Jump to content

Infection: Mbam and AVG cannot start and throw this error: blocked by group policy - please contact system administrator


Recommended Posts

Hi there,

I am afraid my laptop got an infection: AVG 2014 icon disappeared from the taskbar and if I try to run it I get a pop-up with the following error:

 

This program is blocked by group policy. For more information, contact the system administrator

 

The same thing is happening for mbam.

 

Before the problem happend I remember AVG prompted that it had found a threat and asked to remove it and restart the system.

I followed the instruction without paying too much attention, so I cannot say what it was exactly.

 

I run on Windows Vista Home Premium (32-bit).

 

I did some research and I saw other people got the same infection, but I did not understand exactly what I am supposed to do because of my limited knowledge on the topic (virus, malware etc ..).

 

Could someone please help me with this?

 

Many thanks,

Davide

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Hi Ron,

below I have copied and pasted the log files you required:

 

Rkill:

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/10/2014 10:45:44 PM in x86 mode.
Windows Version: Windows Vista Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\LogWatNT.exe (PID: 3656) [WD-HEUR]
 * C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe (PID: 5204) [uP-HEUR]
 * C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe (PID: 5204) [T-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 06/10/2014 10:47:49 PM
Execution time: 0 hours(s), 2 minute(s), and 4 seconds(s)
 

 

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/06/2014
Scan Time: 22.57.15
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.08
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: davide

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260150
Time Elapsed: 20 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-2555903305-2322544514-184203740-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [c1f176fdc8b384b20b36c2e9d62c20e0],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy, , [d1e175fe87f40d29a13994f1ee140cf4],
PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy\BE41AE05FBC44BD2B9D0264D7A453B50, , [d1e175fe87f40d29a13994f1ee140cf4],
PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy\OpenCandy_BE41AE05FBC44BD2B9D0264D7A453B50, , [d1e175fe87f40d29a13994f1ee140cf4],

Files: 6
PUP.Optional.InstalleRex, C:\Users\davide\AppData\Local\Temp\rrXD6kNe.exe.part, , [39794e25fd7e95a1df070515ee139e62],
PUP.Optional.OneClickDownloader.A, C:\Users\davide\AppData\Local\Temp\Hx8xX2RN.exe.part, , [dad823502a51d165b708b460da273ec2],
PUP.Optional.OneClickDownloader.A, C:\Users\davide\AppData\Local\Temp\KxG4aPn_.exe.part, , [b200670c67140135e7d85abad82923dd],
PUP.Optional.Installex, C:\Users\davide\AppData\Local\Temp\bYc8HG_q.exe.part, , [8f2394df1a61280eee679375768bdf21],
PUP.Optional.Softonic.A, C:\Users\davide\Downloads\SoftonicDownloader_per_veetle.exe, , [a30f78fbd2a99f97913af52dd82948b8],
PUP.Optional.OpenCandy, C:\Users\davide\AppData\Roaming\OpenCandy\BE41AE05FBC44BD2B9D0264D7A453B50\DivXInstaller.exe, , [d1e175fe87f40d29a13994f1ee140cf4],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

RogueKiller:

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : davide [Admin rights]
Mode : Scan -- Date : 06/10/2014  23:43:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CTRegRun : C:\Windows\CTRegRun.EXE  -> FOUND
[suspicious.Path] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1213b : C:\Users\davide\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=1213b  -> FOUND
[suspicious.Path] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0214c : C:\Users\davide\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=0214c  -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LogWatch -> FOUND
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LogWatch -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] \\{A5A0891D-0AEB-443C-97A5-6ABDE6DA1C95} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\davide\Desktop\Counter Strike Condition Zero\cs2\autorun.exe" -d "C:\Users\davide\Desktop\Counter Strike Condition Zero\cs2") -> FOUND

¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] FREE OFFER from Audible.com.lnk -- C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk [LNK@] C:\TEMP\HelpInstaller_StartUp.exe -URL -> FOUND

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 4 ¤¤¤
[sSDT:Addr] NtCreateThreadEx[382] : C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys @ 0x8d7e7640
[EAT:Addr] (explorer.exe) MLANG.dll - DllCanUnloadNow : C:\Windows\System32\SndVolSSO.dll @ 0x73e8155f
[EAT:Addr] (explorer.exe) MLANG.dll - DllGetClassObject : C:\Windows\System32\SndVolSSO.dll @ 0x73e84852
[EAT:Addr] (explorer.exe) MLANG.dll - DllMain : C:\Windows\System32\SndVolSSO.dll @ 0x73e812fb

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS541680J9SA00 ATA Device +++++
--- User ---
[MBR] 1eb16b49d0102c261969e5c96e8b27db
[bSP] 6d50d808b3d0f183719f6ce73c16390a : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 MB
1 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 20467712 | Size: 33294 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 88653824 | Size: 33030 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

Please let me know if that's what you were expecting from me.

Thanks again for your help.

Davide

Link to post
Share on other sites

  • Root Admin

The MBAM log shows that you did not choose to remove those items.  Please run MBAM again and this time make sure to tell MBAM to remove them.

