzati: 421489Tempo impiegato: 41 min, 41 sec Memoria: AttivataEsecuzioni automatiche: AttivataFile system: AttivataArchivi compressi: AttivataRootkit: AttivataHeuristics: AttivataPUP: AttivataPUM: Attivata Processi: 0(No malicious items detected) Moduli: 0(No malicious items detected) Chiavi di registro: 0(No malicious items detected) Valori di registro: 0(No malicious items detected) Dati di registro: 0(No malicious items detected) Cartelle: 0(No malicious items detected) File: 3Trojan.Miner, C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll.vir, Spostato in quarantena, [efc30e65057647efa884ef38d52de21e], Trojan.BitCoinMiner, C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe.vir, Spostato in quarantena, [446e4d26fb8074c22cd24ebce61b43bd], Trojan.BitCoinMiner, C:\_OTM\MovedFiles\06092014_194427\C_Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe, Spostato in quarantena, [bef4581bc0bb92a430cebf4b25dc4bb5], Settori fisici: 0(No malicious items detected) (end) It seems it discovered the Quarantine infected files of the previous utility, am i right? So the problem should be solved. What should I do now? I bet another scan with malwarebytes. Anyway at the moment the svchost.exe hasn't come up again. I'm waiting for instructions of how to proceed now

ESET LOG C:\FRST\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe.xBAD a variant of Win32/BitCoinMiner.BS potentially unsafe applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll probably a variant of Win32/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbci64.dll a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll probably a variant of Win32/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi64.dll a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbi32.exe a variant of Win32/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbi64.exe a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe.vir a variant of Win32/BitCoinMiner.BS potentially unsafe applicationC:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exe.vir multiple threatsC:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe.vir Win32/Autoit.NPY trojanC:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe.vir a variant of Win32/BitCoinMiner.AF potentially unsafe applicationC:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe.vir Win32/TrojanDownloader.Autoit.NLZ trojanC:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\jusched[1].exe a variant of Win32/BitCoinMiner.BS potentially unsafe applicationC:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe a variant of Win32/BitCoinMiner.AF potentially unsafe applicationC:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ELDYM8B\SearchIndexer[1].exe multiple threatsC:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\ssl[1].exe Win32/Autoit.NPY trojanC:\Users\Auron\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\Download\CrystalDiskInfo5_6_2-en.exe Win32/OpenCandy potentially unsafe applicationE:\Download\disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application SECURITY CHECK Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 7 Update 55 Mozilla Firefox 23.0.1 Firefox out of Date! Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` I did this scan with Windows Microsoft Essential disabled. Anyway, after the ESET scan, i founded 21 files infected. This malware doesn't want to leave me alone

Here's the Log of ComboFix ComboFix 14-06-04.01 - Auron 09/06/2014 0:02.1.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.8131.6093 [GMT 2:00]Eseguito da: c:\users\Auron\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((( Other deleting )))))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\program files (x86)\Common Files\GW2SurferIcon.icoc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exec:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libeay32.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libidn-11.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\librtmp.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libssh2.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libusb-1.0.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libwinpthread-1.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\pthreadGC2.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exec:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exec:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssleay32.dllc:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exec:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exec:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\zlib1.dllc:\windows\wininit.ini..((((((((((((((((((((((((( Created files from 2014-05-08 to 2014-06-08 )))))))))))))))))))))))))))))))))))..2014-06-08 22:04 . 2014-06-08 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-08 10:11 . 2014-06-08 10:11 -------- d-----w- c:\program files (x86)\ERUNT2014-06-08 10:02 . 2014-06-08 21:20 -------- d-----w- c:\users\Auron\AppData\Local\CrashDumps2014-06-08 10:02 . 2014-06-08 10:02 -------- d-----w- c:\programdata\RogueKiller2014-06-08 10:01 . 2014-06-08 10:01 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys2014-06-08 09:56 . 2014-06-08 10:00 -------- d-----w- c:\programdata\HitmanPro2014-06-08 09:44 . 2014-06-08 09:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-06-07 12:46 . 2014-06-07 16:59 -------- d-----w- c:\users\Auron\AppData\Local\Spotify2014-06-07 12:46 . 2014-06-08 22:00 -------- d-----w- c:\users\Auron\AppData\Roaming\Spotify2014-06-06 17:20 . 2014-05-02 10:48 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{784D5A4B-891A-42C7-8C1C-DC2193160573}\gapaengine.dll2014-06-06 17:20 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-06-04 22:26 . 2014-06-04 22:26 -------- d-----w- c:\programdata\regid.1986-12.com.adobe2014-06-04 21:26 . 