Jump to content

Unable to boot - FRST logs included


elmaga

Recommended Posts

Hi everyone, I've been unable to boot since today.

Safe mod is not working, too. I recently did a complete scan with both MCAfee and MalwareBytes before getting stuck in a boot loop and I'm suspecting some kind of ransomware.

 

I can access startup recovery, so I did an FRST scan. I'll post the log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by SYSTEM on MININT-J9M3C82 on 14-01-2015 01:52:44
Running from f:\
Platform: Windows 7 Ultimate (X86) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation)
HKU\Administrator\...\Run: [Facebook Update] => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-17] (Facebook Inc.)
HKU\Administrator\...\Run: [YcPack] => regsvr32.exe C:\Users\Administrator\AppData\Local\YcPack\dvWINt5.dll <===== ATTENTION
HKU\Administrator\...\Run: [Ajworks] => C:\Windows\System32\regsvr32.exe C:\Users\Administrator\AppData\Local\YTZPack\BluetoothCommsCtrl.dll
HKU\Administrator\...\Run: [spotify Web Helper] => "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\Administrator\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Administrator\...\Policies\Explorer: [NoControlPanel] 0
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24096 2012-10-05] (KORG INC.)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [67800 2014-09-11] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10371072 2007-07-17] (Sonix Co. Ltd.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-03-17] (Duplex Secure Ltd.)
S4 eabfiltr; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 01:52 - 2015-01-14 01:52 - 00000000 ____D () C:\FRST
2015-01-13 20:53 - 2015-01-13 20:53 - 05309348 _____ () C:\Users\Administrator\Desktop\autotune.wav
2015-01-13 19:51 - 2015-01-13 19:51 - 00071184 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 19:42 - 2015-01-13 20:17 - 00000000 ____D () C:\Program Files\Antares Audio Technologies
2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\ProgramData\PACE
2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\Program Files\Common Files\VST3
2015-01-13 19:19 - 2015-01-13 19:19 - 00034393 _____ () C:\ComboFix.txt
2015-01-13 18:40 - 2015-01-13 21:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 18:40 - 2015-01-13 19:19 - 00000000 ____D () C:\Qoobox
2015-01-08 13:26 - 2015-01-14 00:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\YTZPack
2015-01-08 13:26 - 2015-01-14 00:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\YcPack
2015-01-08 13:15 - 2015-01-08 13:15 - 00000000 ___DC () C:\ProgramData\{957E0013-BE0F-48C1-BF3F-B4B6CC7B6D3B}
2015-01-08 12:50 - 2015-01-08 12:50 - 00000000 __HDC () C:\ProgramData\{8248E23A-B811-474B-951C-5AD780E7F743}
2015-01-08 00:03 - 2015-01-08 12:18 - 00000000 ____D () C:\Users\Administrator\Desktop\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM
2015-01-07 22:45 - 2015-01-07 22:45 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NCH Software
2015-01-07 22:44 - 2015-01-07 22:59 - 00000000 ____D () C:\Program Files\NCH Software
2015-01-07 22:44 - 2015-01-07 22:44 - 00001086 _____ () C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2015-01-07 22:44 - 2015-01-07 22:44 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-07 01:27 - 2015-01-07 01:28 - 00000000 ____D () C:\Users\Administrator\Documents\AirDroid
2015-01-06 01:18 - 2015-01-06 01:19 - 00000000 ____D () C:\Users\Administrator\Desktop\Tor Browser_
2015-01-05 23:44 - 2015-01-13 00:02 - 00000000 ____D () C:\Users\Administrator\Desktop\BLACK LITHIUM
2014-12-22 16:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 00:55 - 2014-12-09 18:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 00:55 - 2014-05-26 02:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-14 00:55 - 2014-03-18 02:18 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-14 00:47 - 2014-03-17 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-01-14 00:47 - 2014-03-15 20:20 - 00000000 __RSD () C:\Users\Administrator\Documents\Archivi protetti McAfee
2015-01-14 00:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\it-IT
2015-01-14 00:46 - 2014-03-15 11:39 - 00000000 ____D () C:\users\Administrator
2015-01-14 00:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-14 00:44 - 2014-10-17 00:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2015-01-13 21:54 - 2014-07-28 21:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Samsung
2015-01-13 21:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-01-09 09:54 - 2014-03-15 11:40 - 01658888 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-09 09:54 - 2009-07-14 09:21 - 00740896 _____ () C:\Windows\System32\perfh010.dat
2015-01-09 09:54 - 2009-07-14 09:21 - 00146918 _____ () C:\Windows\System32\perfc010.dat
2015-01-08 21:40 - 2014-09-20 01:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Progetti FL
2015-01-08 21:00 - 2014-11-02 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-01-08 20:56 - 2014-03-17 22:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
2015-01-08 15:07 - 2014-03-17 16:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-07 21:36 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
2015-01-05 22:34 - 2014-09-20 01:45 - 00000000 ____D () C:\Users\Administrator\Desktop\Guitar Pro
2015-01-05 15:47 - 2014-04-29 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity
2015-01-02 17:41 - 2014-03-15 20:16 - 00000000 ____D () C:\Program Files\McAfee
2014-12-17 00:44 - 2014-03-15 20:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-12-17 00:43 - 2014-03-15 20:14 - 00000000 ____D () C:\ProgramData\McAfee
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\mp3el.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!.
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-10-15 00:37] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-11 21:30:41
Restore point made on: 2015-01-13 19:41:07
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 2039.3 MB
Available physical RAM: 1609.67 MB
Total Pagefile: 2039.3 MB
Available Pagefile: 1607.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:85.38 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: CB64FC8A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 70707573)
No partition Table on disk 1.
 
 
LastRegBack: 2014-03-15 12:25
 
==================== End Of Log ============================
 
 
 
 
 
 
This is the search log for the missing DLL
 
Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by SYSTEM at 2015-01-14 01:58:10
Running from f:\
Boot Mode: Recovery
 
================== Search: "user32.dll" ===================
 
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20496_none_cd8e8f8de7d4e9b5\user32.dll
[2009-09-15 04:37][2009-09-15 04:37] 0811520 ____A (Microsoft Corporation) AE2B4D47934D3798C984D51B1694A490
 
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16400_none_cd604238ce73b38f\user32.dll
[2009-09-15 04:37][2009-09-15 04:37] 0811520 ____A (Microsoft Corporation) C7B21BEF09EC7249556BEE19F9D314CB
 
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009-07-14 00:24][2009-07-14 02:16] 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861
 
X:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009-07-14 00:24][2009-07-14 02:16] 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861
 
X:\Windows\System32\user32.dll
[2009-07-14 00:24][2009-07-14 02:16] 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861
 
X:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009-07-14 00:24][2009-07-14 02:16] 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861
 
X:\Windows\System32\user32.dll
[2009-07-14 00:24][2009-07-14 02:16] 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861
 
=== End Of Search ===


Thanks in advance for your help.
 
Link to post
Share on other sites

^Thanks Ron, I managed to boot and to clean up most of the rubbish that was clogging up the system.

However, I'm still having no luck trying to remove what seems to be some sort of AdWare.

While browsing with Chrome I'm randomly redirected to a webiste called find-all-you-want[dot]com that sends me to Amazon or other selling-related websites.

If you could instruct me on how to deal with it, and on what logs you need for that, I'd be really glad.

Thanks!

Link to post
Share on other sites

  • Root Admin

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

Link to post
Share on other sites

Thanks, here's the MBAM log.
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/01/2015
Scan Time: 12:13:07
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.21.05
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326880
Time Elapsed: 21 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Sorry if some logs came out in Italian, I forgot to change the language for you. Hope you can figure it out anyway

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by Administrator on 22/01/2015 at 19:59:47,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\2brwy1ri.default\prefs.js
 
user_pref("extensions.fbp@fbpurity.com.oldfriendstore-100000394094288", "{\"100000394094288\":\"Riccardo Van Maganza\",\"100001826972694\":\"Cornelia Rossi Martinetti\",\"1000
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/01/2015 at 20:04:47,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
ADWCleaner

# AdwCleaner v4.108 - Rapporto creato 22/01/2015 in 20:12:23
# Aggiornato 17/01/2015 di Xplode
# Database : 2015-01-22.3 [Live]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nome utente : Administrator - ADMINISTRATOR
# In esecuzione da : C:\Users\Administrator\Documents\adwcleaner_4.108.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
[x] Non Eliminato : C:\ProgramData\NCH Software
[x] Non Eliminato : C:\Program Files\NCH Software
[x] Non Eliminato : C:\Users\Administrator\AppData\Roaming\NCH Software
 
***** [ Compiti ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
Chiave Eliminati : HKCU\Software\Conduit
Chiave Eliminati : HKLM\SOFTWARE\Conduit
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 it)
 