 

Next, Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Hi Ron,

below the logs for all the scans you required:

 

MBAM (first scan):

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/06/2014
Scan Time: 19.50.07
Logfile: mbam_scan_log_20140611.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.11.07
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: davide

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260565
Time Elapsed: 19 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

 

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by davide on 11/06/2014 at 20.34.24,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\davide\AppData\Roaming\software"
Successfully deleted: [Folder] "C:\Users\davide\Local Settings\Application Data\apn"



~~~ FireFox

Successfully deleted the following from C:\Users\davide\AppData\Roaming\mozilla\firefox\profiles\au2a16jx.default\prefs.js

user_pref("browser.search.defaulturl", "hxxp://uk.yhs4.search.yahoo.com/yhs/search");
user_pref("keyword.URL", "hxxp://uk.yhs4.search.yahoo.com/yhs/search");
Emptied folder: C:\Users\davide\AppData\Roaming\mozilla\firefox\profiles\au2a16jx.default\minidumps [178 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/06/2014 at 20.46.12,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

AdwCleaner:

# AdwCleaner v3.212 - Report created 11/06/2014 at 20:55:07
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 1 (32 bits)
# Username : davide - DAVIDE-PC
# Running from : C:\Users\davide\Desktop\INFECTION_201406\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SoftWarehouse

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56318BE3-354D-41B2-B403-FD233778BACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18294


-\\ Mozilla Firefox v29.0.1 (it)

[ File : C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2728 octets] - [11/06/2014 20:51:30]
AdwCleaner[s0].txt - [2689 octets] - [11/06/2014 20:55:07]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2749 octets] ##########
 

 

MBAM (second scan):

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/06/2014
Scan Time: 21.05.12
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.11.07
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: davide

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260771
Time Elapsed: 22 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ESET:

C:\Users\davide\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\davide\Downloads\SoftonicDownloader37870.exe    Win32/SoftonicDownloader.A potentially unwanted application
D:\SOFTWARE\Setup-SopCast-3.5.0-2012-3-22.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\SOFTWARE\veetle-0.9.19.exe    Win32/OpenCandy potentially unsafe application
 

 

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014
Ran by davide (administrator) on DAVIDE-PC on 12-06-2014 06:49:33
Running from C:\Users\davide\Desktop\INFECTION_201406
Platform: Microsoft® Windows Vistaâ„¢ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Acer\ALaunch\ALaunchSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\LogWatNT.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Realtek Semiconductor Corp.) C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(IDM Computer Solutions, Inc.) C:\Program Files\UltraEdit\uedit32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-26] (HiTRUST)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [772616 2007-08-15] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [CTRegRun] => C:\Windows\CTRegRun.EXE [41984 1999-10-10] (Creative Technology Ltd )
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [274608 2010-12-10] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-07] (AVAST Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\.DEFAULT\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [Acer Tour Reminder] => [X]
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [Google Update] => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-11-28] (Google Inc.)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify] => C:\Users\davide\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-27] (Spotify Ltd)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify Web Helper] => C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\davide\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=1213b
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\davide\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=96f413c70e2495ca2845109eb8b7ff87-1f809c00b6e7686c9b0929247b782968f23f26c4 /CMPID=0214c
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [AgowEjxi] => regsvr32.exe "C:\ProgramData\AgowEjxi.dat"
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: {28671b3e-cbe3-11dc-8dd3-001b3874270b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: {593a52ba-c50b-11e1-a0e1-001b3874270b} - F:\
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk
ShortcutTarget: FREE OFFER from Audible.com.lnk -> C:\TEMP\HelpInstaller_StartUp.exe (No File)
Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {D8335F45-3203-48B1-A2F7-40DE58D666AA} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll No File
BHO: No Name - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxp://www.chess.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13.1 - C:\Users\davide\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: Link Password - C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\Extensions\LinkPassword@EvighetensFilosofi.xpi [2013-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\davide\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org

Chrome:
=======
CHR HomePage: https://uk.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: "https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: www.yahoo.com
CHR DefaultSearchProvider: Yahoo! (Avast)
CHR DefaultSearchURL: http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (YouTube) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google Search) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (Skype Click to Call) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-22]
CHR Extension: (Google Wallet) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16]
CHR Extension: (Gmail) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-07] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-26] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-14] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-29] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 LogWatch; C:\Windows\LogWatNT.exe [50176 2000-06-08] () [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) [File not signed]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S3 OracleDBConsoleORCL11G; D:\app\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-06-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-06-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-06-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-06-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-06-07] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 iadusb; C:\Windows\System32\DRIVERS\glauiad.sys [30336 2006-07-27] (Conexant Systems Inc.) [File not signed]
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-08] ()
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-25] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-26] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-26] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-26] (HiTRUST)
R1 RapportCerberus_42020; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-09] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-03] ()