2014-06-08 16:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe2014-06-04 21:25 . 2014-06-04 22:30 -------- d-----w- c:\users\Auron\AppData\Local\Adobe2014-05-30 17:33 . 2014-05-30 17:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-30 17:33 . 2014-05-30 17:34 -------- d-----w- c:\program files\iTunes2014-05-30 17:33 . 2014-05-30 17:33 -------- d-----w- c:\program files\iPod2014-05-25 20:30 . 2014-06-02 12:45 -------- d-----w- c:\users\Auron\AppData\Roaming\.minecraft2014-05-24 16:41 . 2014-05-24 16:41 -------- d-----w- c:\users\Auron\AppData\Local\Electronic Arts2014-05-24 16:26 . 2014-05-24 16:27 -------- d-----w- c:\users\Auron\AppData\Local\WiFi Guard2014-05-24 15:36 . 2010-03-25 09:05 46776 ----a-w- c:\windows\system32\drivers\NANMp50.sys2014-05-24 15:36 . 2010-03-25 09:05 45752 ----a-w- c:\windows\system32\drivers\NANSp50.sys2014-05-23 20:43 . 2014-05-23 20:43 -------- d-----w- c:\program files (x86)\Common Files\Skype2014-05-14 21:54 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 21:54 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 21:54 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-14 21:54 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-08 21:18 . 2014-04-12 14:41 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-06-08 09:44 . 2014-04-12 14:41 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-14 21:53 . 2013-08-24 01:30 93223848 ----a-w- c:\windows\system32\MRT.exe2014-05-12 05:26 . 2014-04-12 14:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 05:25 . 2013-08-24 00:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-02 10:48 . 2013-09-05 21:24 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll2014-04-18 02:43 . 2013-03-29 02:37 143304 ----a-w- c:\windows\system32\atiuxp64.dll2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll2014-04-18 02:42 . 2013-03-29 02:37 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll2014-04-18 02:42 . 2013-03-29 02:37 1343272 ----a-w- c:\windows\system32\aticfx64.dll2014-04-18 02:42 . 2013-03-29 02:37 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll2014-04-18 02:42 . 2013-03-29 02:36 10335208 ----a-w- c:\windows\system32\atidxx64.dll2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll2014-04-18 02:42 . 2013-03-29 02:36 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll2014-04-18 02:42 . 2013-03-29 02:36 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll2014-04-17 20:33 . 2014-04-17 20:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll2014-04-17 20:28 . 2014-04-17 20:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll2014-04-14 18:13 . 2013-08-24 01:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-03-11 07:52 . 2013-06-18 19:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-08-27 11:32 . 2013-08-28 23:32 44 ---h--w- c:\program files (x86)\ca324b40.tmp..((((((((((((((((((((((((((((((((((((( Reg Points loaded ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* Empty valors & legit/default aren't displayed. REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Spotify Web Helper"="c:\users\Auron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-06-07 1176632].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirNCFG.exe" [2011-06-10 1074496]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]"Archos Sepang ModemListener"="e:\programmi\HSPA USB MODEM\BackgroundService\ModemListener.exe" [2011-06-20 102400]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"iTunesHelper"="e:\programmi\iTunes\iTunesHelper.exe" [2014-05-26 152392].c:\users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 Archos Sepang Modem Device Helper;Archos Sepang Modem Device Helper;e:\programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe;e:\programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x]R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]R3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]S0 iusb3hcs;Driver dello switch Controller Host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 iusb3hub;Driver hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Driver Controller Host estendibile Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-21 17:31 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Directory's content 'Scheduled Tasks'.2014-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24 00:39].2014-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24 00:39]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072].------- Scan supplementare -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htmIE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htmIE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htmTCP: DhcpNameServer = 192.168.1.254 62.101.93.101 83.103.25.250Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - FF - ProfilePath - c:\users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\.- - - - CHIAVI ORFANE RIMOSSE - - - -.BHO-{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files (x86)\DAP\LinkVerifier.dllWow6432Node-HKCU-Run-DownloadAccelerator - c:\program files (x86)\DAP\DAP.EXENotify-SDWinLogon - SDWinLogon.dllHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exeAddRemove-Download Accelerator Plus (DAP) - c:\progra~2\DAP\DAPREMOVE.EXEAddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exeAddRemove-PunkBusterSvc - e:\program files (x86)\Origin Games\Battlefield 4 Beta\pbsvc.exe...--------------------- REGISTRY KEYS BLOCKED ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).End of scan: 2014-06-09 00:05:46ComboFix-quarantined-files.txt 2014-06-08 22:05.Pre-Run: 60.323.680.256 byte disponibiliPost-Run: 60.130.721.792 byte disponibili.- - End Of File - - E836606D30C4353586CE697E59678FE4 After the scan, i didn't remove the items, it's the first time i use this utility and i think it did the work, am i right?

