Jump to content

I'm Infected!


Recommended Posts

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014

Ran by Ciro (administrator) on CIRO-PC on 01-10-2014 23:10:22
Running from C:\Users\Ciro\Desktop
Loaded Profile: Ciro (Available profiles: Ciro)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-01] (AVAST Software)
HKU\S-1-5-21-2270907482-2718027160-1726698163-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEFE78B9001DDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ciro\AppData\Roaming\Mozilla\Firefox\Profiles\aJtwKANo.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Ciro\AppData\Roaming\Mozilla\Firefox\Profiles\aJtwKANo.default\Extensions\abs@avira.com [2014-10-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-01]
CHR Extension: (Google Docs) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-01]
CHR Extension: (Google Drive) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-01]
CHR Extension: (YouTube) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-01]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-01]
CHR Extension: (Google Search) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-01]
CHR Extension: (Google Sheets) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-01]
CHR Extension: (Avira Browser Safety) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-01]
CHR Extension: (Google Wallet) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-01]
CHR Extension: (Gmail) - C:\Users\Ciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-01] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-01] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 23:10 - 2014-10-01 23:10 - 00007601 _____ () C:\Users\Ciro\Desktop\FRST.txt
2014-10-01 23:10 - 2014-10-01 23:10 - 00000000 ____D () C:\FRST
2014-10-01 23:04 - 2014-10-01 23:05 - 02108928 _____ (Farbar) C:\Users\Ciro\Desktop\FRST64.exe
2014-10-01 21:51 - 2014-10-01 23:10 - 00000000 ____D () C:\Users\Ciro\AppData\Roaming\TS3Client
2014-10-01 21:40 - 2014-10-01 21:40 - 00003288 ____N () C:\bootsqm.dat
2014-10-01 21:16 - 2014-10-01 21:16 - 00000000 ____D () C:\9421a806fb652cf69f5d94f3ed
2014-10-01 20:57 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-10-01 20:57 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-10-01 20:57 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-10-01 20:57 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-10-01 20:57 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-10-01 20:57 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-10-01 20:57 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-10-01 20:57 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-10-01 20:47 - 2014-10-01 20:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-01 20:47 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-01 20:45 - 2014-08-16 07:56 - 12289024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 09055232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 02466816 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-01 20:45 - 2014-08-16 07:56 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-01 20:45 - 2014-08-16 07:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-01 20:45 - 2014-08-16 07:55 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-01 20:45 - 2014-08-16 07:55 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-01 20:45 - 2014-08-16 07:36 - 06025728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-01 20:45 - 2014-08-16 07:36 - 01266176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-01 20:45 - 2014-08-16 07:36 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-01 20:45 - 2014-08-16 07:36 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-01 20:45 - 2014-08-16 07:36 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-01 20:45 - 2014-08-16 07:36 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-01 20:45 - 2014-08-16 07:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-01 20:45 - 2014-08-16 07:35 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-01 20:45 - 2014-08-16 07:35 - 02086400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-01 20:45 - 2014-08-16 07:35 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-01 20:45 - 2014-08-16 07:35 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-01 20:45 - 2014-08-16 07:35 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-01 20:45 - 2014-08-16 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-01 20:45 - 2014-08-16 07:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-01 20:45 - 2014-08-16 07:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-01 20:45 - 2014-08-16 07:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-01 20:45 - 2014-08-16 07:35 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-01 20:45 - 2014-08-16 07:05 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-01 20:45 - 2014-08-16 06:48 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-01 19:18 - 2014-10-01 21:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 19:18 - 2014-10-01 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-01 19:18 - 2014-10-01 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 19:18 - 2014-10-01 19:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-01 19:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 19:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 19:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 18:57 - 2014-10-01 18:57 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-01 18:57 - 2014-10-01 18:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-01 18:48 - 2014-10-01 18:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-01 18:48 - 2014-10-01 18:58 - 00001926 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-01 18:48 - 2014-10-01 18:57 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-01 18:48 - 2014-10-01 18:57 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-01 18:48 - 2014-10-01 18:57 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-01 18:48 - 2014-10-01 18:57 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-01 18:48 - 2014-10-01 18:57 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-01 18:48 - 2014-10-01 18:57 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-01 18:48 - 2014-10-01 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-01 18:47 - 2014-10-01 18:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-01 18:46 - 2014-10-01 18:46 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-01 18:40 - 2014-10-01 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-01 18:40 - 2014-10-01 18:40 - 00000000 ____D () C:\Program Files\7-Zip
2014-10-01 18:25 - 2014-10-01 18:49 - 00000000 ____D () C:\Users\Ciro\AppData\Roaming\AVAST Software
2014-10-01 18:23 - 2014-10-01 18:57 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-01 18:18 - 2014-10-01 18:57 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-01 18:09 - 2014-10-01 18:44 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-10-01 18:09 - 2014-10-01 18:23 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1412181144955
2014-10-01 18:07 - 2014-10-01 18:44 - 00000000 ____D () C:\ProgramData\Alwil Software
2014-10-01 18:07 - 2014-10-01 18:44 - 00000000 ____D () C:\Program Files\Alwil Software
2014-10-01 17:21 - 2014-10-01 21:49 - 00739254 _____ () C:\Windows\system32\perfh010.dat
2014-10-01 17:21 - 2014-10-01 21:49 - 00146294 _____ () C:\Windows\system32\perfc010.dat
2014-10-01 17:21 - 2014-10-01 17:19 - 00335478 _____ () C:\Windows\system32\perfi010.dat
2014-10-01 17:21 - 2014-10-01 17:19 - 00037534 _____ () C:\Windows\system32\perfd010.dat
2014-10-01 17:19 - 2014-10-01 17:19 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-10-01 17:19 - 2014-10-01 17:19 - 00000000 ____D () C:\Windows\SysWOW64\it
2014-10-01 17:19 - 2014-10-01 17:19 - 00000000 ____D () C:\Windows\SysWOW64\0410