 
-\\ Google Chrome v39.0.2171.99
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [4485 octets] - [14/01/2015 03:55:45]
AdwCleaner[R1].txt - [8641 octets] - [14/01/2015 05:07:51]
AdwCleaner[R2].txt - [2344 octets] - [15/01/2015 01:56:45]
AdwCleaner[R3].txt - [1454 octets] - [22/01/2015 20:07:28]
AdwCleaner[s0].txt - [4564 octets] - [14/01/2015 04:13:41]
AdwCleaner[s1].txt - [8899 octets] - [14/01/2015 05:14:43]
AdwCleaner[s2].txt - [2759 octets] - [15/01/2015 02:00:43]
AdwCleaner[s3].txt - [1379 octets] - [22/01/2015 20:12:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1439 octets] ##########
 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/01/2015
Scan Time: 20:17:44
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.22.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327842
Time Elapsed: 23 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET
 
C:\AdwCleaner\Quarantine\C\Program Files\ShopperPro\JSDriver\1471.0.0.0\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\0b21f775-d32a-4eac-84c6-c00ac1ae2ec5@gmail.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\NCH Software\Switch\switch.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Software\Switch\switchsetup_v4.56.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Software\WavePad\wavepad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Software\WavePad\wavepadsetup_v5.63.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\extensions\{EE57DE09-373A-2BF3-4B3A-E20BB68BE273}\components\PSFactoryBuffer.js Win32/Boaxxe.BU trojan
 
 
(I cleaned up ADWCleaner's Quarantine folders since some of the results of ESET scan were pointing to files detected in previous ADWC Scans.
I see both WavePad and Switch are targeted as Malware by ESET and were also detected by ADWC , but they are actually program I use on a regular basis. Are they really harmful?)
 
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Administrator (administrator) on ADMINISTRATOR on 22-01-2015 22:41:39
Running from C:\Users\Administrator\Documents
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Facebook Inc.) C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499864 2014-11-13] (McAfee, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Run: [Facebook Update] => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-17] (Facebook Inc.)
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Run: [spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\MountPoints2: {eba8d75d-ac2c-11e3-8c27-806e6f6e6963} - D:\Install.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{185D6893-1CAF-46F8-BFDE-C72C1826032D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9CCDCD79-E7A2-46BC-9C96-ABB23FCD2990}: [NameServer] 8.8.8.8,8.8.4.4,8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default
FF NetworkProxy: "backup.ftp", "103.31.233.218 "
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "103.31.233.218 "
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "103.31.233.218 "
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "118.97.95.182"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "118.97.95.182"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "118.97.95.182"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "118.97.95.182"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: PSFactoryBuffer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\{EE57DE09-373A-2BF3-4B3A-E20BB68BE273} [2015-01-08]
FF Extension: Google Docs Viewer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\adonis.cuhk@gmail.com.xpi [2014-10-17]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\fbp@fbpurity.com.xpi [2014-10-17]
FF Extension: Fox To Phone - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\sendtophone@martinezdelizarrondo.com.xpi [2014-10-17]
FF Extension: Search By Image (by Google) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-10-17]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF Extension: User Agent Switcher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-17]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-15]
FF HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\extensions\PDVDZDW52397720@XDDWJXW57740856.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.pokemon-cp.it/", "hxxp://www.facebook.com/", "hxxp://start.peppermintos.com/", "hxxp://home.torchbrowser.com/?systemid=448&appid=91&ua=Torch"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentazioni Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Documenti Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Ricerca Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Mailto: for Gmail™) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2015-01-14]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-01-14]
CHR Extension: (Tema semplice rosso) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealcinkolodcnkokioepdoheohkffejc [2015-01-14]
CHR Extension: (Fogli Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-14]
CHR Extension: (ProxMate) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2015-01-14]
CHR Extension: (Google Avvisi email) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-14]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-01-14]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [287696 2014-11-13] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [612152 2014-12-04] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [287696 2014-11-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [287696 2014-11-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [475144 2014-12-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [287696 2014-11-13] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [287696 2014-11-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [287696 2014-11-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [178584 2014-12-19] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [270192 2014-12-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [209472 2014-12-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [287696 2014-11-13] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61912 2014-12-19] (McAfee, Inc.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24096 2012-10-05] (KORG INC.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [67800 2014-10-09] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [264880 2014-12-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [258080 2014-12-19] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [79864 2014-12-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [374904 2014-12-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [656184 2014-12-19] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [376056 2014-11-08] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2014-11-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217840 2014-12-19] (McAfee, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10371072 2007-07-17] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-03-17] (Duplex Secure Ltd.)
U3 afowexz8; C:\Windows\system32\Drivers\afowexz8.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
U4 eabfiltr; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 22:41 - 2015-01-22 22:41 - 00000000 ____D () C:\Users\Administrator\Documents\FRST-OlderVersion
2015-01-22 21:01 - 2014-10-09 14:32 - 00067800 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2015-01-22 21:00 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-01-22 20:57 - 2015-01-22 20:57 - 02347384 _____ (ESET) C:\Users\Administrator\Documents\esetsmartinstaller_enu.exe
2015-01-22 20:57 - 2015-01-22 20:57 - 00000000 ____D () C:\Program Files\ESET
2015-01-22 20:06 - 2015-01-22 20:07 - 02186752 _____ () C:\Users\Administrator\Documents\adwcleaner_4.108.exe
2015-01-22 20:04 - 2015-01-22 20:04 - 00000960 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-01-21 17:51 - 2015-01-21 17:51 - 00000000 ____D () C:\Windows\system32\McAfee File Lock
2015-01-21 12:10 - 2015-01-21 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-21 12:10 - 2015-01-21 12:10 - 00000000 ____D () C:\Program Files\ERUNT
2015-01-19 23:45 - 2015-01-19 23:46 - 00000000 ____D () C:\Users\Administrator\Desktop\Samples
2015-01-19 19:11 - 2015-01-19 19:11 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch - Convertitore di file audio.lnk
2015-01-19 19:06 - 2015-01-19 19:06 - 00071184 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 12:40 - 2015-01-17 12:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Documents\rkill.exe
2015-01-17 12:10 - 2015-01-17 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 12:09 - 2015-01-17 12:40 - 00000000 ____D () C:\Users\Administrator\Documents\mbar
2015-01-17 11:23 - 2015-01-17 11:25 - 00028477 _____ () C:\Users\Administrator\Documents\Result.txt
2015-01-17 11:23 - 2015-01-17 11:23 - 00401920 _____ (Farbar) C:\Users\Administrator\Documents\MiniToolBox.exe
2015-01-17 11:22 - 2015-01-17 11:22 - 00415232 _____ (Farbar) C:\Users\Administrator\Documents\FSS.exe
2015-01-17 11:22 - 2015-01-17 11:22 - 00002361 _____ () C:\Users\Administrator\Documents\FSS.txt
2015-01-17 11:10 - 2015-01-17 11:11 - 00852504 _____ () C:\Users\Administrator\Documents\SecurityCheck.exe
2015-01-15 10:00 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 02:01 - 2015-01-22 22:32 - 00060694 _____ () C:\Windows\PFRO.log
2015-01-15 01:53 - 2015-01-22 22:32 - 00000831 _____ () C:\Windows\setupact.log
2015-01-15 01:53 - 2015-01-15 01:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 01:49 - 2015-01-15 01:50 - 00317160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 00:23 - 2015-01-22 22:42 - 00018831 _____ () C:\Users\Administrator\Documents\FRST.txt
2015-01-15 00:19 - 2015-01-22 22:41 - 01118208 _____ (Farbar) C:\Users\Administrator\Documents\FRST.exe
2015-01-14 06:51 - 2015-01-14 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-14 06:50 - 2015-01-22 22:32 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 06:50 - 2015-01-14 06:56 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 06:19 - 2015-01-14 06:19 - 00000000 ____D () C:\Users\Administrator\Desktop\SH201_Win7drv_32
2015-01-14 05:41 - 2015-01-19 23:39 - 00000000 ____D () C:\Program Files\NCH Software
2015-01-14 05:41 - 2015-01-19 19:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NCH Software
2015-01-14 05:41 - 2015-01-19 19:11 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-14 05:41 - 2015-01-14 05:41 - 00001086 _____ () C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2015-01-14 05:41 - 2015-01-14 05:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmi audio correlati
2015-01-14 05:41 - 2015-01-14 05:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-14 05:27 - 2015-01-14 05:27 - 00000000 ____D () C:\Users\Administrator\Documents\Autoruns
2015-01-14 05:08 - 2015-01-14 05:08 - 00000000 ____D () C:\Users\Administrator\Documents\RemoveWAT.2.2.7.0 softwarespro.com
2015-01-14 04:42 - 2015-01-22 22:32 - 00001368 _____ () C:\Windows\Tasks\BKRXT.job
2015-01-14 04:40 - 2015-01-14 04:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2015-01-14 04:39 - 2015-01-14 04:44 - 00000000 ____D () C:\Program Files\Opera
2015-01-14 04:39 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:30 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 04:30 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:28 - 2015-01-14 04:28 - 00001259 _____ () C:\Users\Administrator\Documents\JRT.txt
2015-01-14 04:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:18 - 2015-01-14 04:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 04:08 - 2015-01-14 04:09 - 01707939 _____ (Thisisu) C:\Users\Administrator\Documents\JRT.exe
2015-01-14 03:59 - 2015-01-14 03:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-14 03:57 - 2015-01-14 03:57 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Documents\tdsskiller.exe
2015-01-14 03:55 - 2015-01-22 20:12 - 00000000 ____D () C:\AdwCleaner
2015-01-14 01:52 - 2015-01-22 22:41 - 00000000 ____D () C:\FRST
2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\Program Files\Common Files\VST3
2015-01-13 19:19 - 2015-01-13 19:19 - 00034393 _____ () C:\ComboFix.txt
2015-01-13 18:40 - 2015-01-21 12:11 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 18:40 - 2015-01-13 19:19 - 00000000 ____D () C:\Qoobox
2015-01-11 21:47 - 2015-01-13 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-08 15:07 - 2015-01-08 15:07 - 00000000 _____ () C:\Windows\system32\debug.log
2015-01-08 13:42 - 2015-01-14 03:21 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-08 13:15 - 2015-01-08 13:15 - 00000000 ___DC () C:\ProgramData\{957E0013-BE0F-48C1-BF3F-B4B6CC7B6D3B}
2015-01-08 12:50 - 2015-01-08 12:50 - 00000000 __HDC () C:\ProgramData\{8248E23A-B811-474B-951C-5AD780E7F743}
2015-01-07 22:44 - 2015-01-14 05:41 - 00001098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2015-01-07 22:44 - 2015-01-07 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-07 22:44 - 2015-01-07 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmi audio correlati
2015-01-07 01:27 - 2015-01-07 01:28 - 00000000 ____D () C:\Users\Administrator\Documents\AirDroid
2015-01-06 01:18 - 2015-01-06 01:19 - 00000000 ____D () C:\Users\Administrator\Desktop\Tor Browser_
2015-01-05 23:44 - 2015-01-19 18:46 - 00000000 ____D () C:\Users\Administrator\Desktop\BLACK LITHIUM
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 22:36 - 2014-05-26 02:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 22:36 - 2014-04-17 21:38 - 01678187 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 22:34 - 2014-03-15 20:20 - 00000000 __RSD () C:\Users\Administrator\Documents\Archivi protetti McAfee
2015-01-22 22:32 - 2014-03-15 20:16 - 00000000 ____D () C:\Program Files\McAfee
2015-01-22 22:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 21:50 - 2014-03-17 17:14 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 21:00 - 2014-03-15 20:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-21 17:56 - 2009-07-14 05:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 17:56 - 2009-07-14 05:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:36 - 2014-03-17 22:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
2015-01-20 00:04 - 2014-04-29 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity
2015-01-19 21:07 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
2015-01-19 20:10 - 2014-09-20 01:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Progetti FL
2015-01-19 19:56 - 2014-03-18 14:15 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2015-01-19 19:54 - 2014-03-18 14:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2015-01-19 19:06 - 2014-11-02 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-01-19 18:47 - 2014-03-18 14:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-17 12:10 - 2014-05-26 02:00 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 19:11 - 2014-03-17 17:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2015-01-15 12:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-15 01:36 - 2014-03-18 02:18 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-14 07:12 - 2014-03-21 02:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 07:06 - 2014-03-21 02:30 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 06:51 - 2014-03-15 11:50 - 00000000 ____D () C:\Program Files\Google
2015-01-14 05:19 - 2014-03-18 15:06 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-01-14 05:19 - 2014-03-18 15:04 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-01-14 05:19 - 2014-03-18 15:04 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-01-14 04:52 - 2014-06-17 18:10 - 00000000 ____D () C:\Program Files\Adobe
2015-01-14 04:49 - 2014-03-17 17:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 04:49 - 2014-03-17 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 04:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-14 04:05 - 2014-10-05 16:35 - 00000000 ____D () C:\Program Files\Yahoo!
2015-01-14 04:03 - 2014-03-17 21:58 - 00000000 ____D () C:\Program Files\VstPlugIns
2015-01-14 03:47 - 2014-03-15 11:40 - 01658888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 03:47 - 2009-07-14 09:21 - 00740896 _____ () C:\Windows\system32\perfh010.dat
2015-01-14 03:47 - 2009-07-14 09:21 - 00146918 _____ () C:\Windows\system32\perfc010.dat
2015-01-14 03:20 - 2014-03-15 11:39 - 00000000 ____D () C:\Users\Administrator
2015-01-14 03:18 - 2014-12-09 18:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 03:18 - 2014-05-26 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 03:18 - 2014-05-26 02:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-14 03:18 - 2014-03-15 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-14 03:16 - 2014-10-17 00:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2015-01-14 03:16 - 2014-07-28 21:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Samsung
2015-01-08 15:07 - 2014-03-17 16:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-08 09:55 - 2014-03-15 11:55 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 22:34 - 2014-09-20 01:45 - 00000000 ____D () C:\Users\Administrator\Desktop\Guitar Pro
 