ROGUEKILLER LOG RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Auron [Admin rights]Mode : Scan -- Date : 06/08/2014 23:49:14 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Trovato[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Trovato[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato ¤¤¤ Le attività pianificate : 1 ¤¤¤[suspicious.Path] \\Microsoft System Certificates -- C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe -> Trovato ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ I browser Web : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: Samsung SSD 840 Series +++++--- User ---[MBR] ba5346095d4947ec6e50af3d62cb5ff9[bSP] 77250c8ba95989d5289a7c1f4e999dbc : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: ST500DM002-1BD142 +++++--- User ---[MBR] 33c45ea6aabf571cd1aee27ceb6dc8b1[bSP] efb681f376bb0a9a020f2a26d6ac2c3e : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_06082014_120512.log

I did another scan with MalwareBytes after the system restart but it still found the same 4 malware in these directories C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\libcurl-4[1].dll C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe

FRST Log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014Ran by Auron at 2014-06-08 22:05:01 Run:1Running from C:\Users\Auron\Desktop\FRSTBoot Mode: Normal============================================== Content of fixlist:*****************StartC:\Program Files (x86)\DAPC:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exeHKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {88e8dbeb-5530-11e3-9ddb-10bf48e362f3} - F:\autorun.exeHKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {ce58ecca-0c53-11e3-9238-806e6f6e6963} - "D:\StarCraft II Setup.exe"HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.c...q={searchTerms}SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}C:\Users\Auron\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exeC:\Users\Auron\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Auron\AppData\Local\Temp\Quarantine.exeC:\Users\Auron\AppData\Local\Temp\raptrpatch.exeC:\Users\Auron\AppData\Local\Temp\raptr_stub.exeC:\Users\Auron\AppData\Local\Temp\SCC.dllC:\Users\Auron\AppData\Local\Temp\SkypeSetup.exeC:\Users\Auron\AppData\Local\Temp\sonarinst.exeC:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary3548307430425438192.dllC:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary7241043097803026716.dllC:\Users\Auron\AppData\Local\Temp\VCdControlTool.exeC:\Users\Auron\AppData\Local\Temp\{2AB94ACA-DBF7-4DA1-A310-C1EC9AFC68CA}-GoogleUpdateSetup.exeAlternateDataStreams: C:\ProgramData\TEMP:56E2E879AlternateDataStreams: C:\ProgramData\TEMP:76650B61End***************** C:\Program Files (x86)\DAP => Moved successfully.C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe => Moved successfully.'HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88e8dbeb-5530-11e3-9ddb-10bf48e362f3}' => Key deleted successfully.'HKCR\CLSID\{88e8dbeb-5530-11e3-9ddb-10bf48e362f3}'=> Key not found.'HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce58ecca-0c53-11e3-9238-806e6f6e6963}' => Key deleted successfully.'HKCR\CLSID\{ce58ecca-0c53-11e3-9238-806e6f6e6963}'=> Key not found.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}' => Key deleted successfully.'HKCR\Wow6432Node\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}'=> Key not found.'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}' => Key deleted successfully.'HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}'=> Key not found.C:\Users\Auron\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\raptrpatch.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\raptr_stub.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\SCC.dll => Moved successfully.C:\Users\Auron\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\sonarinst.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary3548307430425438192.dll => Moved successfully.C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary7241043097803026716.dll => Moved successfully.C:\Users\Auron\AppData\Local\Temp\VCdControlTool.exe => Moved successfully.C:\Users\Auron\AppData\Local\Temp\{2AB94ACA-DBF7-4DA1-A310-C1EC9AFC68CA}-GoogleUpdateSetup.exe => Moved successfully.C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.C:\ProgramData\TEMP => ":76650B61" ADS removed successfully. ==== End of Fixlog ==== MALWAREBYTES LOG Malwarebytes Anti-Malwarewww.malwarebytes.org Data scansione: 08/06/2014Ora scansione: 22:08:01File di log: Amministratore: Si Versione: 2.00.2.1012Database malware: v2014.06.08.07Database rootkit: v2014.06.02.01Licenza: FreeProtezione da malware: DisattivataProtezione da siti web nocivi: DisattivataSelf-protection: Disattivata SO: Windows 7 Service Pack 1CPU: x64File system: NTFSUtente: Auron Tipo di scansione: Scansione elementi nociviRisultati: CompletataElementi analizzati: 273510Tempo impiegato: 3 min, 48 sec Memoria: AttivataEsecuzioni automatiche: AttivataFile system: AttivataArchivi compressi: AttivataRootkit: AttivataHeuristics: AttivataPUP: AvvisoPUM: Attivata Processi: 0(No malicious items detected) Moduli: 1Trojan.Miner, C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll, Elimina al riavvio, [07ab79fae7944ee8731ce343b94957a9], Chiavi