2014-10-01 17:19 - 2014-10-01 17:19 - 00000000 ____D () C:\Windows\system32\it
2014-10-01 17:19 - 2014-10-01 17:19 - 00000000 ____D () C:\Windows\system32\0410
2014-10-01 15:10 - 2014-10-01 16:36 - 3852142592 _____ () C:\Users\Ciro\Downloads\en_windows_8_1_pro_vl_x64_dvd_2971948.iso
2014-10-01 14:42 - 2014-10-01 23:04 - 00000000 ____D () C:\Users\Ciro\AppData\Roaming\uTorrent
2014-10-01 14:27 - 2014-10-01 14:27 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-01 14:19 - 2014-10-01 21:46 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-01 14:19 - 2014-10-01 14:19 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-10-01 10:37 - 2014-10-01 01:59 - 00000000 ____D () C:\Windows\Panther
2014-10-01 03:12 - 2014-10-01 03:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-01 03:09 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-10-01 03:09 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-01 03:09 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-10-01 03:09 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-10-01 03:09 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-01 03:09 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-10-01 03:09 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-10-01 02:54 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-01 02:54 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-01 02:54 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-01 02:54 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-01 02:54 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-01 02:54 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-01 02:54 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-01 02:54 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-01 02:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-01 02:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-01 02:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-01 02:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-01 02:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-01 02:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-01 02:47 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-01 02:47 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-01 02:47 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-01 02:47 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-01 02:47 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-01 02:47 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-10-01 02:47 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-10-01 02:47 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-10-01 02:47 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-10-01 02:47 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-10-01 02:47 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-10-01 02:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-10-01 02:47 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-01 02:47 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-10-01 02:47 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-10-01 02:47 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-10-01 02:47 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-10-01 02:47 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-01 02:46 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-01 02:46 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-01 02:46 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-01 02:46 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-01 02:46 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-01 02:46 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-01 02:46 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-01 02:46 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-01 02:46 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-01 02:46 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-01 02:46 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-01 02:46 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-01 02:46 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-01 02:46 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-01 02:46 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-01 02:45 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-01 02:45 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-01 02:45 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-10-01 02:45 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-10-01 02:45 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-01 02:45 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-01 02:45 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-10-01 02:45 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-10-01 02:45 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-01 02:45 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-01 02:45 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-10-01 02:45 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-10-01 02:45 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-10-01 02:45 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-10-01 02:45 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-01 02:45 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-01 02:43 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-01 02:43 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-01 02:42 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-01 02:42 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-10-01 02:42 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-10-01 02:42 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-10-01 02:42 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-10-01 02:42 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-10-01 02:42 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-01 02:42 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-10-01 02:42 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-10-01 02:42 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-10-01 02:42 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-10-01 02:42 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-01 02:42 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-10-01 02:42 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-10-01 02:42 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-01 02:42 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-10-01 02:42 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-10-01 02:42 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-10-01 02:42 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-10-01 02:42 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-10-01 02:42 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-10-01 02:42 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-10-01 02:41 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-10-01 02:41 - 2012-06-16 07:16 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-01 02:41 - 2012-06-16 07:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-01 02:41 - 2012-06-16 06:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-01 02:41 - 2012-06-16 06:26 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-01 02:41 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-01 02:41 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-01 02:41 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-10-01 02:40 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-01 02:40 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-01 02:40 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-10-01 02:40 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-10-01 02:40 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-10-01 02:40 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-10-01 02:40 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-10-01 