==================== Files in the root of some directories =======
2014-11-20 00:49 - 2014-11-08 19:45 - 0000226 _____ () C:\Program Files\update-FM2015.bat
2014-11-20 00:49 - 2013-11-06 12:28 - 0000732 _____ () C:\Program Files\visit-www.nosteam.ro.html
2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-10-07 18:51 - 2014-10-07 18:51 - 0009655 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-11-28 17:54 - 2014-11-28 17:54 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{81945724-4E05-4C64-A297-DD88E033E7DA}
2014-03-17 15:04 - 2014-10-17 00:50 - 0020690 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-03-15 12:25
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Administrator at 2015-01-22 22:43:00
Running from C:\Users\Administrator\Documents
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Antivirus e antispyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Antivirus e antispyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
B110 (Version: 140.0.142.000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
FMRTE 15.1.3.6 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.1.3.6 - FMRTE)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Guitar Pro 6 (HKLM\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hercules Classic Silver (HKLM\...\{8678BD65-D66E-48BB-8531-91D0EF8998A1}) (Version: 3.2.2.1 - Hercules)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KORG USB-MIDI Driver Tools for Windows (HKLM\...\{B9AFA8A2-E972-48D2-A30B-B26302B3CE6A}) (Version: 1.14.0401 - Korg Inc.)
KORG X50 Editor (HKLM\...\{FC41140A-22CA-4309-B806-F70B0CA31A17}) (Version: 1.0.5 - KORG Inc.)
KORG X50 Plug-In Editor RTAS (HKLM\...\{B7876739-CC64-417F-A5C9-B997003259E1}) (Version: 1.0.5 - KORG Inc.)
KORG X50 Plug-In Editor VST (HKLM\...\{0BBE28FE-227A-4D34-A069-0EE3AC622850}) (Version: 1.0.5 - KORG Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LibreOffice 4.2.2.1 (HKLM\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Total Protection (HKLM\...\MSC) (Version: 14.0.207 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 it) (HKLM\...\Mozilla Firefox 34.0.5 (x86 it)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\MyFreeCodec) (Version:  - )
Native Instruments FM8 (HKLM\...\Native Instruments FM8) (Version:  - )
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Pokémon Trading Card Game Online (HKLM\...\{A05F805F-6986-47CB-9563-CE7B60649FF4}) (Version: 1.0.0 - The Pokémon Company International)
PS_AIO_07_B110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Raccolta foto (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Switch - Convertitore di file audio (HKLM\...\Switch) (Version: 4.56 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.63 - NCH Software)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM\...\{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}) (Version: 1.3.1403.1202 - SplitMediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-01-2015 19:40:32 Installed Antares Auto-Tune Live VST (32-bit).
14-01-2015 04:57:47 Revo Uninstaller's restore point - YTDownloader
14-01-2015 06:19:52 Installazione pacchetto driver di dispositivo: Roland Controller audio, video e giochi
14-01-2015 06:25:32 Revo Uninstaller's restore point - 7-Zip 9.20
14-01-2015 06:30:27 Revo Uninstaller's restore point - Ableton Live 9 Trial
14-01-2015 06:31:39 Removed Ableton Live 9 Trial
14-01-2015 06:44:40 Revo Uninstaller's restore point - Google Chrome
14-01-2015 07:05:19 Windows Update
16-01-2015 15:19:56 Windows Update
20-01-2015 19:52:42 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2015-01-14 03:21 - 00001500 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
89.163.213.175 www.google-analytics.com.
89.163.213.175 google-analytics.com.
89.163.213.175 connect.facebook.net.
85.25.79.92 www.google-analytics.com.
85.25.79.92 google-analytics.com.
85.25.79.92 connect.facebook.net.
95.141.32.66 www.google-analytics.com.
95.141.32.66 google-analytics.com.
95.141.32.66 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {20D56E42-815B-4B17-8603-35F54BDE9FA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {248DEF31-2EC9-4BEC-9836-F135A7C9815D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {29FCC687-7445-4186-B2BD-D828C1D52473} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2CBCDA52-BD3C-4146-80E6-679BB8FCF464} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {454E49B4-80AA-48B4-80D3-5E14323FD536} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500UA => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17] (Facebook Inc.)
Task: {7DA86F38-FE1D-4605-AEA4-63D5A0952D1A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500Core => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17] (Facebook Inc.)
Task: {AC91BC61-1DAD-4DCC-AC46-D9F99CA1083F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {AE73DA07-6D6A-49EE-BE4E-0755A48AB958} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BCF27025-BD7C-446B-A09C-7BBD62D8BD62} - System32\Tasks\NCH Software\WavePadSevenDays => C:\Program Files\NCH Software\WavePad\WavePad.exe [2013-12-04] (NCH Software)
Task: {EEAE447B-794F-4C74-A9A4-64119518C0E7} - System32\Tasks\BKRXT => C:\Users\Administrator\AppData\Roaming\BKRXT.exe <==== ATTENTION
Task: {F20CE41C-B9E9-4C2B-9161-01FAE40C90E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BKRXT.job => C:\Users\Administrator\AppData\Roaming\BKRXT.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500Core.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500UA.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-14 06:51 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 06:51 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: KORG USB-MIDI Driver => C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: YTZPack => C:\Users\Administrator\AppData\Local\YTZPack\tmpFFE3.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4025110536-2093787427-2300085386-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4025110536-2093787427-2300085386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4025110536-2093787427-2300085386-1001 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/22/2015 10:33:48 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905
 