di registro: 0(No malicious items detected) Valori di registro: 0(No malicious items detected) Dati di registro: 0(No malicious items detected) Cartelle: 0(No malicious items detected) File: 1Trojan.Miner, C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll, Elimina al riavvio, [07ab79fae7944ee8731ce343b94957a9], Settori fisici: 0(No malicious items detected) (end) ADW CLEANER LOG # AdwCleaner v3.212 - Rapporto creato 08/06/2014 in 23:04:19# Aggiornato 05/06/2014 di Xplode# Sistema operativo : Windows 7 Ultimate Service Pack 1 (64 bits)# Nome utente : Auron - FADETOSHADOW# In esecuzione da : C:\Users\Auron\Downloads\AdwCleaner.exe# Opzione : Pulisci ***** [ Servizi ] ***** ***** [ File / Cartelle ] ***** File Eliminato : C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\searchplugins\speedbit.xml ***** [ Collegamenti ] ***** ***** [ Registro ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Mozilla Firefox v23.0.1 (it) [ File : C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\prefs.js ] -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2339 octets] - [08/06/2014 12:39:21]AdwCleaner[R1].txt - [1277 octets] - [08/06/2014 23:03:24]AdwCleaner[s0].txt - [2351 octets] - [08/06/2014 12:42:14]AdwCleaner[s1].txt - [1162 octets] - [08/06/2014 23:04:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1222 octets] ########## JRT LOG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Ultimate x64Ran by Auron on 08/06/2014 at 23:06:50,41~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 08/06/2014 at 23:10:09,74End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After these steps, i still get the svchost.exe error (it stops working) a few seconds after the loading of the desktop

Here instead, im going to post the TDSSKILLER .txt content Edit: The forum system tell me the lenght of the message is excessive, im going to attach the file, is it a problem? There are too many rows, sorry. TDSSKiller.txt

Hi! Thank you for the reply. This is the FRST.txt content from Farbar Recovery Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014Ran by Auron (administrator) on FADETOSHADOW on 08-06-2014 18:08:20Running from C:\Users\Auron\DownloadsPlatform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Italian StandardInternet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() E:\Programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe() C:\Windows\SysWOW64\PnkBstrA.exe(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe(Spotify Ltd) C:\Users\Auron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe() E:\Programmi\HSPA USB MODEM\BackgroundService\ModemListener.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) E:\Programmi\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe() C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [Archos Sepang ModemListener] => E:\Programmi\HSPA USB MODEM\BackgroundService\ModemListener.exe [102400 2011-06-20] ()HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] => E:\Programmi\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [3865232 2013-08-24] (Speedbit Ltd.)HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\Run: [spotify Web Helper] => C:\Users\Auron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-07] (Spotify Ltd)HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {88e8dbeb-5530-11e3-9ddb-10bf48e362f3} - F:\autorun.exeHKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {ce58ecca-0c53-11e3-9238-806e6f6e6963} - "D:\StarCraft II Setup.exe"Startup: C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnkShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com/?s=D8Oaya1SearchScopes: HKLM-x32 - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=D8Oaya1&q={searchTerms}SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=D8Oaya1&q={searchTerms}BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250 FireFox:========FF ProfilePath: C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.defaultFF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Programmi\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No FileFF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Programmi\VLC\npvlc.dll (VideoLAN)FF SearchPlugin: C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\searchplugins\speedbit.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xmlFF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkcheckerFF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2013-08-24]FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFoxFF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2013-08-24] Chrome: =======CHR HomePage: CHR StartupUrls: "hxxp://www.google.it/", "hxxp://www.facebook.it/", "hxxp://www.youtube.it/"CHR Extension: (Documenti Google) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-08]CHR Extension: (Google Drive) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]CHR Extension: (YouTube) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]CHR Extension: (Ricerca Google) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-08]CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2013-08-24]CHR Extension: (Google Wallet) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2013-08-24] ==================== Services (Whitelisted) ================= R2 Archos Sepang Modem Device