Jump to content

Am I infected?


Recommended Posts

Hello,

(sorry for my bad English)

Recently I've noticed that often my CPU goes at 100% while no big programs are running. I think I'm infected with something... Please, can you help me? Thank you!

Here are the logs:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_15

Run by Gianni at 10:15:01 on 2012-12-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.2047.445 [GMT 1:00]

.

AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\nalserv.exe

C:\Windows\system32\nlssrv32.exe

C:\Program Files\Parallels\Parallels Workstation\Application\prl_naptd.exe

C:\Program Files\Parallels\Parallels Workstation\Application\prl_disp_service.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Program Files\Sandboxie\SbieSvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\WUDFHost.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Scott's Gmail Alert\ScottsGmailAlert.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\indoona\lib\indoonaWebLauncher.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Gianni\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Evernote\Evernote\EvernoteTray.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Evernote\Evernote\Evernote.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\AutoIt3\Beta\AutoIt3.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\DllHost.exe

c:\program files\real\realplayer\update\realsched.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Gianni\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.it/

mWinlogon: Userinit = userinit.exe,

BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.6.0_24\bin\jp2ssv.dll

BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [scotts Gmail Alert] c:\program files\scott's gmail alert\scottsgmailalert.exe

uRun: [Google Update] "c:\users\gianni\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [indoonaWebLauncher] c:\program files\indoona\lib\indoonaWebLauncher.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

StartupFolder: c:\users\gianni\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\gianni\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\gianni\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\users\gianni\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~2.lnk - c:\program files\evernote\evernote\EvernoteTray.exe

StartupFolder: c:\users\gianni\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDriveAutorun = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: LastPass - c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Compila Moduli - c:\program files\lastpass\context.html?cmd=fillforms

IE: Scarica con IDM - c:\program files\internet download manager\IEExt.htm

IE: Scarica con IDM contenuti video FLV - c:\program files\internet download manager\IEGetVL.htm

IE: Scarica tutti i link con IDM - c:\program files\internet download manager\IEGetAll.htm

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{01DEC94B-8D38-4EE7-AB80-BB2ACED72C84} : NameServer = 8.8.8.8,85.37.17.16

TCP: Interfaces\{01DEC94B-8D38-4EE7-AB80-BB2ACED72C84} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

mASetup: {QDH52V31-W5WW-3427-203N-84X616XF203F} - c:\windows\system32\msoffice\update.exe Restart

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\gianni\appdata\roaming\mozilla\firefox\profiles\mt7g334k.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre1.6.0_24\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre1.6.0_24\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nplharcade.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPOP7PlugIn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\gianni\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll

FF - ExtSQL: 2012-12-08 15:44; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\checkpoint\zaforcefield\TrustChecker

FF - ExtSQL: !HIDDEN! 2010-05-01 13:50; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-10 814344]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-23 172032]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-11-2 27056]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-11-2 497320]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 399432]

R2 NalServ;Nalpeiron Control Service;c:\windows\system32\nalserv.exe [2012-4-5 135168]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-11-11 66560]

R2 Parallels Networking Service;Parallels Networking Service;c:\program files\parallels\parallels workstation\application\prl_naptd.exe [2012-6-9 2796328]

R2 Parallels USB Device Manager;Parallels USB Device Manager;c:\windows\system32\drivers\prl_usb_mng32.sys [2012-11-4 17704]

R2 Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor;c:\windows\system32\drivers\prl_hypervisor_32.sys [2012-11-4 230184]

R2 Parallels Virtualization Service;Parallels Virtualization Service;c:\program files\parallels\parallels workstation\application\prl_disp_service.exe [2012-6-9 16714024]

R2 prl_net;Parallels Networking Driver;c:\windows\system32\drivers\prl_net.sys [2012-6-9 27560]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-8-22 1526080]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 22856]

R3 PRLVNIC;Parallels Virtual NIC Adapter;c:\windows\system32\drivers\prl_vnic.sys [2012-6-9 12712]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-4-10 135440]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2010-1-27 17792]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-7-14 8192]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-16 676936]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-3-10 85768]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-28 25112]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]

S3 prl_dsk;Parallels Loopback Driver;c:\program files\parallels\parallels workstation\drivers\prl_dsk.sys [2012-6-9 51496]