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-03] (Cyberlink Corp.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S0 yflxew; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 06:49 - 2014-06-12 06:49 - 00000000 ____D () C:\FRST
2014-06-11 21:34 - 2014-06-11 21:34 - 00000000 ____D () C:\Program Files\ESET
2014-06-11 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-11 20:51 - 2014-06-11 20:55 - 00000000 ____D () C:\AdwCleaner
2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 20:13 - 2014-06-12 06:49 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406
2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 22:52 - 2014-06-11 21:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 22:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT
2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp
2014-06-08 22:40 - 2014-06-11 20:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software
2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-07 18:29 - 2014-06-07 18:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2014-06-12 06:51 - 2008-01-16 04:10 - 00000000 ____D () C:\Users\davide\AppData\Local\Temp
2014-06-12 06:49 - 2014-06-12 06:49 - 00000000 ____D () C:\FRST
2014-06-12 06:49 - 2014-06-11 20:13 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406
2014-06-12 06:47 - 2008-03-21 13:26 - 00016231 _____ () C:\Windows\UEDIT32.INI
2014-06-12 06:00 - 2008-01-17 05:12 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Skype
2014-06-12 04:59 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 04:59 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 21:34 - 2014-06-11 21:34 - 00000000 ____D () C:\Program Files\ESET
2014-06-11 21:30 - 2009-05-03 09:41 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-06-11 21:30 - 2009-05-03 09:40 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-06-11 21:03 - 2014-06-10 22:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 21:03 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 21:00 - 2013-06-15 13:07 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Spotify
2014-06-11 20:59 - 2010-11-16 02:22 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 20:59 - 2008-11-23 11:44 - 00000000 ____D () C:\Program Files\Password Safe
2014-06-11 20:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 20:58 - 2013-01-21 07:47 - 00100022 _____ () C:\Windows\PFRO.log
2014-06-11 20:57 - 2006-11-02 14:01 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-11 20:55 - 2014-06-11 20:51 - 00000000 ____D () C:\AdwCleaner
2014-06-11 20:40 - 2014-06-08 22:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 20:33 - 2009-06-27 21:54 - 00001164 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job
2014-06-11 20:31 - 2010-11-16 02:22 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 20:26 - 2008-02-17 14:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 17:28 - 2011-11-11 00:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-11 14:06 - 2009-03-25 00:05 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-06-11 12:41 - 2010-11-16 02:24 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 07:33 - 2009-06-27 21:54 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job
2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT
2014-06-10 21:16 - 2008-03-18 10:06 - 00000000 ____D () C:\Users\davide\AppData\Roaming\uTorrent
2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp
2014-06-09 08:45 - 2013-07-07 20:25 - 250185706 _____ () C:\Windows\MEMORY.DMP
2014-06-09 08:45 - 2008-11-24 00:58 - 00000000 ____D () C:\Windows\Minidump
2014-06-09 07:40 - 2012-04-05 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-09 07:40 - 2011-05-13 20:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-08 18:35 - 2008-01-17 04:57 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Mozilla
2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-08 08:39 - 2008-01-17 05:11 - 00000000 ____D () C:\Program Files\Google
2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software
2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-07 18:37 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-07 18:30 - 2014-06-07 18:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-07 14:26 - 2013-09-27 20:20 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-04 06:47 - 2013-03-11 13:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-23 07:53 - 2009-05-22 07:26 - 00000000 ___RD () C:\Program Files\Skype
2014-05-23 07:53 - 2008-01-17 05:10 - 00000000 ____D () C:\ProgramData\Skype
2014-05-21 20:41 - 2010-11-11 15:22 - 00008224 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-05-19 21:45 - 2013-01-14 08:04 - 00038164 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 21:19 - 2014-05-09 21:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Files to move or delete:
====================
C:\ProgramData\ezsid.dat


Some content of TEMP:
====================
C:\Users\davide\AppData\Local\Temp\AskSLib.dll
C:\Users\davide\AppData\Local\Temp\htmlayout.dll
C:\Users\davide\AppData\Local\Temp\Quarantine.exe
C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\davide\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 21:05

==================== End Of Log ============================

 

 

FRST (addition log):

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014
Ran by davide at 2014-06-12 06:51:38
Running from C:\Users\davide\Desktop\INFECTION_201406
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 1.7.7 - )
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.)
ACE Stream Media 2.0.13.1 (HKCU\...\ACEStream) (Version: 2.0.13.1 - ACE Stream Media)
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.10 - SUYIN)
Acer Crystal Eye Webcam Video Class Camera  (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - )
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4010 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4021 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.20070515 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AllFusion ERwin Data Modeler (HKLM\...\{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}) (Version:  - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - Alps Electric)
Anteprima (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: -2.2004883523.2004883164.4536708 - Audible, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3964 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
Chessmaster Grandmaster Edition (HKLM\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
Chessmaster Grandmaster Edition (Version: 1.00.0000 - Ubisoft) Hidden
Deep Fritz 13 (HKLM\...\{0D381F4A-BB1D-4D86-A9CE-E0C61E5C3B0E}) (Version: 13.10.0.0 - ChessBase)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Hattrick Organizer (remove only) (HKLM\...\Hattrick Organizer) (Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
iTunes (HKLM\...\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}) (Version: 10.0.1.22 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java DB 10.4.2.1 (HKLM\...\{926C96FB-9D0A-4504-8000-C6D3A4A3118E}) (Version: 10.4.2.1 - Sun Microsystems, Inc)
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java SE Development Kit 6 Update 16 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Menu intelligenti (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM\...\{7DB92914-0A00-48C6-8DBB-F8E9D02B78B1}) (Version: 8.0.6362.41 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 it) (HKLM\...\Mozilla Firefox 29.0.1 (x86 it)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MT882 (HKLM\...\MT882) (Version:  - )
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{43A650AA-D1DC-4C52-8819-D7848B3A08DA}) (Version: 3.1.9399 - OpenOffice.org)