Helper; E:\Programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe [49752 2011-06-20] ()R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-04] ()S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1097848 2013-02-27] (Speedbit Ltd.)S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-08] ()S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)S3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [46776 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))S3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [45752 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [40856 2013-02-27] ()S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-08 18:08 - 2014-06-08 18:08 - 00012365 _____ () C:\Users\Auron\Downloads\FRST.txt2014-06-08 18:06 - 2014-06-08 18:08 - 00000000 ____D () C:\FRST2014-06-08 18:06 - 2014-06-08 18:06 - 02072576 _____ (Farbar) C:\Users\Auron\Downloads\FRST64.exe2014-06-08 13:18 - 2014-06-08 13:18 - 00002956 _____ () C:\Users\Auron\Desktop\BitCoiner.txt2014-06-08 12:44 - 2014-06-08 12:44 - 02347384 _____ (ESET) C:\Users\Auron\Downloads\esetsmartinstaller_enu.exe2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET2014-06-08 12:39 - 2014-06-08 12:42 - 00000000 ____D () C:\AdwCleaner2014-06-08 12:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-08 12:38 - 2014-06-08 12:38 - 01333465 _____ () C:\Users\Auron\Downloads\AdwCleaner.exe2014-06-08 12:24 - 2014-06-08 12:24 - 00000691 _____ () C:\Users\Auron\Desktop\JRT.txt2014-06-08 12:20 - 2014-06-08 12:20 - 01016261 _____ (Thisisu) C:\Users\Auron\Downloads\JRT.exe2014-06-08 12:20 - 2014-06-08 12:20 - 00000000 ____D () C:\Windows\ERUNT2014-06-08 12:14 - 2014-06-08 12:14 - 05245952 _____ () C:\Users\Auron\Downloads\RogueKillerX64.exe2014-06-08 12:11 - 2014-06-08 12:11 - 00791393 _____ (Lars Hederer ) C:\Users\Auron\Downloads\erunt-setup.exe2014-06-08 12:11 - 2014-06-08 12:11 - 00000928 _____ () C:\Users\Auron\Desktop\NTREGOPT.lnk2014-06-08 12:11 - 2014-06-08 12:11 - 00000909 _____ () C:\Users\Auron\Desktop\ERUNT.lnk2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Windows\ERDNT2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-06-08 12:10 - 2014-06-08 12:10 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Auron\Downloads\rkill.exe2014-06-08 12:10 - 2014-06-08 12:10 - 00002212 _____ () C:\Users\Auron\Desktop\Rkill.txt2014-06-08 12:02 - 2014-06-08 18:02 - 00000000 ____D () C:\Users\Auron\AppData\Local\CrashDumps2014-06-08 12:02 - 2014-06-08 12:02 - 04686336 _____ () C:\Users\Auron\Desktop\RogueKiller.exe2014-06-08 12:02 - 2014-06-08 12:02 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-08 12:01 - 2014-06-08 12:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-06-08 12:00 - 2014-06-08 12:00 - 00002814 _____ () C:\Windows\system32\.crusader2014-06-08 11:56 - 2014-06-08 12:00 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-08 11:52 - 2014-06-08 11:52 - 00000630 _____ () C:\Users\Auron\Desktop\Registro del 08.06.14.reg2014-06-08 11:44 - 2014-06-08 11:48 - 00000000 ____D () C:\Users\Auron\Desktop\mbar2014-06-08 11:44 - 2014-06-08 11:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-06-07 14:46 - 2014-06-08 10:43 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Spotify2014-06-07 14:46 - 2014-06-07 18:59 - 00000000 ____D () C:\Users\Auron\AppData\Local\Spotify2014-06-07 14:46 - 2014-06-07 14:46 - 00001809 _____ () C:\Users\Auron\Desktop\Spotify.lnk2014-06-07 14:46 - 2014-06-07 14:46 - 00001795 _____ () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2014-06-05 00:43 - 2014-06-05 00:43 - 00000132 _____ () C:\Users\Auron\AppData\Roaming\Adobe PNG Format CS6 Prefs2014-06-05 00:26 - 2014-06-05 00:26 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2014-06-05 00:11 - 2014-06-05 00:21 - 00003312 _____ () C:\Windows\System32\Tasks\Microsoft System Certificates2014-06-04 23:38 - 2014-06-04 23:38 - 00000000 ____D () C:\Users\Auron\Documents\Adobe Scripts2014-06-04 23:27 - 2014-06-08 18:06 - 00000000 ____D () C:\ProgramData\Adobe2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2014-06-04 23:25 - 2014-06-05 00:30 - 00000000 ____D () C:\Users\Auron\AppData\Local\Adobe2014-06-04 23:25 - 2014-06-04 23:25 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Macromedia2014-06-04 19:21 - 2014-06-04 19:21 - 00000668 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk2014-05-30 19:34 - 2014-05-30 19:34 - 00001544 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-05-30 19:34 - 2014-05-30 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-30 19:33 - 2014-05-30 19:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-30 19:33 - 2014-05-30 19:34 - 00000000 ____D () C:\Program Files\iTunes2014-05-30 19:33 - 2014-05-30 19:33 - 00000000 ____D () C:\Program Files\iPod2014-05-25 22:30 - 2014-06-02 14:45 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\.minecraft2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\Documents\Electronic Arts2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\AppData\Local\Electronic Arts2014-05-24 18:26 - 2014-05-24 18:27 - 00000000 ____D () C:\Users\Auron\AppData\Local\WiFi Guard2014-05-24 18:26 - 2014-05-24 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard2014-05-24 17:36 - 2014-05-24 17:36 - 00000692 _____ () C:\Users\Auron\Desktop\NetSurveyor.lnk2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NutsAboutNets2014-05-24 17:36 - 2010-03-25 11:05 - 00046776 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\NANMp50.sys2014-05-24 17:36 - 2010-03-25 11:05 - 00045752 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\NANSp50.sys2014-05-14 23:54 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-14 23:54 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-14 23:54 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-14 23:54 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-14 23:54 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-14 23:54 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-14 23:45 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-14 23:45 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-14 23:45 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-05-14 23:45 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-05-14 23:45 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-05-14 23:45 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-05-14 23:45 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-05-14 23:45 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-05-14 23:45 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-05-14 23:45 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-05-14 23:45 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-05-14 23:45 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-05-14 23:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-05-14 23:45 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-05-14 23:45 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-05-14 23:45 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-05-14 23:45 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-05-14 23:45 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-05-14 23:45 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-05-14 23:45 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-05-14 23:45 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-05-14 23:45 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-05-14 23:45 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-05-14 23:45 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-05-14 23:45 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-05-14 23:45 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-05-14 23:45 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-05-14 23:45 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-05-14 23:45 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-05-14 23:45 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-05-14 23:45 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-05-14 23:45 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-05-14 23:45 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-05-14 23:45 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll ==================== One Month Modified Files and Folders ======= 2014-06-08 18:08 - 2014-06-08 18:08 - 00012365 _____ () C:\Users\Auron\Downloads\FRST.txt2014-06-08 18:08 - 2014-06-08 18:06 - 00000000 ____D () C:\FRST2014-06-08 18:08 - 2013-08-24 02:10 - 00000000 ____D () C:\Users\Auron\AppData\Local\Temp2014-06-08 18:06 - 2014-06-08 18:06 - 02072576 _____ (Farbar) C:\Users\Auron\Downloads\FRST64.exe2014-06-08 18:06 - 2014-06-04 23:27 - 00000000 ____D () C:\ProgramData\Adobe2014-06-08 18:06 - 2013-08-24 02:51 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Adobe2014-06-08 18:06 - 2011-04-12 12:49 - 00741386 _____ () C:\Windows\system32\perfh010.dat2014-06-08 18:06 - 2011-04-12 12:49 - 00147440 _____ () C:\Windows\system32\perfc010.dat2014-06-08 18:06 - 2009-07-14 07:13 - 01661180 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-08 18:04 - 2013-08-24 02:11 - 02062374 _____ () C:\Windows\WindowsUpdate.log2014-06-08 18:02 - 2014-06-08 12:02 - 00000000 ____D () C:\Users\Auron\AppData\Local\CrashDumps2014-06-08 18:01 - 2013-09-28 03:57 - 00179956 _____ () C:\Windows\PFRO.log2014-06-08 18:01 - 2013-09-28 03:57 - 00019131 _____ () C:\Windows\setupact.log2014-06-08 18:01 - 2013-08-24 02:52 - 00000000 ____D () C:\ProgramData\TEMP2014-06-08 18:01 - 2013-08-24 02:39 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-08 18:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-08 13:31 - 2013-08-24 02:39 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-08 13:18 - 2014-06-08 13:18 - 00002956 _____ () C:\Users\Auron\Desktop\BitCoiner.txt2014-06-08 12:50 - 2009-07-14 06:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-08 12:50 - 2009-07-14 06:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-08 12:44 - 2014-06-08 12:44 - 02347384 _____ (ESET) C:\Users\Auron\Downloads\esetsmartinstaller_enu.exe2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET2014-06-08 12:43 - 2013-08-24 02:10 - 00000000 ____D () C:\Users\Auron\AppData\Local\VirtualStore2014-06-08 12:42 - 2014-06-08 12:39 - 00000000 ____D () C:\AdwCleaner2014-06-08 12:38 - 2014-06-08 12:38 - 01333465 _____ () C:\Users\Auron\Downloads\AdwCleaner.exe2014-06-08 12:24 - 2014-06-08 12:24 - 00000691 _____ () C:\Users\Auron\Desktop\JRT.txt2014-06-08 12:20 - 2014-06-08 12:20 - 01016261 _____ (Thisisu) C:\Users\Auron\Downloads\JRT.exe2014-06-08 12:20 - 2014-06-08 12:20 - 00000000 ____D () C:\Windows\ERUNT2014-06-08 