Error: (01/22/2015 10:33:48 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905
 
Error: (01/22/2015 10:32:28 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Attivazione della licenza di Windows non riuscita. Errore: 0x80070005.
 
Error: (01/22/2015 10:31:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma chrome.exe versione 39.0.2171.99 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: ed8
 
Ora di avvio: 01d0368a959d8aa6
 
Ora di chiusura: 36508
 
Percorso applicazione: C:\Program Files\Google\Chrome\Application\chrome.exe
 
ID segnalazione: e18ff5cc-a27d-11e4-8841-0024813aed5c
 
Error: (01/22/2015 10:14:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma chrome.exe versione 39.0.2171.99 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 17d8
 
Ora di avvio: 01d036883cb14a85
 
Ora di chiusura: 19438
 
Percorso applicazione: C:\Program Files\Google\Chrome\Application\chrome.exe
 
ID segnalazione: 93b91df2-a27b-11e4-8841-0024813aed5c
 
Error: (01/22/2015 10:12:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma chrome.exe versione 39.0.2171.99 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: cd8
 
Ora di avvio: 01d036778e6ca9bf
 
Ora di chiusura: 31454
 
Percorso applicazione: C:\Program Files\Google\Chrome\Application\chrome.exe
 
ID segnalazione: 48a4d55b-a27b-11e4-8841-0024813aed5c
 
Error: (01/22/2015 09:00:27 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905
 
Error: (01/22/2015 09:00:27 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905
 
Error: (01/22/2015 08:59:42 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905
 
Error: (01/22/2015 08:59:42 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905
 
 
System errors:
=============
Error: (01/22/2015 10:32:30 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Servizio Utilità di pianificazione: impossibile caricare le attività all'avvio del servizio. Dati aggiuntivi: valore errore: 2147549183.
 
Error: (01/22/2015 10:31:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio McNaiAnn.
 
Error: (01/22/2015 08:59:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio McAfee Proxy Service non è stato avviato per il seguente errore: 
%%1053
 
Error: (01/22/2015 08:59:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio McAfee Proxy Service.
 
Error: (01/22/2015 08:59:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio McAfee Personal Firewall Service non è stato avviato per il seguente errore: 
%%1053
 
Error: (01/22/2015 08:59:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio McAfee Personal Firewall Service.
 
Error: (01/22/2015 08:55:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio McAfee Platform Services non è stato avviato per il seguente errore: 
%%1053
 
Error: (01/22/2015 08:55:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio McAfee Platform Services.
 
Error: (01/22/2015 08:55:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio McAfee Platform Services non è stato avviato per il seguente errore: 
%%1053
 
Error: (01/22/2015 08:55:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio McAfee Platform Services.
 
 
Microsoft Office Sessions:
=========================
Error: (01/22/2015 10:33:48 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905
 
Error: (01/22/2015 10:33:48 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905
 
Error: (01/22/2015 10:32:28 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/22/2015 10:31:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.99ed801d0368a959d8aa636508C:\Program Files\Google\Chrome\Application\chrome.exee18ff5cc-a27d-11e4-8841-0024813aed5c
 
Error: (01/22/2015 10:14:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.9917d801d036883cb14a8519438C:\Program Files\Google\Chrome\Application\chrome.exe93b91df2-a27b-11e4-8841-0024813aed5c
 
Error: (01/22/2015 10:12:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.99cd801d036778e6ca9bf31454C:\Program Files\Google\Chrome\Application\chrome.exe48a4d55b-a27b-11e4-8841-0024813aed5c
 
Error: (01/22/2015 09:00:27 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905
 
Error: (01/22/2015 09:00:27 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905
 
Error: (01/22/2015 08:59:42 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905
 
Error: (01/22/2015 08:59:42 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 550 @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 2039.3 MB
Available physical RAM: 960.46 MB
Total Pagefile: 4078.61 MB
Available Pagefile: 2920.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:94.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: CB64FC8A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Sorry for the triple post.

McAfee kept giving problems apparently due to a corrupted update so I completely uninstalled it and switched to a free alternative (Avira) since my licence would run out shortly anyway.
While purging McAfee I also ran a CCcleaner scan and the licensing related issued that had popped up shortly before disappeared as well.
However, I'm still getting randomly redirected while browsing with Chrome, albeit a lot less frequently and I see both FRST and ESET detected some problems I hope we can solve together.

Link to post
Share on other sites

  • Root Admin

Please click on START and type in MSCONFIG and set it to NORMAL and restart the computer.

 

Please read the following article cocerning the use of MSCONFIG
Msconfig Is Not A Startup Manager
 

 

 

Please temporarily disable your antivirus and run the following.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.



 

Link to post
Share on other sites

I ran ComboFix but got the "illegal operation has been attempted on a registry key that has been marked for deletion" error message while it was producing the log. It got stuck for quite a long time and so I rebooted as you suggested but it seems it didn't produce a log file. 

 

What should I do?

Link to post
Share on other sites

Apparently something went wrong since after a following reboot the computer was showing a bunch of errors.

I restored ComboFix's registry backup and all seemed to go well.

I then attempted to run the program again (Hope I did nothing wrong) but it's been stuck on 'Preparing log report' since almost a hour.

Link to post
Share on other sites

Sorry, it eventually came up with a log file. Here it is.

 