02:40 - 2013-08-27 11:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-01 02:40 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-01 02:40 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-01 02:40 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-01 02:40 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-10-01 02:40 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-10-01 02:40 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-10-01 02:40 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-10-01 02:40 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-01 02:40 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-10-01 02:40 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-10-01 02:40 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-10-01 02:40 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-10-01 02:40 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-10-01 02:40 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-01 02:40 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-10-01 02:40 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-10-01 02:40 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-10-01 02:40 - 2011-02-23 06:56 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-01 02:40 - 2011-02-23 06:55 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-10-01 02:40 - 2011-02-23 06:55 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-01 02:40 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-10-01 02:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 02:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 02:39 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-01 02:39 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-01 02:39 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-01 02:39 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-01 02:39 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-01 02:39 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-01 02:39 - 2013-08-27 11:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-01 02:39 - 2013-08-27 10:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-01 02:39 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-01 02:39 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-10-01 02:39 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-10-01 02:39 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-10-01 02:39 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-10-01 02:39 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-10-01 02:39 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-10-01 02:39 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-01 02:39 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-10-01 02:39 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-10-01 02:39 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-10-01 02:39 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-10-01 02:39 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-10-01 02:39 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-10-01 02:39 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-10-01 02:39 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-10-01 02:39 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-10-01 02:39 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-01 02:39 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-01 02:39 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-01 02:39 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-10-01 02:39 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-10-01 02:39 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-10-01 02:39 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-01 02:39 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-10-01 02:39 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-10-01 02:39 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-10-01 02:39 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-01 02:39 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-01 02:39 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-01 02:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-01 02:38 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-01 02:38 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-01 02:38 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-10-01 02:38 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-10-01 02:38 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-10-01 02:38 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-01 02:38 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-10-01 02:38 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-10-01 02:38 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-10-01 02:38 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-10-01 02:38 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-10-01 02:38 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-10-01 02:38 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-10-01 02:38 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-01 02:32 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-10-01 02:32 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-10-01 02:32 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-10-01 02:32 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-10-01 02:32 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-10-01 02:18 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-10-01 02:09 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-01 02:09 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-01 01:57 - 2014-10-01 01:57 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-01 01:52 - 2014-10-01 01:52 - 00001207 _____ () C:\Users\Ciro\Desktop\TeamSpeak 3 Client.lnk
2014-10-01 01:52 - 2014-10-01 01:52 - 00000000 ____D () C:\Users\Ciro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-10-01 01:52 - 2014-10-01 01:52 - 00000000 ____D () C:\Users\Ciro\AppData\Local\TeamSpeak 3 Client
2014-10-01 01:51 - 2014-10-01 01:51 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-01 01:51 - 2014-10-01 01:51 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-01 01:51 - 2014-10-01 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-01 01:51 - 2014-10-01 01:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-01 01:44 - 2014-10-01 01:44 - 00000000 ____D () C:\Program Files\Intel
2014-10-01 01:44 - 2014-05-21 00:33 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-10-01 01:44 - 2014-05-21 00:33 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-10-01 01:38 - 2014-10-01 01:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-01 01:34 - 2014-10-01 01:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-10-01 01:33 - 2014-10-01 01:32 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2014-10-01 01:23 - 2014-10-01 01:44 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-10-01 01:23 - 2014-10-01 01:23 - 00000000 ____D () C:\Intel
2014-10-01 01:23 - 2014-10-01 01:22 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-10-01 01:20 - 2014-10-01 01:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-01 01:20 - 2014-10-01 01:20 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-10-01 01:20 - 2013-03-27 22:51 - 00842312 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-10-01 01:20 - 2013-03-27 22:51 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-10-01 01:19 - 2014-10-01 01:20 - 00000000 ____D () C:\ProgramData\Dell
2014-10-01 01:18 - 2014-10-01 16:27 - 00000000 ____D () C:\Users\Ciro\AppData\Roaming\Device Doctor
2014-10-01 01:18 - 2014-10-01 01:18 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-01 01:18 - 2014-10-01 01:18 - 00001066 _____ () C:\Users\Ciro\Desktop\Device Doctor.lnk