Password Safe (HKLM\...\Password Safe) (Version:  - )
PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation)
Quest SQL Tuning (HKLM\...\Quest SQL Tuning) (Version:  - )
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
Rapport (HKLM\...\Rapport_msi) (Version: 3.5.1205.11 - Trusteer)
Rapport (Version: 3.5.1205.11 - Trusteer) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - Piriform)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Self Test Practice Test Engine (HKLM\...\Self Test Practice Test Engine) (Version:  - Self Test Software )
Self Test Software:  Exam 1Z0-052  (HKLM\...\Self Test Software:  Exam 1Z0-052 ) (Version:  - Self Test Software)
Self Test Software:  Exam 1Z0-053  (HKLM\...\Self Test Software:  Exam 1Z0-053 ) (Version:  - Self Test Software)
Self Test Software:  Exam 1Z0-147  (HKLM\...\Self Test Software:  Exam 1Z0-147 ) (Version:  - Self Test Software)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skypeâ„¢ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Strumento di caricamento di Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
TreeSize Free V2.3.3 (HKLM\...\TreeSize Free_is1) (Version:  - JAM Software)
UltraEdit-32 (HKLM\...\{43B6667D-7520-4186-B05B-F5C0494C495D}) (Version: 10.00c - IDM Computer Solutions, Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Favorites per Windows Live Toolbar (HKLM\...\{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}) (Version: 03.01.0146 - Microsoft Corporation)
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
Yahoo! Toolbar con blocco Pop-Up (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

11-06-2014 22:29:07 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC453E2-3960-47A1-8A19-3FAC7FB411D3} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\davide\AppData\Local\Temp\Otd.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {304B6AD3-B780-417B-B97B-649A09B560C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.)
Task: {36A646F4-8E18-4FFC-85CB-4AC37C8B988C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {516A84ED-A102-49BC-A9DB-B6DE5E2EB48E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-07] (AVAST Software)
Task: {66522508-19F4-44E4-8058-EFE5DB84EE5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.)
Task: {72DC3FF6-75E4-4697-A025-AB34D1FE83D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {88F9713C-89A8-405F-A886-9E4A874A94E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.)
Task: {AADB1C08-02BF-469C-8248-5BB0EC7FE416} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.)
Task: {AF756B4A-7BA0-4D21-B1D8-7B364807F99C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-09] (Adobe Systems Incorporated)
Task: {D324168B-A6D0-41E5-8079-FE76A025BE9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.)
Task: {E15E8110-6E24-47BC-A3A0-BC44B544DB5A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E84C75AC-BEFD-4B7E-ABA6-5CBFA60BDEDD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-11 10:47 - 2014-06-11 10:47 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061100\algo.dll
2014-06-12 00:59 - 2014-06-12 00:59 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061101\algo.dll
2007-07-25 12:19 - 2007-01-26 22:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe
2000-06-08 13:15 - 2000-06-08 13:15 - 00050176 _____ () C:\Windows\LogWatNT.exe
2007-07-25 11:59 - 2006-11-24 20:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-07-25 11:59 - 2006-10-24 18:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2007-07-25 11:57 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-07-25 11:43 - 2007-06-29 02:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-07-25 11:43 - 2007-06-29 02:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-07-25 11:43 - 2007-06-29 02:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-04-26 00:30 - 2007-04-26 00:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2007-04-26 00:31 - 2007-04-26 00:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll
2009-06-12 21:17 - 2009-06-10 21:08 - 00140800 _____ () C:\Program Files\WinRAR\rarext.dll
2003-05-07 11:00 - 2003-05-07 11:00 - 00018944 ____N () C:\Program Files\UltraEdit\ue32ctmn.dll
2007-12-08 10:39 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2010-08-10 00:01 - 2010-08-10 00:01 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-06-07 18:37 - 2014-06-07 18:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-05-09 21:56 - 2014-05-09 21:56 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:30A9E86A
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============



HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupreg: Google Update => "C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #6
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Multimedia Video Controller
Description: Multimedia Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/11/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Ricoh xD-Picture Card Driver%%1058

Error: (06/11/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%1058

Error: (06/11/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/11/2014 08:59:01 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/11/2014 08:59:01 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-12 06:51:27.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:51:27.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:51:27.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:51:27.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:51:27.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:51:26.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:51:26.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:51:26.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:50:54.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 06:50:54.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 1790.19 MB
Available physical RAM: 510.02 MB
Total Pagefile: 3831.8 MB
Available Pagefile: 1944.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.53 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:32.51 GB) (Free:3.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:32.26 GB) (Free:2.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 6D41B077)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=33 GB) - (Type=06)
Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Hope I did everything right :).

Thanks,

Davide

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Hi Rob,

below the content of fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014
Ran by davide at 2014-06-13 19:37:32 Run:1
Running from C:\Users\davide\Desktop\INFECTION_201406
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:30A9E86A
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll No File
BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Javaâ„¢ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
C:\ProgramData\AgowEjxi.dat
C:\ProgramData\ezsid.dat
C:\Users\davide\AppData\Local\Temp\AskSLib.dll
C:\Users\davide\AppData\Local\Temp\htmlayout.dll
C:\Users\davide\AppData\Local\Temp\Quarantine.exe
C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\davide\AppData\Local\Temp\SkypeSetup.exe
CHR DefaultSearchURL: http://uk.yhs4.searc...p={searchTerms}
CHR HomePage: http://search.yahoo....=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKLM - DefaultScope value is missing.
ShortcutTarget: FREE OFFER from Audible.com.lnk -> C:\TEMP\HelpInstaller_StartUp.exe (No File)
Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1CC453E2-3960-47A1-8A19-3FAC7FB411D3} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\davide\AppData\Local\Temp\Otd.exe <==== ATTENTION