ComboFix 15-01-22.02 - Administrator 24/01/2015  16:38:24.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.2039.917 [GMT 1:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ADMINI~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Administrator\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
.
---- Esecuzione precedente -------
.
c:\users\ADMINI~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Administrator\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-12-24 al 2015-01-24  )))))))))))))))))))))))))))))))))))
.
.
2015-01-24 15:50 . 2015-01-24 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-24 15:29 . 2015-01-24 15:29 -------- d-----w- C:\Device
2015-01-23 01:40 . 2015-01-23 01:40 -------- d-----w- c:\program files\freac
2015-01-22 23:23 . 2015-01-22 23:20 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-01-22 23:23 . 2015-01-22 23:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2015-01-22 23:17 . 2014-11-24 09:23 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-01-22 23:17 . 2014-11-24 09:23 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-01-22 23:17 . 2014-11-24 09:23 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-01-22 23:14 . 2015-01-22 23:17 -------- d-----w- c:\programdata\Avira
2015-01-22 23:14 . 2015-01-22 23:17 -------- d-----w- c:\program files\Avira
2015-01-22 23:13 . 2015-01-22 23:13 -------- d-----w- c:\programdata\Package Cache
2015-01-22 19:57 . 2015-01-22 19:57 -------- d-----w- c:\program files\ESET
2015-01-21 17:02 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F7D2658-FD82-46E8-9559-0DEB41D587BE}\mpengine.dll
2015-01-21 16:51 . 2015-01-21 16:51 -------- d-----w- c:\windows\system32\McAfee File Lock
2015-01-21 11:10 . 2015-01-21 11:10 -------- d-----w- c:\program files\ERUNT
2015-01-17 11:10 . 2015-01-17 11:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-15 09:00 . 2014-12-11 17:47 74240 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 03:40 . 2015-01-14 03:43 -------- d-----w- c:\users\Administrator\AppData\Local\Opera Software
2015-01-14 03:39 . 2015-01-14 03:44 -------- d-----w- c:\program files\Opera
2015-01-14 03:39 . 2014-12-19 01:34 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 03:30 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-01-14 03:30 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 03:27 . 2014-12-06 03:50 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 03:27 . 2014-12-19 02:43 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 03:18 . 2015-01-14 03:18 -------- d-----w- c:\windows\ERUNT
2015-01-14 02:59 . 2015-01-14 02:59 -------- d-----w- c:\program files\VS Revo Group
2015-01-14 02:55 . 2015-01-23 01:03 -------- d-----w- C:\AdwCleaner
2015-01-14 00:52 . 2015-01-23 01:36 -------- d-----w- C:\FRST
2015-01-13 18:42 . 2015-01-13 18:42 -------- d-----w- c:\program files\Common Files\VST3
2015-01-12 10:55 . 2015-01-12 10:55 649064 ----a-w- c:\program files\Common Files\System\SysMenu.dll
2015-01-08 12:15 . 2015-01-08 12:15 -------- dc----w- c:\programdata\{957E0013-BE0F-48C1-BF3F-B4B6CC7B6D3B}
2015-01-08 11:50 . 2015-01-08 11:50 -------- dc-h--w- c:\programdata\{8248E23A-B811-474B-951C-5AD780E7F743}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-23 02:49 . 2014-03-17 16:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 02:49 . 2014-03-17 16:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-22 21:36 . 2014-05-26 01:01 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-17 11:10 . 2014-05-26 01:00 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-14 04:19 . 2014-03-18 14:04 13824 ----a-w- c:\windows\system32\slwga.dll
2015-01-14 04:19 . 2014-03-18 14:04 409088 ----a-w- c:\windows\system32\systemcpl.dll
2015-01-14 04:19 . 2014-03-18 14:06 811520 ----a-w- c:\windows\system32\user32.dll
2015-01-08 08:55 . 2014-03-15 10:55 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 03:33 . 2014-12-22 15:10 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-05 16:21 . 2014-09-19 02:16 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-22 02:20 . 2014-12-11 19:25 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-11 19:25 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-11 19:25 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-11 19:25 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-11 19:25 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 19:25 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-11 19:25 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-11 19:25 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-11 19:25 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-11 19:25 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 19:25 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-11 19:25 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 19:25 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-11 19:25 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-11 02:44 . 2014-12-11 19:25 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 12:52 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 12:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-11 19:25 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45 . 2014-12-11 19:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-30 01:45 . 2014-12-11 19:23 155136 ----a-w- c:\windows\system32\charmap.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16 131480 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-09 1676344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
"KORG USB-MIDI Driver"="c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2012-10-05 393656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-19 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUMDD.DRV
"midi6"=KORGUMDD.DRV
"midi7"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-12-31 178424]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 99968]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUMDS.SYS [2012-10-05 24096]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2014-01-23 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2014-01-23 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2014-01-23 153672]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2014-01-23 130248]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-20 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-11-24 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-11-24 431920]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-14 05:51 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17 02:49]
.
2014-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500Core.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17 15:28]
.
2014-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500UA.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17 15:28]
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-14 05:50]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-14 05:50]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{185D6893-1CAF-46F8-BFDE-C72C1826032D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{9CCDCD79-E7A2-46BC-9C96-ABB23FCD2990}: NameServer = 8.8.8.8,8.8.4.4,8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2brwy1ri.default\
FF - prefs.js: network.proxy.ftp - 118.97.95.182
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 118.97.95.182
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 118.97.95.182
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 118.97.95.182
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,71,61,21,50,73,3e,41,8a,08,28,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,71,61,21,50,73,3e,41,8a,08,28,\
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aif"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NCH.WavePad.wpp"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Ora fine scansione: 2015-01-24  17:40:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2015-01-24 16:40
ComboFix2.txt  2015-01-13 18:19
.
Pre-Run: 95.677.480.960 byte disponibili
Post-Run: 95.355.879.424 byte disponibili
.
- - End Of File - - 181E6E501D2E673F2BA7616C922EC7EA
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

  • Root Admin

You have many proxy settings in your Firefox browser. Did you set those on purpose? If not then they should be removed.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

I didn't set the proxy settings myself. I reset FF to its original settings to clean them up.

Here are the logs:

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by Administrator on 26/01/2015 at 22:15:22,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/01/2015 at 22:18:34,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADWCleaner
 
# AdwCleaner v4.109 - Rapporto creato 26/01/2015 in 22:25:35
# Aggiornato 24/01/2015 di Xplode
# Database : 2015-01-25.1 [Live]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nome utente : Administrator - ADMINISTRATOR
# In esecuzione da : C:\Users\Administrator\Documents\adwcleaner_4.109.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
[x] Non Eliminato : C:\Device
 
***** [ Compiti ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 it)
 
 
-\\ Google Chrome v39.0.2171.99
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [4485 octets] - [14/01/2015 03:55:45]
AdwCleaner[R1].txt - [8641 octets] - [14/01/2015 05:07:51]
AdwCleaner[R2].txt - [2344 octets] - [15/01/2015 01:56:45]
AdwCleaner[R3].txt - [1454 octets] - [22/01/2015 20:07:28]
AdwCleaner[R4].txt - [1444 octets] - [23/01/2015 01:54:24]
AdwCleaner[R5].txt - [1644 octets] - [23/01/2015 02:00:13]
AdwCleaner[R6].txt - [1594 octets] - [26/01/2015 22:20:47]
AdwCleaner[s0].txt - [4564 octets] - [14/01/2015 04:13:41]
AdwCleaner[s1].txt - [8899 octets] - [14/01/2015 05:14:43]
AdwCleaner[s2].txt - [2759 octets] - [15/01/2015 02:00:43]
AdwCleaner[s3].txt - [1519 octets] - [22/01/2015 20:12:23]
AdwCleaner[s4].txt - [1506 octets] - [23/01/2015 01:57:08]
AdwCleaner[s5].txt - [1858 octets] - [23/01/2015 02:03:00]
AdwCleaner[s6].txt - [1513 octets] - [26/01/2015 22:25:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [1573 octets] ##########
 
 
MBAM
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/01/2015
Scan Time: 22:30:47
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.26.07
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327954
Time Elapsed: 49 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET
 