S3 prl_mount_svc;Parallels Mount Service;c:\program files\parallels\parallels workstation\application\prl_mount_svc.exe [2012-6-9 521512]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-15 14848]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-15 49664]

S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-21 47128]

S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2012-12-23 14:42:47 -------- d-----w- c:\program files\Calendar Interfaces

2012-12-23 14:42:37 -------- d-----w- c:\users\gianni\appdata\roaming\Meeting Schedule Assistant

2012-12-23 14:42:37 -------- d-----w- c:\program files\Meeting Schedule Assistant

2012-12-21 10:11:27 -------- d-----w- C:\JwSoftworks

2012-12-21 09:55:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 09:55:11 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 09:54:41 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9ae69f4-db70-4e50-a67a-2648d44f4a2c}\mpengine.dll

2012-12-12 08:08:55 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 08:08:28 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 08:08:06 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-08 14:44:33 -------- d-----w- c:\users\gianni\appdata\roaming\CheckPoint

2012-12-08 14:43:47 75096 ----a-w- c:\windows\system32\drivers\klflt.sys

2012-12-08 14:23:32 -------- d-----w- c:\program files\CheckPoint

2012-12-08 14:23:30 -------- d-----w- c:\programdata\CheckPoint

2012-12-04 08:05:04 -------- d-----w- c:\program files\Evernote

2012-12-03 14:18:20 -------- d-----w- c:\program files\DiskCheckup

2012-12-01 12:37:00 -------- d-----w- c:\users\gianni\appdata\local\Programs

2012-11-30 10:54:09 -------- d-----w- c:\users\gianni\appdata\roaming\Traffic Travis v4

2012-11-30 10:53:49 -------- d-----w- c:\users\gianni\appdata\roaming\Affilorama

.

==================== Find3M ====================

.

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-01 14:31:50 454744 ----a-w- c:\windows\system32\drivers\vsdatant.sys

2012-10-26 19:02:10 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-10-25 02:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-29 17:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 10:19:24,91 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 09/11/2009 13:44:10

System Uptime: 24/12/2012 9:34:36 (1 hours ago)

.

Motherboard: Fujitsu Siemens | | P5GD1-FM

Processor: Intel® Pentium® 4 CPU 3.20GHz | Socket 775 | 3192/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 213 GiB total, 18,266 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

K: is FIXED (NTFS) - 20 GiB total, 6,033 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Controller per High Definition Audio

Device ID: PCI\VEN_1002&DEV_AA20&SUBSYS_AA20174B&REV_00\4&30131F0D&0&0108

Manufacturer: Microsoft

Name: Controller per High Definition Audio

PNP Device ID: PCI\VEN_1002&DEV_AA20&SUBSYS_AA20174B&REV_00\4&30131F0D&0&0108

Service: HDAudBus

.

==== System Restore Points ===================

.

RP597: 12/12/2012 9:11:16 - Windows Update

RP598: 19/12/2012 12:22:47 - Windows Update

RP599: 21/12/2012 10:51:22 - Windows Update

.

==== Installed Programs ======================

.

1500

1500_Help

1500Trb

32 Bit HP CIO Components Installer

ABBYY FineReader 10 Professional Edition

Adobe AIR

Adobe Color Video Profiles CS CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.4) - Italiano

Adobe Shockwave Player 11.6

AdobeColorCommonSetRGB

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

America's Army 3

AnyDVD

Apple Software Update

Artisteer 4

Audacity 1.2.6

AutoCAD 2011 - Italiano

AutoCAD 2011 Language Pack - Italiano

Autodesk 123D Make 1.0

Autodesk Design Review 2010

Autodesk Material Library 2011

Autodesk Material Library 2011 Base Image library

AutoIt v3.3.6.1

AutoIt v3.3.9.4 (Beta)

AVS Update Manager 1.0

AVS Video Converter 6

AVS Video Recorder 2.4

AVS Video ReMaker 3.1.2.102

AVS4YOU Software Navigator 1.4

Azuon

Barak's SignME! (Beta)