Task: {304B6AD3-B780-417B-B97B-649A09B560C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.)
Task: {36A646F4-8E18-4FFC-85CB-4AC37C8B988C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {66522508-19F4-44E4-8058-EFE5DB84EE5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.)
Task: {72DC3FF6-75E4-4697-A025-AB34D1FE83D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {88F9713C-89A8-405F-A886-9E4A874A94E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.)
Task: {AADB1C08-02BF-469C-8248-5BB0EC7FE416} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core => C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-28] (Google Inc.)
Task: {D324168B-A6D0-41E5-8079-FE76A025BE9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-16] (Google Inc.)
Task: {E84C75AC-BEFD-4B7E-ABA6-5CBFA60BDEDD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

*****************

C:\ProgramData\TEMP => ":30A9E86A" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}' => Key deleted successfully.
'HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}' => Key deleted successfully.
'HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.
'HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}' => Key deleted successfully.
'HKCR\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}' => Key deleted successfully.
'HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}' => Key deleted successfully.
'HKCR\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}' => Key deleted successfully.
"C:\ProgramData\AgowEjxi.dat" => File/Directory not found.
C:\ProgramData\ezsid.dat => Moved successfully.
C:\Users\davide\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\davide\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\davide\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
C:\Users\davide\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
CHR DefaultSearchURL: http://uk.yhs4.searc...p={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
CHR HomePage: https://uk.yahoo.com...t&type=avastbcl ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
CHR StartupUrls: "https://uk.yahoo.com...&type=avastbcl" ==> The Chrome "Settings" can be used to fix the entry.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}' => Key deleted successfully.
'HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}' => Key deleted successfully.
'HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}' => Key deleted successfully.
'HKLM\Software\MozillaPlugins\@java.com/JavaPlugin' => Key deleted successfully.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => Moved successfully.
'HKCR\PROTOCOLS\Handler\livecall' => Key deleted successfully.
'HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\msnim' => Key deleted successfully.
'HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CTRegRun => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WarReg_PopUp => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => value deleted successfully.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}' => Key deleted successfully.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}' => Key deleted successfully.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28671b3e-cbe3-11dc-8dd3-001b3874270b}' => Key deleted successfully.
'HKCR\CLSID\{28671b3e-cbe3-11dc-8dd3-001b3874270b}'=> Key not found.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{593a52ba-c50b-11e1-a0e1-001b3874270b}' => Key deleted successfully.
'HKCR\CLSID\{593a52ba-c50b-11e1-a0e1-001b3874270b}'=> Key not found.
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder => value deleted successfully.
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AgowEjxi => value deleted successfully.
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0214c => value deleted successfully.
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1213b => value deleted successfully.
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => value deleted successfully.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Classes\exefile' => Key deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8335F45-3203-48B1-A2F7-40DE58D666AA}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{D8335F45-3203-48B1-A2F7-40DE58D666AA}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\TEMP\HelpInstaller_StartUp.exe not found.
C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk => Moved successfully.
C:\Windows\Tasks\Google Software Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA.job => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC453E2-3960-47A1-8A19-3FAC7FB411D3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC453E2-3960-47A1-8A19-3FAC7FB411D3}' => Key deleted successfully.
C:\Windows\System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{304B6AD3-B780-417B-B97B-649A09B560C9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{304B6AD3-B780-417B-B97B-649A09B560C9}' => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A646F4-8E18-4FFC-85CB-4AC37C8B988C}'=> Key not found.
C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66522508-19F4-44E4-8058-EFE5DB84EE5F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66522508-19F4-44E4-8058-EFE5DB84EE5F}' => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000UA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72DC3FF6-75E4-4697-A025-AB34D1FE83D7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DC3FF6-75E4-4697-A025-AB34D1FE83D7}' => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88F9713C-89A8-405F-A886-9E4A874A94E5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88F9713C-89A8-405F-A886-9E4A874A94E5}' => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AADB1C08-02BF-469C-8248-5BB0EC7FE416}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AADB1C08-02BF-469C-8248-5BB0EC7FE416}' => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2555903305-2322544514-184203740-1000Core' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D324168B-A6D0-41E5-8079-FE76A025BE9C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D324168B-A6D0-41E5-8079-FE76A025BE9C}' => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E84C75AC-BEFD-4B7E-ABA6-5CBFA60BDEDD}'=> Key not found.
C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
'HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value deleted successfully.
'HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}'=> Key not found.

==== End of Fixlog ====

 

Thanks,

Davide

Link to post
Share on other sites

  • Root Admin

So let's have you do a full removal of your AVG antivirus and then either reinstall it or if you want use another antivirus product.

Please go into your Control Panel, Add/Remove and uninstall AVG antivirus. Then run the following tool to help remove any left over elements of AVG.
avg_remover_stf_x86_2014_4116.exe

Make sure you restart your computer after using the tool. Then either reinstall AVG or if wanted choose another antivirus product to install.
List of well known antivirus products

Then after installing the antivirus of your choice update it and do a Full System scan and let me know if it finds anything or not.

Link to post
Share on other sites

Hi Ron,

below the logs:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by davide (administrator) on DAVIDE-PC on 18-06-2014 21:06:36
Running from C:\Users\davide\Desktop\INFECTION_201406
Platform: Microsoft® Windows Vistaâ„¢ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Acer\ALaunch\ALaunchSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\LogWatNT.exe