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application
 
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Administrator (administrator) on ADMINISTRATOR on 27-01-2015 00:41:40
Running from C:\Users\Administrator\Documents
Loaded Profiles: Administrator &  (Available profiles: Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(KORG Inc.) C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KORG USB-MIDI Driver] => C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [393656 2012-10-05] (KORG Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-19] (Microsoft Corporation)
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Run: [spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{185D6893-1CAF-46F8-BFDE-C72C1826032D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9CCDCD79-E7A2-46BC-9C96-ABB23FCD2990}: [NameServer] 8.8.8.8,8.8.4.4,8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sr19if0e.default-1422306751362
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-17]
FF HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.pokemon-cp.it/", "hxxp://www.facebook.com/", "hxxp://start.peppermintos.com/", "hxxp://home.torchbrowser.com/?systemid=448&appid=91&ua=Torch"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentazioni Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Documenti Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Ricerca Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Mailto: for Gmail™) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2015-01-14]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-01-14]
CHR Extension: (Fogli Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Sicurezza browser Avira) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-23]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-14]
CHR Extension: (Google Avvisi email) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-14]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-01-14]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24096 2012-10-05] (KORG INC.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10371072 2007-07-17] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-03-17] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
U3 aazt94au; C:\Windows\system32\Drivers\aazt94au.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
U4 eabfiltr; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 00:41 - 2015-01-27 00:41 - 00000000 ____D () C:\Users\Administrator\Documents\FRST-OlderVersion
2015-01-27 00:40 - 2015-01-27 00:40 - 00000115 _____ () C:\Users\Administrator\Documents\ESET.txt
2015-01-26 22:18 - 2015-01-26 22:18 - 00000629 _____ () C:\Users\Administrator\Documents\JRT.txt
2015-01-25 13:19 - 2015-01-23 00:18 - 00001964 _____ () C:\Users\Administrator\Desktop\Avira.lnk
2015-01-25 13:13 - 2015-01-25 15:58 - 00000000 ____D () C:\Users\Administrator\Desktop\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM
2015-01-24 21:00 - 2015-01-24 21:00 - 02194432 _____ () C:\Users\Administrator\Documents\adwcleaner_4.109.exe
2015-01-24 17:40 - 2015-01-24 17:40 - 00032570 _____ () C:\ComboFix.txt
2015-01-24 16:29 - 2015-01-24 16:29 - 00000000 ____D () C:\Device
2015-01-24 16:29 - 2015-01-24 16:16 - 42205184 _____ () C:\Windows\system32\config\COMPON~2.bak
2015-01-24 15:44 - 2015-01-26 22:26 - 00001418 _____ () C:\Windows\PFRO.log
2015-01-24 15:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-24 15:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-24 15:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-24 15:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-24 15:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-24 15:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-24 15:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-24 15:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-24 15:22 - 2015-01-24 15:22 - 05609462 ____R (Swearware) C:\Users\Administrator\Documents\ComboFix.exe
2015-01-23 03:42 - 2015-01-23 03:42 - 00002726 _____ () C:\Windows\system32\.crusader
2015-01-23 02:40 - 2015-01-23 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2015-01-23 02:40 - 2015-01-23 02:40 - 00000000 ____D () C:\Program Files\freac
2015-01-23 02:12 - 2015-01-23 02:12 - 00071184 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-23 02:11 - 2015-01-26 22:26 - 00000840 _____ () C:\Windows\setupact.log
2015-01-23 02:11 - 2015-01-23 02:11 - 00317160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-23 02:11 - 2015-01-23 02:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 02:07 - 2015-01-26 23:55 - 00258835 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 00:23 - 2015-01-23 00:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2015-01-23 00:23 - 2015-01-23 00:20 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-23 00:17 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-23 00:17 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-23 00:17 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-23 00:17 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-01-23 00:14 - 2015-01-23 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-23 00:14 - 2015-01-23 00:17 - 00000000 ____D () C:\ProgramData\Avira
2015-01-23 00:14 - 2015-01-23 00:17 - 00000000 ____D () C:\Program Files\Avira
2015-01-23 00:13 - 2015-01-23 00:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 22:43 - 2015-01-22 22:43 - 00031376 _____ () C:\Users\Administrator\Documents\Addition.txt
2015-01-22 20:57 - 2015-01-22 20:57 - 02347384 _____ (ESET) C:\Users\Administrator\Documents\esetsmartinstaller_enu.exe
2015-01-22 20:57 - 2015-01-22 20:57 - 00000000 ____D () C:\Program Files\ESET
2015-01-21 17:51 - 2015-01-21 17:51 - 00000000 ____D () C:\Windows\system32\McAfee File Lock
2015-01-21 12:10 - 2015-01-21 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-21 12:10 - 2015-01-21 12:10 - 00000000 ____D () C:\Program Files\ERUNT
2015-01-19 23:45 - 2015-01-26 22:07 - 00000000 ____D () C:\Users\Administrator\Desktop\Samples
2015-01-17 12:40 - 2015-01-17 12:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Documents\rkill.exe
2015-01-17 12:10 - 2015-01-17 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 12:09 - 2015-01-17 12:40 - 00000000 ____D () C:\Users\Administrator\Documents\mbar
2015-01-17 11:23 - 2015-01-17 11:25 - 00028477 _____ () C:\Users\Administrator\Documents\Result.txt
2015-01-17 11:23 - 2015-01-17 11:23 - 00401920 _____ (Farbar) C:\Users\Administrator\Documents\MiniToolBox.exe
2015-01-17 11:22 - 2015-01-17 11:22 - 00415232 _____ (Farbar) C:\Users\Administrator\Documents\FSS.exe
2015-01-17 11:22 - 2015-01-17 11:22 - 00002361 _____ () C:\Users\Administrator\Documents\FSS.txt
2015-01-17 11:10 - 2015-01-17 11:11 - 00852504 _____ () C:\Users\Administrator\Documents\SecurityCheck.exe
2015-01-15 10:00 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 00:23 - 2015-01-27 00:42 - 00016431 _____ () C:\Users\Administrator\Documents\FRST.txt
2015-01-15 00:19 - 2015-01-27 00:41 - 01120768 _____ (Farbar) C:\Users\Administrator\Documents\FRST.exe
2015-01-14 06:51 - 2015-01-14 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-14 06:50 - 2015-01-26 22:27 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 06:50 - 2015-01-14 06:56 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 06:19 - 2015-01-14 06:19 - 00000000 ____D () C:\Users\Administrator\Desktop\SH201_Win7drv_32
2015-01-14 05:27 - 2015-01-14 05:27 - 00000000 ____D () C:\Users\Administrator\Documents\Autoruns
2015-01-14 04:39 - 2015-01-14 04:44 - 00000000 ____D () C:\Program Files\Opera
2015-01-14 04:39 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:30 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 04:30 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:18 - 2015-01-14 04:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 04:08 - 2015-01-14 04:09 - 01707939 _____ (Thisisu) C:\Users\Administrator\Documents\JRT.exe
2015-01-14 03:59 - 2015-01-14 03:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-14 03:57 - 2015-01-14 03:57 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Documents\tdsskiller.exe
2015-01-14 03:55 - 2015-01-26 22:25 - 00000000 ____D () C:\AdwCleaner
2015-01-14 01:52 - 2015-01-27 00:41 - 00000000 ____D () C:\FRST
2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\Program Files\Common Files\VST3
2015-01-13 18:40 - 2015-01-24 17:40 - 00000000 ____D () C:\Qoobox
2015-01-13 18:40 - 2015-01-24 16:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-11 21:47 - 2015-01-13 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-08 15:07 - 2015-01-08 15:07 - 00000000 _____ () C:\Windows\system32\debug.log
2015-01-08 13:42 - 2015-01-23 03:47 - 00000850 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-08 13:15 - 2015-01-08 13:15 - 00000000 ___DC () C:\ProgramData\{957E0013-BE0F-48C1-BF3F-B4B6CC7B6D3B}
2015-01-08 12:50 - 2015-01-08 12:50 - 00000000 __HDC () C:\ProgramData\{8248E23A-B811-474B-951C-5AD780E7F743}
2015-01-06 01:18 - 2015-01-06 01:19 - 00000000 ____D () C:\Users\Administrator\Desktop\Tor Browser_
2015-01-05 23:44 - 2015-01-19 18:46 - 00000000 ____D () C:\Users\Administrator\Desktop\BLACK LITHIUM
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 23:49 - 2014-03-17 17:14 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 23:44 - 2014-03-17 22:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
2015-01-26 22:39 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
2015-01-26 22:30 - 2014-05-26 02:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 22:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 22:08 - 2014-04-29 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity
2015-01-25 20:24 - 2014-09-20 01:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Progetti FL
2015-01-25 16:00 - 2014-03-17 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-01-25 14:49 - 2014-03-17 17:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 14:49 - 2014-03-17 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 21:00 - 2014-07-19 16:43 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2015-01-24 20:32 - 2014-03-17 23:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2015-01-24 16:52 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-24 16:30 - 2014-03-15 11:39 - 06291456 ___SH () C:\Users\Administrator\ntuser.bak
2015-01-24 16:30 - 2009-07-14 03:03 - 56098816 _____ () C:\Windows\system32\config\software.bak
2015-01-24 16:30 - 2009-07-14 03:03 - 21233664 _____ () C:\Windows\system32\config\system.bak
2015-01-24 16:30 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-01-24 16:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-24 16:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-24 16:29 - 2014-03-15 11:39 - 00000000 ____D () C:\Users\Administrator
2015-01-24 15:31 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-24 13:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-22 23:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\config\Journal
2015-01-21 17:56 - 2009-07-14 05:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 17:56 - 2009-07-14 05:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 19:56 - 2014-03-18 14:15 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2015-01-19 19:54 - 2014-03-18 14:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2015-01-19 19:06 - 2014-11-02 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-01-19 18:47 - 2014-03-18 14:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-17 12:10 - 2014-05-26 02:00 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 19:11 - 2014-03-17 17:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2015-01-15 01:36 - 2014-03-18 02:18 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-14 07:12 - 2014-03-21 02:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 07:06 - 2014-03-21 02:30 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 06:51 - 2014-03-15 11:50 - 00000000 ____D () C:\Program Files\Google
2015-01-14 05:19 - 2014-03-18 15:06 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-01-14 05:19 - 2014-03-18 15:04 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-01-14 05:19 - 2014-03-18 15:04 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-01-14 04:52 - 2014-06-17 18:10 - 00000000 ____D () C:\Program Files\Adobe
2015-01-14 04:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-14 04:05 - 2014-10-05 16:35 - 00000000 ____D () C:\Program Files\Yahoo!
2015-01-14 04:03 - 2014-03-17 21:58 - 00000000 ____D () C:\Program Files\VstPlugIns
2015-01-14 03:47 - 2014-03-15 11:40 - 01658888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 03:47 - 2009-07-14 09:21 - 00740896 _____ () C:\Windows\system32\perfh010.dat
2015-01-14 03:47 - 2009-07-14 09:21 - 00146918 _____ () C:\Windows\system32\perfc010.dat
2015-01-14 03:18 - 2014-12-09 18:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 03:18 - 2014-05-26 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 03:18 - 2014-05-26 02:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-14 03:16 - 2014-10-17 00:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2015-01-14 03:16 - 2014-07-28 21:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Samsung
2015-01-08 15:07 - 2014-03-17 16:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-08 09:55 - 2014-03-15 11:55 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 22:34 - 2014-09-20 01:45 - 00000000 ____D () C:\Users\Administrator\Desktop\Guitar Pro
 