Battlefield Play4Free

Bit Che

BufferChm

Bullzip PDF Printer 7.1.0.1218

Bus-Simulator 2009

Bus Driver 1.5

Calendar Interfaces 1.0.3.0

CamStudio OSS Desktop Recorder

Camtasia Studio 7

Camtasia Studio 8

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Centro gestione dispositivi Windows Mobile

Chilkat.NET-v4.0

Combined Community Codec Pack 2010-10-10

ConvertXtoDVD 4.1.10.348

Copy

Crash Time 4 - The Syndicate

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DiskCheckup v3.1

DivX Plus Web Player

DocProc

Dropbox

DVD Audio Extractor 5.1.1

European Bus Simulator 2012

Evernote v. 4.6

Fake Webcam 6.1.3

FARO LS 1.1.406.58

Fax

Feedback Tool

FidoCAD 0.96pl4

File di supporto installazione di Microsoft SQL Server 2008

FileZilla Client 3.6.0.2

Focus Magic 3.02

Freeware PDF Unlocker

GoldWave v5.67

Google Chrome

Google Earth Plug-in

Google Gears

Google Update Helper

GPBaseService2

GPL Ghostscript Lite 8.70

GSA Email Spider v6.83

GTK2-Runtime

High-Definition Video Playback 10

HiJackThis

Hotfix per Microsoft Visual C# 2010 Express - ITA (KB2635973)

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

HTML Help Workshop

ImagXpress

indoona 2.1.0 (win32)

Internet Download Manager

Internet Explorer Developer Toolbar

Introduction to CSharp Programming Language

IsoBuster 2.7

Java 6 Update 14

Java 6 Update 15

Java 6 Update 24

JDownloader

JDownloader 0.9

Jolicloud

K-Lite Codec Pack 6.0.4 (Full)

Karen's Directory Printer

LastPass (solo disintallazione)

Lyrics Plugin for Windows Media Player

MAGIX 3D Maker (embeded)

MAGIX Screenshare

MAGIX Speed burnR

Mail Notifier

Malwarebytes Anti-Malware versione 1.65.1.1000

MarketResearch

Meeting Schedule Assistant versione 12.0.9

Micro Niche Finder 5.0

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

Microsoft .NET Framework 4 Client Profile ITA Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended - Language Pack (ITA)

Microsoft .NET Framework 4 Extended ITA Language Pack

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Help Viewer 1.1

Microsoft Help Viewer 1.1 Language Pack - ITA

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Italian) 2010

Microsoft Office Excel MUI (Italian) 2010

Microsoft Office Groove MUI (Italian) 2010

Microsoft Office InfoPath MUI (Italian) 2010

Microsoft Office OneNote MUI (Italian) 2010

Microsoft Office Outlook MUI (Italian) 2010

Microsoft Office PowerPoint MUI (Italian) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Italian) 2010

Microsoft Office Proofing (Italian) 2010

Microsoft Office Publisher MUI (Italian) 2010

Microsoft Office Shared MUI (Italian) 2010

Microsoft Office Word MUI (Italian) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server Compact 3.5 SP2 ITA

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft Visual C# 2010 Express - ITA

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ITA

Microsoft Visual Studio 2010 Tools per Office Runtime (x86) - Language Pack - ITA

Microsoft WSE 2.0 SP3 Runtime

Microsoft_VC100_CRT_SP1_x86

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 15.0 (x86 it)

Mozilla Firefox 15.0.1 (x86 it)

Mozilla Maintenance Service

Mp3tag v2.47b

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

music2pc 2.13

Neat Image v6 Demo (with plug-in)

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10 Help (CHM)

neroxml

Network

Nokia Connectivity Cable Driver

Nokia Maps Updater 1.0.12

Nokia Software Updater

Nokia Suite

Nokia_Multimedia_Common_Components_2_5

Notepad++

NSS (remove only)

NVIDIA PhysX

NVIDIA PhysX SDK 2.8.1

OCR Software by I.R.I.S. 13.0

Open XML SDK 2.0 for Microsoft Office

OpenAL

Operation7 1.36

Orca

Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pando Media Booster

Parallels runtime modules

Parallels Workstation

PC Connectivity Solution

PCI Soft Data Fax Modem with SmartCP

PDF Settings CS5

PDFCreator

PE Explorer 1.99 R6

Poedit

PowerArchiver 2010 German

PowerArchiver 2010 Italian

PowerISO

PunkBuster Services

QuickTime

Raccolta foto di Windows Live

RailWorks 2

Rainmeter

Rapture3D 2.4.4 Game

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealSpeak Solo per l'Italiano, Silvia