() C:\Acer\Mobility Center\MobilityService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Realtek Semiconductor Corp.) C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-26] (HiTRUST)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [772616 2007-08-15] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [206952 2007-05-24] (CyberLink Corp.)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-06-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-07] (AVAST Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify] => C:\Users\davide\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-27] (Spotify Ltd)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [spotify Web Helper] => C:\Users\davide\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\davide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxp://www.chess.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.609 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13.1 - C:\Users\davide\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\davide\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\davide\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: Link Password - C:\Users\davide\AppData\Roaming\Mozilla\Firefox\Profiles\au2a16jx.default\Extensions\LinkPassword@EvighetensFilosofi.xpi [2013-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\davide\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org

Chrome:
=======
CHR HomePage: https://uk.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: "https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: www.yahoo.com
CHR DefaultSearchProvider: Yahoo! (Avast)
CHR DefaultSearchURL: http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\davide\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (YouTube) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google Search) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (Skype Click to Call) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-22]
CHR Extension: (Google Wallet) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16]
CHR Extension: (Gmail) - C:\Users\davide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-07] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-26] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-14] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-29] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 LogWatch; C:\Windows\LogWatNT.exe [50176 2000-06-08] () [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) [File not signed]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S3 OracleDBConsoleORCL11G; D:\app\oracle\product\11.1.0\db_1\bin\nmesrvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-06-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-06-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-06-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-06-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-06-07] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 iadusb; C:\Windows\System32\DRIVERS\glauiad.sys [30336 2006-07-27] (Conexant Systems Inc.) [File not signed]
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-08] ()
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-25] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-26] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-26] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-26] (HiTRUST)
R1 RapportCerberus_42020; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-09] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-03] ()
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-03] (Cyberlink Corp.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S0 yflxew; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 07:47 - 2014-06-18 07:47 - 00000000 ____D () C:\Users\davide\AppData\Local\CrashDumps
2014-06-14 08:30 - 2014-06-15 10:26 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-06-12 06:49 - 2014-06-18 21:06 - 00000000 ____D () C:\FRST
2014-06-11 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-11 20:51 - 2014-06-11 20:55 - 00000000 ____D () C:\AdwCleaner
2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 20:13 - 2014-06-18 21:06 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406
2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 22:52 - 2014-06-11 21:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 22:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT
2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp
2014-06-08 22:40 - 2014-06-11 20:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software
2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-07 18:29 - 2014-06-07 18:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2014-06-18 21:06 - 2014-06-12 06:49 - 00000000 ____D () C:\FRST
2014-06-18 21:06 - 2014-06-11 20:13 - 00000000 ____D () C:\Users\davide\Desktop\INFECTION_201406
2014-06-18 21:01 - 2008-01-17 05:12 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Skype
2014-06-18 20:09 - 2014-05-09 21:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-18 19:33 - 2006-11-02 11:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 19:31 - 2011-11-11 00:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-18 19:29 - 2013-06-15 13:07 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Spotify
2014-06-18 19:27 - 2009-05-03 09:41 - 00027934 _____ () C:\ProgramData\nvModes.001
2014-06-18 19:27 - 2008-11-23 11:44 - 00000000 ____D () C:\Program Files\Password Safe
2014-06-18 19:26 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 19:26 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 19:26 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 08:32 - 2006-11-02 14:01 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-18 07:47 - 2014-06-18 07:47 - 00000000 ____D () C:\Users\davide\AppData\Local\CrashDumps
2014-06-17 19:54 - 2009-05-03 09:40 - 00027934 _____ () C:\ProgramData\nvModes.dat
2014-06-15 10:26 - 2014-06-14 08:30 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-06-13 19:40 - 2008-03-21 13:26 - 00016249 _____ () C:\Windows\UEDIT32.INI
2014-06-11 21:03 - 2014-06-10 22:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 20:58 - 2013-01-21 07:47 - 00100022 _____ () C:\Windows\PFRO.log
2014-06-11 20:55 - 2014-06-11 20:51 - 00000000 ____D () C:\AdwCleaner
2014-06-11 20:40 - 2014-06-08 22:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 20:26 - 2008-02-17 14:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-11 20:19 - 2014-06-11 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-11 12:41 - 2010-11-16 02:24 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 23:24 - 2014-06-10 23:24 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-10 23:24 - 2014-06-10 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 22:44 - 2014-06-10 22:44 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-10 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000737 _____ () C:\Users\davide\Desktop\NTREGOPT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000718 _____ () C:\Users\davide\Desktop\ERUNT.lnk
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-10 21:41 - 2014-06-10 21:41 - 00000000 ____D () C:\Program Files\ERUNT
2014-06-10 21:16 - 2008-03-18 10:06 - 00000000 ____D () C:\Users\davide\AppData\Roaming\uTorrent
2014-06-09 08:45 - 2014-06-09 08:45 - 00137872 _____ () C:\Windows\Minidump\Mini060914-01.dmp
2014-06-09 08:45 - 2013-07-07 20:25 - 250185706 _____ () C:\Windows\MEMORY.DMP
2014-06-09 08:45 - 2008-11-24 00:58 - 00000000 ____D () C:\Windows\Minidump
2014-06-09 07:40 - 2012-04-05 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-09 07:40 - 2011-05-13 20:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-08 18:35 - 2008-01-17 04:57 - 00000000 ____D () C:\Users\davide\AppData\Roaming\Mozilla