2014-10-01 01:18 - 2014-10-01 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-01 01:18 - 2014-10-01 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
2014-10-01 01:18 - 2014-10-01 01:18 - 00000000 ____D () C:\Program Files (x86)\Device Doctor
2014-10-01 01:17 - 2014-10-01 22:22 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 01:17 - 2014-10-01 21:45 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 01:17 - 2014-10-01 01:18 - 00000000 ____D () C:\Users\Ciro\AppData\Local\Google
2014-10-01 01:17 - 2014-10-01 01:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-01 01:17 - 2014-10-01 01:17 - 00004142 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-01 01:17 - 2014-10-01 01:17 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-01 01:16 - 2014-10-01 01:17 - 00000000 ____D () C:\Users\Ciro\AppData\Local\Deployment
2014-10-01 01:16 - 2014-10-01 01:16 - 00000000 ____D () C:\Users\Ciro\AppData\Local\Apps\2.0
2014-10-01 01:14 - 2014-10-01 01:14 - 00000000 ____D () C:\Users\Ciro\AppData\Roaming\Mozilla
2014-10-01 01:08 - 2014-10-01 01:12 - 00000000 ____D () C:\Windows\AutoKMS
2014-10-01 01:07 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-10-01 01:07 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-10-01 01:07 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-10-01 01:05 - 2014-10-01 21:08 - 01631128 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-01 01:05 - 2014-10-01 01:05 - 00057560 _____ () C:\Users\Ciro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 01:05 - 2014-10-01 01:05 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-10-01 00:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-01 00:55 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-01 00:55 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-01 00:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-01 00:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-01 00:55 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-01 00:55 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-01 00:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-01 00:55 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-01 00:55 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-01 00:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-01 00:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-01 00:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-01 00:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-01 00:50 - 2014-10-01 01:57 - 00000000 ____D () C:\Users\Ciro
2014-10-01 00:50 - 2014-10-01 00:50 - 00001447 _____ () C:\Users\Ciro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-01 00:50 - 2014-10-01 00:50 - 00001413 _____ () C:\Users\Ciro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-01 00:50 - 2014-10-01 00:50 - 00000020 ___SH () C:\Users\Ciro\ntuser.ini
2014-10-01 00:50 - 2014-10-01 00:50 - 00000000 __SHD () C:\Recovery
2014-10-01 00:50 - 2014-10-01 00:50 - 00000000 ____D () C:\Users\Ciro\AppData\Local\VirtualStore
2014-10-01 00:50 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Ciro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 00:50 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Ciro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-01 00:44 - 2014-10-01 23:05 - 01647314 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 00:44 - 2014-10-01 00:44 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-10-01 00:44 - 2014-10-01 00:44 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-10-01 00:43 - 2014-10-01 00:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 21:51 - 2009-07-14 06:45 - 00022928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 21:51 - 2009-07-14 06:45 - 00022928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 21:49 - 2009-07-14 07:13 - 01653742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 21:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 21:43 - 2009-07-14 06:45 - 00267840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 19:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-01 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-01 17:19 - 2011-04-12 10:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-01 17:19 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-01 17:19 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-10-01 17:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-10-01 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-01 10:37 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-10-01 10:37 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-10-01 01:32 - 2013-09-17 06:48 - 00795632 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2014-10-01 01:32 - 2013-09-17 06:48 - 00358896 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2014-10-01 01:32 - 2013-09-17 06:48 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-10-01 01:32 - 2009-07-14 13:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-10-01 00:54 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-10-01 00:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-01 00:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-01 00:44 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 00:41 - 2011-04-12 10:28 - 00000000 ____D () C:\Windows\CSC
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Ciro\AppData\Local\Temp\7za.exe
C:\Users\Ciro\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-01 00:40
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014
Ran by Ciro at 2014-10-01 23:11:08
Running from C:\Users\Ciro\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Device Doctor v3.1 (HKLM-x32\...\Device Doctor_is1) (Version: 3.1 - Device Doctor Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.71.327.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2270907482-2718027160-1726698163-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
30-09-2014 23:07:43 Windows Update
30-09-2014 23:20:31 Installato Realtek Ethernet Controller All-In-One Windows Driver%~ûo
01-10-2014 00:51:59 Windows Update
01-10-2014 01:11:27 Windows Update
01-10-2014 14:29:11 Revo Uninstaller's restore point - Avira
01-10-2014 15:06:06 Windows Modules Installer
01-10-2014 16:07:30 avast! Free Antivirus Setup
01-10-2014 16:18:56 avast! antivirus system restore point
01-10-2014 16:39:16 Installed 7-Zip 9.20 (x64 edition)
01-10-2014 16:47:22 avast! antivirus system restore point
01-10-2014 16:56:09 avast! antivirus system restore point
01-10-2014 18:29:04 Windows Update
01-10-2014 19:47:40 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0110AEC5-35C2-4B3E-BA37-683673DD9EF9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-01] ()
Task: {71EDE405-8EEE-4110-A7AA-37D8E0C14A52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01] (Google Inc.)
Task: {7792FD70-FE10-4A2D-951F-C70B36EAF991} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01] (Google Inc.)
Task: {A61BC2F2-1D7F-4AFE-BC8B-07A21903A578} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-01] (AVAST Software)
Task: {ABF66403-078A-4ABB-92B7-432BE67DAA48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-01 18:57 - 2014-10-01 18:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-01 18:55 - 2014-10-01 17:33 - 02867712 _____ () C:\Program Files\AVAST Software\Avast\defs\14100101\algo.dll
2014-10-01 18:57 - 2014-10-01 18:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2270907482-2718027160-1726698163-500 - Administrator - Disabled)
Ciro (S-1-5-21-2270907482-2718027160-1726698163-1000 - Administrator - Enabled) => C:\Users\Ciro
Guest (S-1-5-21-2270907482-2718027160-1726698163-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/01/2014 09:44:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 07:47:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 07:14:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 06:56:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary tzzyhrpv.
 