RealUpgrade 1.1

Recuva

RollerCoaster Tycoon 3 Platinum

Sandboxie 3.68 (32-bit)

Scan

SciTE Text Editor

Scott's Gmail Alert

SDL Passolo Essential 2011 SP4

SDL Trados 2011 SP1 - Remove suite of products

SDL Trados Compatibility module

SDL Trados Studio 2011 SP1

Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Service Pack 3 per SQL Server 2008 (KB2546951)

Shop for HP Supplies

Skype Click to Call

Skype™ 5.10

SmartWebPrinting

SolutionCenter

Songr

SpinChimp Basic

Sql Server Customer Experience Improvement Program

Status

Steam

Supporto applicazioni Apple

swMSM

Team Fortress 2

Text-To-Speech-Runtime

TmNationsForever

Toolbox

Traffic Travis 4.1.0

Translation Assistant editor (remove)

TrayApp

TuneUp Utilities 2011

TuneUp Utilities Language Pack (it-IT)

Tweet Adder 3

Ubisoft Game Launcher

UnloadSupport

Unlocker 1.9.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.4053

VideoLAN Movie Creator

Virtual DJ - Atomix Productions

Virtual DJ Pro Full - Atomix Productions

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ITA

VLC media player 1.1.9

Watchtower Library 2011 - English

Watchtower Library 2011 - Italiano

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinMerge 2.12.4

WinPcap 4.1.2

WinRAR gestione archivi

X-Lite 3.0

Xenu's Link Sleuth

Xilisoft HD Video Converter 6

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Free Antivirus + Firewall

ZoneAlarm Security

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please post the following:

  • ComboFix.txt.
  • AdwCleaner[R1].txt.

How is your computer running?

Link to post
Share on other sites

ComboFix 12-12-23.01 - Gianni 24/12/2012 16:13:44.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.2047.994 [GMT 1:00]

Eseguito da: c:\users\Gianni\Desktop\ComboFix.exe

AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Gianni\AppData\Roaming\chrtmp

c:\users\Gianni\AppData\Roaming\Daos

c:\users\Gianni\AppData\Roaming\Daos\ecyr.imn

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile0.txt

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile1.txt

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile2.txt

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile3.txt

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile4.txt

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile5.txt

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile6.txt

c:\users\Gianni\AppData\Roaming\DVDSubEditLastFile7.txt

c:\users\Gianni\AppData\Roaming\inst.exe

c:\users\Gianni\AppData\Roaming\Microsoft\~DFK117906b.tmp

c:\users\Gianni\AppData\Roaming\Microsoft\1eaadjc.dll

c:\users\Gianni\AppData\Roaming\Microsoft\bass.dll

c:\users\Gianni\AppData\Roaming\Microsoft\kfgresk.dll

c:\users\Gianni\AppData\Roaming\Microsoft\mjcriu.dll

c:\users\Gianni\AppData\Roaming\Microsoft\msxmin40.dll

c:\users\Gianni\AppData\Roaming\Microsoft\peaadje.dll

c:\users\Gianni\AppData\Roaming\Microsoft\qwadjb.dll

c:\users\Gianni\AppData\Roaming\Microsoft\rsaadjd.dll

c:\users\Gianni\AppData\Roaming\recyclerr

c:\users\Gianni\AppData\Roaming\SQLite3.dll

c:\users\Gianni\AppData\Roaming\vso_ts_preview.xml

c:\users\Gianni\AppData\Roaming\Xyvi

c:\users\Gianni\AppData\Roaming\Xyvi\tapui.ypi

c:\windows\IsUn0410.exe

c:\windows\system32\MSOffice

c:\windows\system32\tmp6491.tmp

c:\windows\system32\tmp64D0.tmp

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Creati Da 2012-11-24 al 2012-12-24 )))))))))))))))))))))))))))))))))))

.

.