2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-08 08:48 - 2013-03-11 13:50 - 00000838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-08 08:39 - 2008-01-17 05:11 - 00000000 ____D () C:\Program Files\Google
2014-06-07 18:40 - 2014-06-07 18:40 - 00000000 ____D () C:\Users\davide\AppData\Roaming\AVAST Software
2014-06-07 18:39 - 2014-06-07 18:39 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-07 18:39 - 2014-06-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-07 18:38 - 2014-06-07 18:38 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-07 18:38 - 2014-06-07 18:38 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402162731815
2014-06-07 18:38 - 2014-06-07 18:38 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-07 18:38 - 2014-06-07 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-07 18:38 - 2014-06-07 18:38 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-07 18:37 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-07 18:34 - 2014-06-07 18:34 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-07 18:30 - 2014-06-07 18:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-07 14:26 - 2013-09-27 20:20 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-04 06:47 - 2013-03-11 13:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 07:53 - 2014-05-23 07:53 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-23 07:53 - 2009-05-22 07:26 - 00000000 ___RD () C:\Program Files\Skype
2014-05-23 07:53 - 2008-01-17 05:10 - 00000000 ____D () C:\ProgramData\Skype
2014-05-21 20:41 - 2010-11-11 15:22 - 00008224 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-05-19 21:45 - 2013-01-14 08:04 - 00038164 _____ () C:\Windows\WindowsUpdate.log

Some content of TEMP:
====================
C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:33

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-06-2014
Ran by davide at 2014-06-18 21:07:56
Running from C:\Users\davide\Desktop\INFECTION_201406
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 1.7.7 - )
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.)
ACE Stream Media 2.0.13.1 (HKCU\...\ACEStream) (Version: 2.0.13.1 - ACE Stream Media)
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.10 - SUYIN)
Acer Crystal Eye Webcam Video Class Camera  (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - )
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4010 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4021 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.20070515 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AllFusion ERwin Data Modeler (HKLM\...\{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}) (Version:  - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - Alps Electric)
Anteprima (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: -2.2004883523.2004883164.4536708 - Audible, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3972 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
Chessmaster Grandmaster Edition (HKLM\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
Chessmaster Grandmaster Edition (Version: 1.00.0000 - Ubisoft) Hidden
Deep Fritz 13 (HKLM\...\{0D381F4A-BB1D-4D86-A9CE-E0C61E5C3B0E}) (Version: 13.10.0.0 - ChessBase)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Hattrick Organizer (remove only) (HKLM\...\Hattrick Organizer) (Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
iTunes (HKLM\...\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}) (Version: 10.0.1.22 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java DB 10.4.2.1 (HKLM\...\{926C96FB-9D0A-4504-8000-C6D3A4A3118E}) (Version: 10.4.2.1 - Sun Microsystems, Inc)
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java SE Development Kit 6 Update 16 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Menu intelligenti (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM\...\{7DB92914-0A00-48C6-8DBB-F8E9D02B78B1}) (Version: 8.0.6362.41 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 it) (HKLM\...\Mozilla Firefox 29.0.1 (x86 it)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MT882 (HKLM\...\MT882) (Version:  - )
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{43A650AA-D1DC-4C52-8819-D7848B3A08DA}) (Version: 3.1.9399 - OpenOffice.org)
Password Safe (HKLM\...\Password Safe) (Version:  - )
PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation)
Quest SQL Tuning (HKLM\...\Quest SQL Tuning) (Version:  - )
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
Rapport (HKLM\...\Rapport_msi) (Version: 3.5.1205.11 - Trusteer)
Rapport (Version: 3.5.1205.11 - Trusteer) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version:  - Piriform)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Self Test Practice Test Engine (HKLM\...\Self Test Practice Test Engine) (Version:  - Self Test Software )
Self Test Software:  Exam 1Z0-052  (HKLM\...\Self Test Software:  Exam 1Z0-052 ) (Version:  - Self Test Software)
Self Test Software:  Exam 1Z0-053  (HKLM\...\Self Test Software:  Exam 1Z0-053 ) (Version:  - Self Test Software)
Self Test Software:  Exam 1Z0-147  (HKLM\...\Self Test Software:  Exam 1Z0-147 ) (Version:  - Self Test Software)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skypeâ„¢ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Strumento di caricamento di Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
TreeSize Free V2.3.3 (HKLM\...\TreeSize Free_is1) (Version:  - JAM Software)
UltraEdit-32 (HKLM\...\{43B6667D-7520-4186-B05B-F5C0494C495D}) (Version: 10.00c - IDM Computer Solutions, Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Favorites per Windows Live Toolbar (HKLM\...\{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}) (Version: 03.01.0146 - Microsoft Corporation)
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
Yahoo! Toolbar con blocco Pop-Up (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {425AED47-3261-4060-B241-D569F66D467C} - \RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4C79C113-6881-412B-A647-B497E0FEDA05} - \RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION
Task: {516A84ED-A102-49BC-A9DB-B6DE5E2EB48E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-07] (AVAST Software)
Task: {AF756B4A-7BA0-4D21-B1D8-7B364807F99C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-09] (Adobe Systems Incorporated)
Task: {E15E8110-6E24-47BC-A3A0-BC44B544DB5A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-18 19:27 - 2014-06-18 19:27 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061800\algo.dll
2007-07-25 12:19 - 2007-01-26 22:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe
2000-06-08 13:15 - 2000-06-08 13:15 - 00050176 _____ () C:\Windows\LogWatNT.exe
2007-04-26 00:30 - 2007-04-26 00:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2007-04-26 00:31 - 2007-04-26 00:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll
2009-06-12 21:17 - 2009-06-10 21:08 - 00140800 _____ () C:\Program Files\WinRAR\rarext.dll
2003-05-07 11:00 - 2003-05-07 11:00 - 00018944 ____N () C:\Program Files\UltraEdit\ue32ctmn.dll
2007-07-25 11:59 - 2006-11-24 20:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-07-25 11:59 - 2006-10-24 18:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2007-07-25 11:57 - 2007-01-23 14:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-12-08 10:14 - 2007-02-13 15:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-12-08 10:39 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2007-07-25 11:43 - 2007-06-29 02:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-07-25 11:43 - 2007-06-29 02:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-07-25 11:43 - 2007-06-29 02:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2014-06-07 18:37 - 2014-06-07 18:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-05-09 21:56 - 2014-05-09 21:56 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupreg: Google Update => "C:\Users\davide\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #6