12:14 - 2014-06-08 12:14 - 05245952 _____ () C:\Users\Auron\Downloads\RogueKillerX64.exe2014-06-08 12:14 - 2014-04-12 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-08 12:11 - 2014-06-08 12:11 - 00791393 _____ (Lars Hederer ) C:\Users\Auron\Downloads\erunt-setup.exe2014-06-08 12:11 - 2014-06-08 12:11 - 00000928 _____ () C:\Users\Auron\Desktop\NTREGOPT.lnk2014-06-08 12:11 - 2014-06-08 12:11 - 00000909 _____ () C:\Users\Auron\Desktop\ERUNT.lnk2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Windows\ERDNT2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-06-08 12:11 - 2013-08-24 02:11 - 00000000 ___RD () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-08 12:10 - 2014-06-08 12:10 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Auron\Downloads\rkill.exe2014-06-08 12:10 - 2014-06-08 12:10 - 00002212 _____ () C:\Users\Auron\Desktop\Rkill.txt2014-06-08 12:02 - 2014-06-08 12:02 - 04686336 _____ () C:\Users\Auron\Desktop\RogueKiller.exe2014-06-08 12:02 - 2014-06-08 12:02 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-08 12:01 - 2014-06-08 12:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-06-08 12:00 - 2014-06-08 12:00 - 00002814 _____ () C:\Windows\system32\.crusader2014-06-08 12:00 - 2014-06-08 11:56 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-08 11:52 - 2014-06-08 11:52 - 00000630 _____ () C:\Users\Auron\Desktop\Registro del 08.06.14.reg2014-06-08 11:48 - 2014-06-08 11:44 - 00000000 ____D () C:\Users\Auron\Desktop\mbar2014-06-08 11:48 - 2014-06-08 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-06-08 11:44 - 2014-04-12 16:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-08 11:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat2014-06-08 10:57 - 2013-08-24 11:15 - 00000000 ____D () C:\Windows\pss2014-06-08 10:43 - 2014-06-07 14:46 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Spotify2014-06-08 10:43 - 2013-08-24 02:16 - 00000000 ____D () C:\Windows\Chipset2014-06-08 10:39 - 2014-04-12 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-08 10:39 - 2014-04-12 16:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-08 10:39 - 2013-08-24 02:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-08 03:50 - 2014-04-12 16:47 - 00000000 ____D () C:\Users\Auron\AppData\Local\Songr2014-06-08 03:14 - 2014-04-21 22:15 - 00000000 ____D () C:\ProgramData\Origin2014-06-08 01:25 - 2013-08-24 13:52 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Skype2014-06-07 18:59 - 2014-06-07 14:46 - 00000000 ____D () C:\Users\Auron\AppData\Local\Spotify2014-06-07 14:46 - 2014-06-07 14:46 - 00001809 _____ () C:\Users\Auron\Desktop\Spotify.lnk2014-06-07 14:46 - 2014-06-07 14:46 - 00001795 _____ () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2014-06-06 19:09 - 2009-07-14 06:45 - 04946240 _____ () C:\Windows\system32\FNTCACHE.DAT2014-06-05 00:43 - 2014-06-05 00:43 - 00000132 _____ () C:\Users\Auron\AppData\Roaming\Adobe PNG Format CS6 Prefs2014-06-05 00:31 - 2013-08-24 02:27 - 00070744 _____ () C:\Users\Auron\AppData\Local\GDIPFONTCACHEV1.DAT2014-06-05 00:30 - 2014-06-04 23:25 - 00000000 ____D () C:\Users\Auron\AppData\Local\Adobe2014-06-05 00:26 - 2014-06-05 00:26 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2014-06-05 00:21 - 2014-06-05 00:11 - 00003312 _____ () C:\Windows\System32\Tasks\Microsoft System Certificates2014-06-04 23:38 - 2014-06-04 23:38 - 00000000 ____D () C:\Users\Auron\Documents\Adobe Scripts2014-06-04 23:37 - 2013-08-24 02:10 - 00000000 ____D () C:\Users\Auron2014-06-04 23:31 - 2013-08-24 02:54 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\EQATEC Analytics2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2014-06-04 23:25 - 2014-06-04 23:25 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Macromedia2014-06-04 19:21 - 2014-06-04 19:21 - 00000668 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk2014-06-02 14:45 - 2014-05-25 22:30 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\.minecraft2014-06-01 23:19 - 2013-08-24 03:47 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner2014-06-01 22:15 - 2013-08-24 03:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-30 19:34 - 2014-05-30 19:34 - 00001544 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-05-30 19:34 - 2014-05-30 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-30 19:34 - 2014-05-30 19:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-30 19:34 - 2014-05-30 19:33 - 00000000 ____D () C:\Program Files\iTunes2014-05-30 19:33 - 2014-05-30 19:33 - 00000000 ____D () C:\Program Files\iPod2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\Documents\Electronic Arts2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\AppData\Local\Electronic Arts2014-05-24 18:27 - 2014-05-24 18:26 - 00000000 ____D () C:\Users\Auron\AppData\Local\WiFi Guard2014-05-24 18:26 - 2014-05-24 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard2014-05-24 17:36 - 2014-05-24 17:36 - 00000692 _____ () C:\Users\Auron\Desktop\NetSurveyor.lnk2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NutsAboutNets2014-05-24 16:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-24 13:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache2014-05-23 22:43 - 2014-03-23 22:58 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-05-23 22:43 - 2013-08-24 13:52 - 