2012-12-24 15:35 . 2012-12-24 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-24 15:35 . 2012-12-24 15:35 -------- d-----w- c:\users\Michele\AppData\Local\temp

2012-12-23 14:42 . 2012-12-23 14:42 -------- d-----w- c:\program files\Calendar Interfaces

2012-12-23 14:42 . 2012-12-23 14:43 -------- d-----w- c:\users\Gianni\AppData\Roaming\Meeting Schedule Assistant

2012-12-23 14:42 . 2012-12-23 14:43 -------- d-----w- c:\program files\Meeting Schedule Assistant

2012-12-21 10:11 . 2012-12-21 10:18 -------- d-----w- C:\JwSoftworks

2012-12-21 09:55 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 09:55 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 09:54 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9AE69F4-DB70-4E50-A67A-2648D44F4A2C}\mpengine.dll

2012-12-12 08:08 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 08:08 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 08:08 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-08 14:44 . 2012-12-08 14:44 -------- d-----w- c:\users\Gianni\AppData\Roaming\CheckPoint

2012-12-08 14:43 . 2012-11-15 20:06 75096 ----a-w- c:\windows\system32\drivers\klflt.sys

2012-12-08 14:23 . 2012-12-08 14:43 -------- d-----w- c:\program files\CheckPoint

2012-12-08 14:23 . 2012-12-08 14:23 -------- d-----w- c:\programdata\CheckPoint

2012-12-05 14:01 . 2012-12-05 14:01 -------- d-----w- c:\program files\FileZilla FTP Client

2012-12-04 08:05 . 2012-12-04 08:05 -------- d-----w- c:\program files\Evernote

2012-12-03 14:18 . 2012-12-03 14:18 -------- d-----w- c:\program files\DiskCheckup

2012-12-01 12:37 . 2012-12-01 12:37 -------- d-----w- c:\users\Gianni\AppData\Local\Programs

2012-11-30 10:54 . 2012-11-30 16:22 -------- d-----w- c:\users\Gianni\AppData\Roaming\Traffic Travis v4

2012-11-30 10:53 . 2012-11-30 10:53 -------- d-----w- c:\users\Gianni\AppData\Roaming\Affilorama

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-01 14:31 . 2012-11-01 14:31 454744 ----a-w- c:\windows\system32\drivers\vsdatant.sys

2012-10-26 19:02 . 2012-11-05 16:16 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-16 07:39 . 2012-12-10 15:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 17:40 . 2012-11-15 07:37 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 07:37 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-03 16:58 . 2012-11-15 07:42 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42 . 2012-11-15 07:42 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42 . 2012-11-15 07:42 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42 . 2012-11-15 07:42 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 07:42 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42 . 2012-11-15 07:42 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40 . 2012-11-15 07:42 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21 . 2012-11-15 07:42 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-29 17:54 . 2010-12-21 16:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 22:47 . 2012-11-15 07:37 78336 ----a-w- c:\windows\system32\synceng.dll

2012-09-12 09:53 . 2012-09-12 09:53 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Gianni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Gianni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Gianni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Gianni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-03-02 16:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 452880]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Scotts Gmail Alert"="c:\program files\Scott's Gmail Alert\scottsgmailalert.exe" [2011-09-08 3401728]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

"indoonaWebLauncher"="c:\program files\indoona\lib\indoonaWebLauncher.exe" [2012-10-25 720398]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-03-15 296056]

"Aimersoft Helper Compact.exe"="c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-24 641704]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 738984]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-19 73392]

.

c:\users\Gianni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BlurumBot 1.1.lnk - c:\users\Gianni\Desktop\Blurum\BlurumBot 1.1.exe [2012-8-10 383101]

Dropbox.lnk - c:\users\Gianni\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-12-3 1044320]

EvernoteTray.lnk - c:\program files\Evernote\Evernote\EvernoteTray.exe [2012-12-3 395104]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-9-9 40136]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mail Notifier]

2012-01-02 01:48 514560 ----a-w- c:\program files\Mail Notifier\MailNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myGengo_Client.exe]

2012-01-04 09:15 419797 ----a-w- c:\users\Gianni\Desktop\myGengo Client 1.0\myGengo_Client.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe