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Multimedia Video Controller
Description: Multimedia Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 07:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 29.0.1.5239, time stamp 0x536995c2, faulting module mozalloc.dll, version 29.0.1.5239, time stamp 0x536968fa, exception code 0x80000003, fault offset 0x0000119c,
process id 0xb0c, application start time 0xplugin-container.exe0.


System errors:
=============
Error: (06/18/2014 07:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Ricoh xD-Picture Card Driver%%1058

Error: (06/18/2014 07:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%1058

Error: (06/18/2014 07:27:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/18/2014 07:26:11 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/18/2014 07:26:11 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402

Error: (06/18/2014 06:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Ricoh xD-Picture Card Driver%%1058

Error: (06/18/2014 06:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%1058

Error: (06/18/2014 06:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/18/2014 06:39:23 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/18/2014 06:39:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402


Microsoft Office Sessions:
=========================
Error: (06/18/2014 07:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe29.0.1.5239536995c2mozalloc.dll29.0.1.5239536968fa800000030000119cb0c01cf8aba901f4b57


CodeIntegrity Errors:
===================================
  Date: 2014-06-18 21:07:46.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:46.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:46.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:46.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:45.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:45.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:45.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:44.903
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:14.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:07:13.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 1790.19 MB
Available physical RAM: 688.23 MB
Total Pagefile: 3831.88 MB
Available Pagefile: 2177.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.04 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:32.51 GB) (Free:2.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:32.26 GB) (Free:4.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 6D41B077)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=33 GB) - (Type=06)
Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks,

Davide

Link to post
Share on other sites

  • Root Admin

Actually it looks like we may be able to remove the policies. Please let me have you run the following.

 

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

Once completed please RESTART THE COMPUTER and post back the log

fixlist.txt

Link to post
Share on other sites

Hi Ron,

log below.

 

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:18-06-2014
Ran by davide at 2014-06-19 21:00:06 Run:2
Running from C:\Users\davide\Desktop\INFECTION_201406
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
Toolbar: HKLM - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Javaâ„¢ Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe
Task: {425AED47-3261-4060-B241-D569F66D467C} - \RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION
Task: {4C79C113-6881-412B-A647-B497E0FEDA05} - \RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000 No Task File <==== ATTENTION
Task: {AF756B4A-7BA0-4D21-B1D8-7B364807F99C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

*****************

HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKU\S-1-5-21-2555903305-2322544514-184203740-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
'HKU\S-1-5-21-2555903305-2322544514-184203740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Users\davide\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{425AED47-3261-4060-B241-D569F66D467C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{425AED47-3261-4060-B241-D569F66D467C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C79C113-6881-412B-A647-B497E0FEDA05}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C79C113-6881-412B-A647-B497E0FEDA05}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2555903305-2322544514-184203740-1000'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF756B4A-7BA0-4D21-B1D8-7B364807F99C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF756B4A-7BA0-4D21-B1D8-7B364807F99C}' => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater' => Key deleted successfully.
C:\Windows\Tasks\Google Software Updater.job => Moved successfully.

==== End of Fixlog ====

 

Cheers,

Davide

Link to post
Share on other sites

  • Root Admin

Okay please restart the computer and then run the following again

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Hi Ron,

I have followed the instructions but I am afraid I had an issue.

I ran combofix and after it completed the 50 stages a message appeared that it was removing a couple of files (can't remember the exact names but one of them was somehting like windowini).

However once got to this stage the run seemed to be stuck and it stayed there for 3 hours. After this time I forcly rebooted the laptop.

Now I cannot find any combofix.txt file in C:\.

Any idea what was going on, should I re-run it and if the same thing happens wait for longer than 3 hours?

 

Another thing worth mentioning is that as soon as I ran it I got a message saying that there was some component of AVG 2012 running and asking to disable them. I was surprise as I have installed AVG 2014 (and it is not working as mentioned previously) so I clicked the continue botton and pressed yes once been prompted that there might be some risk in continuing.

 

Hope that all the above is clear, please advice and don't hesitate to ask if you need more info.

 

Many thanks,

Davide

:)

Link to post
Share on other sites

  • Root Admin

Hi Davide

 

Let's have you try doing a full uninstall of ALL AVG software for now and see how that goes.

 

Please uninstall via Control Panel, Add/Remove and then download and run their stand alone tool to manually remove any left over elements.

 

http://www.avg.com/us-en/utilities

 

Let me know if you run into any issues removing it.

Link to post
Share on other sites

Hi Ron,

sorry for the late reply but I have had internect connection issue at home for the last 3/4 days.

I tried again to uninstall AVG from the control pane, but I am still getting the same error:

 

You do not have sufficient access to uninstall AVG 2014.

Please contact your system administrator

 

Don't know what to do.

 

Cheers,

Davide

Link to post
Share on other sites

Hi Ron,

I am sure 100% I have admin rights. I have installed/removed software before (and indeed I installed AVG 2014 with the same user).

I guess this is the problem with the infection I have got.

If it is safe I would remove it forcefully.

Let me know your thoughts.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.