System Error:
Impossibile trovare il file specificato.
.
 
Error: (10/01/2014 06:47:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary tzzyhrpv.
 
System Error:
Impossibile trovare il file specificato.
.
 
Error: (10/01/2014 06:47:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 06:26:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 05:39:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 05:26:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 05:25:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/01/2014 09:44:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Programma di installazione dei moduli di Windows terminato con l'errore: 
%%16405
 
Error: (10/01/2014 09:43:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Precedente arresto del sistema inatteso a 21:19:22 su ‎01/‎10/‎2014.
 
Error: (10/01/2014 09:16:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2758857).
 
Error: (10/01/2014 09:15:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2918614).
 
Error: (10/01/2014 09:13:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Update for Windows 7 for x64-based Systems (KB2732059).
 
Error: (10/01/2014 09:13:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).
 
Error: (10/01/2014 09:10:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Update for Windows 7 for x64-based Systems (KB2773072).
 
Error: (10/01/2014 09:08:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).
 
Error: (10/01/2014 09:00:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).
 
Error: (10/01/2014 08:52:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Errore di installazione. Non è stato possibile installare il seguente aggiornamento, errore 0x8024200d: Update for Windows 7 for x64-based Systems (KB2726535).
 
 
Microsoft Office Sessions:
=========================
Error: (10/01/2014 09:44:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 07:47:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 07:14:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 06:56:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary tzzyhrpv.
 
System Error:
Impossibile trovare il file specificato.
 
Error: (10/01/2014 06:47:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary tzzyhrpv.
 
System Error:
Impossibile trovare il file specificato.
 
Error: (10/01/2014 06:47:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 06:26:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 05:39:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 05:26:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 05:25:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 20%
Total physical RAM: 6036.28 MB
Available physical RAM: 4772.15 MB
Total Pagefile: 12070.73 MB
Available Pagefile: 10861.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:280.55 GB) (Free:241.32 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.42 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 08654B5F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Step 1

Scan with mbam.pngMalwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 02/10/2014

Scan Time: 14:34:42

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.10.02.05

Rootkit Database: v2014.09.19.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Ciro

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 292844

Time Elapsed: 32 min, 18 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No FileTask: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTIONTask: {0110AEC5-35C2-4B3E-BA37-683673DD9EF9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-01] ()2014-10-01 01:08 - 2014-10-01 01:12 - 00000000 ____D () C:\Windows\AutoKMSEmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.