"Google Update"="c:\users\Gianni\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"Steam"="c:\program files\Steam\Steam.exe" -silent

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"snpstd3"=c:\windows\vsnpstd3.exe

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 cpuz134;cpuz134;c:\users\Gianni\Desktop\pc-wizard_2010.1.961\pcwiz_x32.sys [x]

R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]

R3 prl_dsk;Parallels Loopback Driver;c:\program files\Parallels\Parallels Workstation\Drivers\prl_dsk.sys [x]

R3 prl_mount_svc;Parallels Mount Service;c:\program files\Parallels\Parallels Workstation\Application\prl_mount_svc.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]

R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]

S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 NalServ;Nalpeiron Control Service;c:\windows\system32\nalserv.exe [x]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 Parallels Networking Service;Parallels Networking Service;c:\program files\Parallels\Parallels Workstation\Application\prl_naptd.exe [x]

S2 Parallels USB Device Manager;Parallels USB Device Manager;c:\windows\system32\drivers\prl_usb_mng32.sys [x]

S2 Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor;c:\windows\system32\drivers\prl_hypervisor_32.sys [x]

S2 Parallels Virtualization Service;Parallels Virtualization Service;c:\program files\Parallels\Parallels Workstation\Application\prl_disp_service.exe [x]

S2 prl_net;Parallels Networking Driver;c:\windows\system32\DRIVERS\prl_net.sys [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

S3 PRLVNIC;Parallels Virtual NIC Adapter;c:\windows\system32\DRIVERS\prl_vnic.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HsfXAudioService REG_MULTI_SZ HsfXAudioService

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

GPSvcGroup REG_MULTI_SZ GPSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-12-24 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-04-27 16:04]

.

2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 08:51]

.

2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 08:51]

.

2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677463182-2215449310-551018887-1001Core.job

- c:\users\Gianni\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 08:51]

.

2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677463182-2215449310-551018887-1001UA.job

- c:\users\Gianni\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 08:51]

.

2012-12-24 c:\windows\Tasks\ReclaimerUpdateFiles_Gianni.job

- c:\users\Gianni\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 07:41]

.

2012-12-24 c:\windows\Tasks\ReclaimerUpdateXML_Gianni.job

- c:\users\Gianni\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 07:41]

.

2012-12-24 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Gianni.job

- c:\users\Gianni\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 07:41]

.

.

------- Scansione supplementare -------

.

uStart Page = https://www.google.it/

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Compila Moduli - file://c:\program files\LastPass\context.html?cmd=fillforms

IE: Scarica con IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Scarica con IDM contenuti video FLV - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Scarica tutti i link con IDM - c:\program files\Internet Download Manager\IEGetAll.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{01DEC94B-8D38-4EE7-AB80-BB2ACED72C84}: NameServer = 8.8.8.8,85.37.17.16

FF - ProfilePath - c:\users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\mt7g334k.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

FF - ExtSQL: 2012-12-08 15:44; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker

FF - ExtSQL: !HIDDEN! 2010-05-01 13:50; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

.

------- Associazioni dei file -------

.

.scr=AutoCADScriptFile

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

ShellIconOverlayIdentifiers-{849959BB-6CCB-49E7-B87D-A8BC97E343F7} - c:\users\Gianni\AppData\Roaming\Microsoft\msxmin40.dll

AddRemove-Translation Assistant editor - c:\program files\Translation Assistant editor\Uninstall.exe

.

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

.

- - - - - - - > 'lsass.exe'(748)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'Explorer.exe'(6464)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\users\Gianni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\FileZilla FTP Client\fzshellext.dll

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\windows\system32\atieclxx.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Sandboxie\SbieSvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

c:\windows\System32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\DllHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Ora fine scansione: 2012-12-24 16:51:42 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-12-24 15:51

.

Pre-Run: 29.675.028.480 byte disponibili

Post-Run: 29.834.838.016 byte disponibili

.