00000000 ____D () C:\ProgramData\Skype2014-05-21 19:35 - 2013-08-24 02:41 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-05-19 19:41 - 2014-01-12 22:56 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-05-16 19:11 - 2013-10-01 02:58 - 00152125 _____ () C:\Windows\DirectX.log2014-05-16 18:48 - 2013-08-24 02:11 - 00000000 ___RD () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-16 18:47 - 2014-05-07 19:59 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-05-16 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-05-14 23:54 - 2013-08-24 03:30 - 00000000 ____D () C:\Windows\system32\MRT2014-05-14 23:53 - 2013-08-24 03:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-12 07:26 - 2014-04-12 16:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2013-08-24 02:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-10 17:26 - 2013-08-24 02:39 - 00004144 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-10 17:26 - 2013-08-24 02:39 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-09 08:14 - 2014-05-14 23:45 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-09 08:11 - 2014-05-14 23:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP:====================C:\Users\Auron\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exeC:\Users\Auron\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Auron\AppData\Local\Temp\Quarantine.exeC:\Users\Auron\AppData\Local\Temp\raptrpatch.exeC:\Users\Auron\AppData\Local\Temp\raptr_stub.exeC:\Users\Auron\AppData\Local\Temp\SCC.dllC:\Users\Auron\AppData\Local\Temp\SkypeSetup.exeC:\Users\Auron\AppData\Local\Temp\sonarinst.exeC:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary3548307430425438192.dllC:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary7241043097803026716.dllC:\Users\Auron\AppData\Local\Temp\VCdControlTool.exeC:\Users\Auron\AppData\Local\Temp\{2AB94ACA-DBF7-4DA1-A310-C1EC9AFC68CA}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-02 22:01 ==================== End Of Log ============================ Im going to post another reply since the message lenght is too much.Addition.txt

Hi! Since it's been almost 1 week I get a svchost.exe error after the start up, reading on Internet i discovered that a malware could be the issue i'm looking for; i ran MalwareByte updated to the latest version and i discovered that i have to deal with W23/BitCoinMiner malware. I thought a simple scan and removal action have would fix the problem but the malware always come back after a restart. It also disabled somehow the Windows safe mode so when i press F8 i can only select the Boot device (Asus motherboard) and to get into the safe mode i have to active it using the command "msconfig" I tryed to do a scan on safe mode then but nothing, the problem always come back and sometimes it slows my boot Windows start up (it takes a while to load during Windows logo screen) I tryed to scan with ESET Online and im going to copy here what i've founded: C:\$Recycle.Bin\S-1-5-21-3068055036-2407879928-2449727651-1000\$R4CKAUH.exe Win32/DownWare.L potentially unwanted application C:\$Recycle.Bin\S-1-5-21-3068055036-2407879928-2449727651-1000\$RQSZ66D.exe Win32/DownWare.L potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll probably a variant of Win32/SBWatchman.A potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci64.dll a variant of MSIL/SBWatchman.A potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll a variant of MSIL/SBWatchman.A potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll probably a variant of Win32/SBWatchman.A potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi64.dll a variant of MSIL/SBWatchman.A potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi32.exe a variant of Win32/SBWatchman.A potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi64.exe a variant of MSIL/SBWatchman.A potentially unwanted application C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe a variant of MSIL/SBWatchman.A potentially unwanted application C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\jusched[1].exe a variant of Win32/BitCoinMiner.BS potentially unsafe application C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe a variant of Win32/BitCoinMiner.AF potentially unsafe application C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ELDYM8B\SearchIndexer[1].exe multiple threats C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\ssl[1].exe Win32/Autoit.NPY trojan C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe a variant of Win32/BitCoinMiner.BS potentially unsafe application C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exe multiple threats C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe Win32/Autoit.NPY trojan C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe Win32/TrojanDownloader.Autoit.NLZ trojan C:\Users\Auron\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Download\CrystalDiskInfo5_6_2-en.exe Win32/OpenCandy potentially unsafe application E:\Download\disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application E:\Photoshop2\Adobe CS6\Autorun.exe Win32/TrojanDownloader.Autoit.NLZ trojanOperating memory a variant of Win32/BitCoinMiner.BS potentially unsafe application I didn't delete the files founded, can you please help me with this stubborn malware?