- - End Of File - - 886A5122EFEEED7501BDADA642B9A6BE

# AdwCleaner v2.102 - Logfile creato il 24/12/2012 alle 16:59:41

# Aggiornamento 23/12/2012 by Xplode

# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)

# Utente : Gianni - GIANNI-PC

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Users\Gianni\Desktop\adwcleaner.exe

# Opzioni [Cerca]

***** [servizi] *****

***** [File / Cartelle] *****

Cartella Trovato : C:\ProgramData\Trymedia

***** [Registro] *****

Chiave Trovata : HKCU\Software\Conduit

Chiave Trovata : HKCU\Software\Softonic

Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Chiave Trovata : HKLM\Software\Conduit

Chiave Trovata : HKLM\SOFTWARE\Software

***** [browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Mozilla Firefox v15.0 (it)

File : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\mt7g334k.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [1397 octets] - [24/12/2012 16:59:41]

########## EOF - C:\AdwCleaner[R1].txt - [1457 octets] ##########

Link to post
Share on other sites

Hey Filarono. :)

Hope you had a lovely christmas.

This line: c:\windows\AutoKMS\AutoKMS.exe

This is a keygen/crack file. We do not condone the use of such piracy software. Please refrain from using such software or your topic will be closed.

Please re-run AdwCleaner, let it delete what it finds and post its new log in your reply.

What issues remain?

Link to post
Share on other sites

Hello,

Here is the new log:

# AdwCleaner v2.103 - Logfile creato il 26/12/2012 alle 10:56:08

# Aggiornamento 25/12/2012 by Xplode

# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)

# Utente : Gianni - GIANNI-PC

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Users\Gianni\Documents\adwcleaner.exe

# Opzioni [Elimina]

***** [servizi] *****

***** [File / Cartelle] *****

Cartella Eliminato : C:\ProgramData\Trymedia

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Conduit

Chiave Eliminata : HKCU\Software\Softonic

Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Chiave Eliminata : HKLM\Software\Conduit

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\504244733D18C8F63FF584AEB290E3904E791693

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Chiave Eliminata : HKLM\SOFTWARE\Software

***** [browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Mozilla Firefox v15.0 (it)

File : C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\mt7g334k.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Gianni\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [1526 octets] - [24/12/2012 16:59:41]

AdwCleaner[R2].txt - [1946 octets] - [26/12/2012 10:49:48]

AdwCleaner[s1].txt - [1903 octets] - [26/12/2012 10:56:08]

########## EOF - C:\AdwCleaner[s1].txt - [1963 octets] ##########

The CPU still goes to 100% without reason. In the Task Manager, Processes tab, no processes are consuming 100% CPU so I don't understand why CPU is at 100%.

Thank you for your help.

Link to post
Share on other sites

I downloaded ProcessHacker and I think I've found what's consuming my CPU.

The process vsmon.exe is at 50% CPU, 280MB RAM.

I searched it in Google and found it's a process by ZoneAlarm, which is my antivirus.

There's another process, ntoskrnl.exe, which is at 22%.

So, now the problem is: Why are these processes consuming all CPU?

Link to post
Share on other sites

Hello Filarono. :)

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Once that comes back clean I will give you advice for security software. :)

Link to post
Share on other sites

  • 2 weeks later...

Hello,

Very sorry for delay - I was not able to reply.

Here are the result of ESET scan:

C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan

C:\Users\Gianni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5d02d38e-30ad4a6a a variant of Win32/Kryptik.YAM trojan

Link to post
Share on other sites

Good morning Filarono,

That's fine.

Please download TFC to your Desktop.

  • Open the file and close any other windows.
  • It will close all programs itself when run; make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job.
  • Once its finished it should reboot your machine; if not, do this yourself to ensure a complete clean.

=====

Also, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Hello,

Here it is:

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x86

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware versione 1.65.1.1000

TuneUp Utilities 2011

TuneUp Utilities Language Pack (it-IT)

Java 6 Update 14

Java 6 Update 15

Java 6 Update 24

Java 7 Update 10

Java version out of Date!

Adobe Flash Player 11.5.502.146

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (15.0)

Google Chrome 23.0.1271.97

Google Chrome 24.0.1312.52

````````Process Check: objlist.exe by Laurent````````

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hey Filarono,

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows 7 version:

http://www.java.com/en/download/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Uninstall.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

=====

Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

=====

In your reply please let me know how the updates go.

Link to post
Share on other sites

Good morning Filarono,

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

And AdwCleaner:

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.