==================== Files in the root of some directories =======
 
2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-10-07 18:51 - 2014-10-07 18:51 - 0009655 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-11-28 17:54 - 2014-11-28 17:54 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{81945724-4E05-4C64-A297-DD88E033E7DA}
2014-03-17 15:04 - 2014-10-17 00:50 - 0020690 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\avgnt.exe
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-03-15 12:25
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Administrator at 2015-01-27 00:43:21
Running from C:\Users\Administrator\Documents
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
B110 (Version: 140.0.142.000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Guitar Pro 6 (HKLM\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hercules Classic Silver (HKLM\...\{8678BD65-D66E-48BB-8531-91D0EF8998A1}) (Version: 3.2.2.1 - Hercules)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KORG USB-MIDI Driver Tools for Windows (HKLM\...\{B9AFA8A2-E972-48D2-A30B-B26302B3CE6A}) (Version: 1.14.0401 - Korg Inc.)
KORG X50 Editor (HKLM\...\{FC41140A-22CA-4309-B806-F70B0CA31A17}) (Version: 1.0.5 - KORG Inc.)
KORG X50 Plug-In Editor RTAS (HKLM\...\{B7876739-CC64-417F-A5C9-B997003259E1}) (Version: 1.0.5 - KORG Inc.)
KORG X50 Plug-In Editor VST (HKLM\...\{0BBE28FE-227A-4D34-A069-0EE3AC622850}) (Version: 1.0.5 - KORG Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LibreOffice 4.2.2.1 (HKLM\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 it) (HKLM\...\Mozilla Firefox 34.0.5 (x86 it)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Native Instruments FM8 (HKLM\...\Native Instruments FM8) (Version:  - )
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Pokémon Trading Card Game Online (HKLM\...\{A05F805F-6986-47CB-9563-CE7B60649FF4}) (Version: 1.0.0 - The Pokémon Company International)
PS_AIO_07_B110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Raccolta foto (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-4025110536-2093787427-2300085386-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM\...\{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}) (Version: 1.3.1403.1202 - SplitMediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
14-01-2015 06:19:52 Installazione pacchetto driver di dispositivo: Roland Controller audio, video e giochi
14-01-2015 06:25:32 Revo Uninstaller's restore point - 7-Zip 9.20
14-01-2015 06:30:27 Revo Uninstaller's restore point - Ableton Live 9 Trial
14-01-2015 06:31:39 Removed Ableton Live 9 Trial
14-01-2015 06:44:40 Revo Uninstaller's restore point - Google Chrome
14-01-2015 07:05:19 Windows Update
16-01-2015 15:19:56 Windows Update
20-01-2015 19:52:42 Windows Update
23-01-2015 01:14:19 Revo Uninstaller's restore point - FMRTE 15.1.3.6
23-01-2015 01:45:54 Revo Uninstaller's restore point - Switch - Convertitore di file audio
23-01-2015 03:41:28 Punto di controllo di HitmanPro
23-01-2015 03:42:35 Punto di controllo di HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2015-01-24 16:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {20D56E42-815B-4B17-8603-35F54BDE9FA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {248DEF31-2EC9-4BEC-9836-F135A7C9815D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {29FCC687-7445-4186-B2BD-D828C1D52473} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {454E49B4-80AA-48B4-80D3-5E14323FD536} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500UA => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17] (Facebook Inc.)
Task: {7DA86F38-FE1D-4605-AEA4-63D5A0952D1A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500Core => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17] (Facebook Inc.)
Task: {A348D993-7C5C-4C78-B5E0-8E783E0954A2} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION
Task: {AC91BC61-1DAD-4DCC-AC46-D9F99CA1083F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
Task: {BCF27025-BD7C-446B-A09C-7BBD62D8BD62} - \NCH Software\WavePadSevenDays No Task File <==== ATTENTION
Task: {F20CE41C-B9E9-4C2B-9161-01FAE40C90E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500Core.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500UA.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-14 06:51 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-14 06:51 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-14 06:51 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 06:51 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-14 06:51 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4025110536-2093787427-2300085386-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4025110536-2093787427-2300085386-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4025110536-2093787427-2300085386-1001 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/26/2015 10:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: SpotifyWebHelper.exe, versione: 0.9.15.27, timestamp: 0x54803b75
Nome del modulo che ha generato l'errore: SpotifyWebHelper.exe, versione: 0.9.15.27, timestamp: 0x54803b75
Codice eccezione: 0xc0000005
Offset errore 0x00012397
ID processo che ha generato l'errore: 0x128
Ora di avvio dell'applicazione che ha generato l'errore: 0xSpotifyWebHelper.exe0
Percorso dell'applicazione che ha generato l'errore: SpotifyWebHelper.exe1
Percorso del modulo che ha generato l'errore: SpotifyWebHelper.exe2
ID segnalazione: SpotifyWebHelper.exe3
 
Error: (01/26/2015 10:26:46 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Attivazione della licenza di Windows non riuscita. Errore: 0x80070005.
 
 
System errors:
=============
Error: (01/26/2015 10:26:45 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Servizio Utilità di pianificazione: impossibile caricare le attività all'avvio del servizio. Dati aggiuntivi: valore errore: 2147549183.
 
 
Microsoft Office Sessions:
=========================
Error: (01/26/2015 10:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c00000050001239712801d039aecad78a87C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe3d31bf34-a5a6-11e4-92c9-0024813aed5c
 
Error: (01/26/2015 10:26:46 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 550 @ 2.00GHz
Percentage of memory in use: 67%
Total physical RAM: 2039.3 MB
Available physical RAM: 671.12 MB
Total Pagefile: 4078.61 MB
Available Pagefile: 2197.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:90.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: CB64FC8A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:


  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 
 

 

 

Next,

 

Then run a NEW FRST scan and make sure you place a check mark in the Addition.txt check box and post back both new logs

 

Thanks

 

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Tue Jan 27 18:31:01 2015

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

 

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

 

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

 

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

 

Found and removed: SOFTWARE\JavaSoft

 

Found and removed: SOFTWARE\JreMetrics

 

Found and removed: SOFTWARE\Classes\JavaPlugin.10512

 

------------------------------------

 

Finished reporting.

 

 

 

 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01

Ran by Administrator (administrator) on ADMINISTRATOR on 27-01-2015 18:34:15

Running from C:\Users\Administrator\Documents

Loaded Profiles: Administrator (Available profiles: Administrator)

Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Italiano (Italia)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE

(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [KORG USB-MIDI Driver] => C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [393656 2012-10-05] (KORG Inc.)

HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Run: [spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)

HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-19] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-4025110536-2093787427-2300085386-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4025110536-2093787427-2300085386-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{185D6893-1CAF-46F8-BFDE-C72C1826032D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9CCDCD79-E7A2-46BC-9C96-ABB23FCD2990}: [NameServer] 8.8.8.8,8.8.4.4,8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4

 

FireFox:

========

FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sr19if0e.default-1422306751362

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKU\S-1-5-21-4025110536-2093787427-2300085386-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-17]

FF HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.pokemon-cp.it/", "hxxp://www.facebook.com/", "hxxp://start.peppermintos.com/", "hxxp://home.torchbrowser.com/?systemid=448&appid=91&ua=Torch"

CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Presentazioni Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]

CHR Extension: (Documenti Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]

CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]

CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]

CHR Extension: (Ricerca Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]

CHR Extension: (Mailto: for Gmail™) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2015-01-14]

CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-01-14]

CHR Extension: (Fogli Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]

CHR Extension: (Sicurezza browser Avira) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-23]

CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-14]

CHR Extension: (Google Avvisi email) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-14]

CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-01-14]

CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-01-14]

CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)

S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)

R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)

S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)

S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24096 2012-10-05] (KORG INC.)

S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10371072 2007-07-17] (Sonix Co. Ltd.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-03-17] (Duplex Secure Ltd.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)

U3 amnljtvk; C:\Windows\system32\Drivers\amnljtvk.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)

S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]

U4 eabfiltr; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-27 18:31 - 2015-01-27 18:31 - 00006947 _____ () C:\JavaRa.log

2015-01-27 18:30 - 2015-01-27 18:30 - 00000000 ____D () C:\Users\Administrator\Desktop\RemoveJava

2015-01-27 18:21 - 2015-01-27 18:21 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\TFC.exe

2015-01-27 18:19 - 2014-12-05 17:20 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2015-01-27 18:19 - 2014-12-05 17:20 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2015-01-27 00:41 - 2015-01-27 00:41 - 00000000 ____D () C:\Users\Administrator\Documents\FRST-OlderVersion

2015-01-27 00:40 - 2015-01-27 00:40 - 00000115 _____ () C:\Users\Administrator\Documents\ESET.txt

2015-01-26 22:18 - 2015-01-26 22:18 - 00000629 _____ () C:\Users\Administrator\Documents\JRT.txt

2015-01-25 13:19 - 2015-01-23 00:18 - 00001964 _____ () C:\Users\Administrator\Desktop\Avira.lnk

2015-01-25 13:13 - 2015-01-25 15:58 - 00000000 ____D () C:\Users\Administrator\Desktop\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM

2015-01-24 21:00 - 2015-01-24 21:00 - 02194432 _____ () C:\Users\Administrator\Documents\adwcleaner_4.109.exe

2015-01-24 17:40 - 2015-01-24 17:40 - 00032570 _____ () C:\ComboFix.txt

2015-01-24 16:29 - 2015-01-24 16:29 - 00000000 ____D () C:\Device

2015-01-24 16:29 - 2015-01-24 16:16 - 42205184 _____ () C:\Windows\system32\config\COMPON~2.bak

2015-01-24 15:44 - 2015-01-26 22:26 - 00001418 _____ () C:\Windows\PFRO.log

2015-01-24 15:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-24 15:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-24 15:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-24 15:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-24 15:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-24 15:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-24 15:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-24 15:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-24 15:22 - 2015-01-24 15:22 - 05609462 ____R (Swearware) C:\Users\Administrator\Documents\ComboFix.exe

2015-01-23 03:42 - 2015-01-23 03:42 - 00002726 _____ () C:\Windows\system32\.crusader

2015-01-23 03:35 - 2015-01-23 03:43 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-23 03:35 - 2015-01-23 03:35 - 10285456 _____ (SurfRight B.V.) C:\Users\Administrator\Documents\HitmanPro.exe

2015-01-23 02:40 - 2015-01-23 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter

2015-01-23 02:40 - 2015-01-23 02:40 - 00000000 ____D () C:\Program Files\freac

2015-01-23 02:12 - 2015-01-23 02:12 - 00071184 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-23 02:11 - 2015-01-27 18:26 - 00000896 _____ () C:\Windows\setupact.log

2015-01-23 02:11 - 2015-01-23 02:11 - 00317160 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-23 02:11 - 2015-01-23 02:11 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-23 02:07 - 2015-01-27 18:31 - 00291504 _____ () C:\Windows\WindowsUpdate.log

2015-01-23 00:23 - 2015-01-23 00:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira

2015-01-23 00:23 - 2015-01-23 00:20 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-01-23 00:17 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-01-23 00:17 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-01-23 00:17 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2015-01-23 00:17 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2015-01-23 00:14 - 2015-01-23 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-01-23 00:14 - 2015-01-23 00:17 - 00000000 ____D () C:\ProgramData\Avira

2015-01-23 00:14 - 2015-01-23 00:17 - 00000000 ____D () C:\Program Files\Avira

2015-01-23 00:13 - 2015-01-23 00:13 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-22 22:43 - 2015-01-27 00:44 - 00023422 _____ () C:\Users\Administrator\Documents\Addition.txt

2015-01-22 20:57 - 2015-01-22 20:57 - 02347384 _____ (ESET) C:\Users\Administrator\Documents\esetsmartinstaller_enu.exe

2015-01-22 20:57 - 2015-01-22 20:57 - 00000000 ____D () C:\Program Files\ESET

2015-01-21 17:51 - 2015-01-21 17:51 - 00000000 ____D () C:\Windows\system32\McAfee File Lock

2015-01-21 12:10 - 2015-01-21 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-01-21 12:10 - 2015-01-21 12:10 - 00000000 ____D () C:\Program Files\ERUNT

2015-01-19 23:45 - 2015-01-26 22:07 - 00000000 ____D () C:\Users\Administrator\Desktop\Samples

2015-01-17 12:40 - 2015-01-17 12:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Documents\rkill.exe

2015-01-17 12:10 - 2015-01-17 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-01-17 12:09 - 2015-01-17 12:40 - 00000000 ____D () C:\Users\Administrator\Documents\mbar

2015-01-17 11:23 - 2015-01-17 11:25 - 00028477 _____ () C:\Users\Administrator\Documents\Result.txt

2015-01-17 11:23 - 2015-01-17 11:23 - 00401920 _____ (Farbar) C:\Users\Administrator\Documents\MiniToolBox.exe

2015-01-17 11:22 - 2015-01-17 11:22 - 00415232 _____ (Farbar) C:\Users\Administrator\Documents\FSS.exe

2015-01-17 11:22 - 2015-01-17 11:22 - 00002361 _____ () C:\Users\Administrator\Documents\FSS.txt

2015-01-17 11:10 - 2015-01-17 11:11 - 00852504 _____ () C:\Users\Administrator\Documents\SecurityCheck.exe

2015-01-15 10:00 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-15 00:23 - 2015-01-27 18:34 - 00012255 _____ () C:\Users\Administrator\Documents\FRST.txt

2015-01-15 00:19 - 2015-01-27 00:41 - 01120768 _____ (Farbar) C:\Users\Administrator\Documents\FRST.exe

2015-01-14 06:51 - 2015-01-14 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-14 06:50 - 2015-01-27 18:26 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-14 06:50 - 2015-01-14 06:56 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-14 06:19 - 2015-01-14 06:19 - 00000000 ____D () C:\Users\Administrator\Desktop\SH201_Win7drv_32

2015-01-14 05:27 - 2015-01-14 05:27 - 00000000 ____D () C:\Users\Administrator\Documents\Autoruns

2015-01-14 04:39 - 2015-01-14 04:44 - 00000000 ____D () C:\Program Files\Opera

2015-01-14 04:39 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 04:30 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-01-14 04:30 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-14 04:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 04:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-14 04:18 - 2015-01-14 04:18 - 00000000 ____D () C:\Windows\ERUNT

2015-01-14 04:08 - 2015-01-14 04:09 - 01707939 _____ (Thisisu) C:\Users\Administrator\Documents\JRT.exe

2015-01-14 03:59 - 2015-01-14 03:59 - 00000000 ____D () C:\Program Files\VS Revo Group

2015-01-14 03:57 - 2015-01-14 03:57 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Documents\tdsskiller.exe

2015-01-14 03:55 - 2015-01-26 22:25 - 00000000 ____D () C:\AdwCleaner

2015-01-14 01:52 - 2015-01-27 18:34 - 00000000 ____D () C:\FRST

2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\Program Files\Common Files\VST3

2015-01-13 18:40 - 2015-01-24 17:40 - 00000000 ____D () C:\Qoobox

2015-01-13 18:40 - 2015-01-24 16:56 - 00000000 ____D () C:\Windows\erdnt

2015-01-11 21:47 - 2015-01-13 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-01-08 15:07 - 2015-01-08 15:07 - 00000000 _____ () C:\Windows\system32\debug.log

2015-01-08 13:42 - 2015-01-23 03:47 - 00000850 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2015-01-08 13:15 - 2015-01-08 13:15 - 00000000 ___DC () C:\ProgramData\{957E0013-BE0F-48C1-BF3F-B4B6CC7B6D3B}

2015-01-08 12:50 - 2015-01-08 12:50 - 00000000 __HDC () C:\ProgramData\{8248E23A-B811-474B-951C-5AD780E7F743}

2015-01-06 01:18 - 2015-01-06 01:19 - 00000000 ____D () C:\Users\Administrator\Desktop\Tor Browser_

2015-01-05 23:44 - 2015-01-19 18:46 - 00000000 ____D () C:\Users\Administrator\Desktop\BLACK LITHIUM

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-27 18:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-27 18:21 - 2014-09-19 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-27 18:19 - 2014-09-19 03:16 - 00000000 ____D () C:\Program Files\Java

2015-01-27 18:19 - 2014-05-03 13:33 - 00000000 ____D () C:\Windows\system32\appmgmt

2015-01-27 18:14 - 2014-03-17 17:14 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-26 23:44 - 2014-03-17 22:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify

2015-01-26 22:39 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify

2015-01-26 22:30 - 2014-05-26 02:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-26 22:08 - 2014-04-29 20:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Audacity

2015-01-25 20:24 - 2014-09-20 01:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Progetti FL

2015-01-25 14:49 - 2014-03-17 17:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-01-25 14:49 - 2014-03-17 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-24 21:00 - 2014-07-19 16:43 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8

2015-01-24 20:32 - 2014-03-17 23:38 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite

2015-01-24 16:52 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini

2015-01-24 16:30 - 2014-03-15 11:39 - 06291456 ___SH () C:\Users\Administrator\ntuser.bak

2015-01-24 16:30 - 2009-07-14 03:03 - 56098816 _____ () C:\Windows\system32\config\software.bak

2015-01-24 16:30 - 2009-07-14 03:03 - 21233664 _____ () C:\Windows\system32\config\system.bak

2015-01-24 16:30 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\default.bak

2015-01-24 16:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak

2015-01-24 16:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak

2015-01-24 16:29 - 2014-03-15 11:39 - 00000000 ____D () C:\Users\Administrator

2015-01-24 15:31 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public

2015-01-24 13:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2015-01-22 23:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\config\Journal

2015-01-21 17:56 - 2009-07-14 05:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-21 17:56 - 2009-07-14 05:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-19 19:56 - 2014-03-18 14:15 - 00000000 ___RD () C:\Users\Administrator\Dropbox

2015-01-19 19:54 - 2014-03-18 14:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox

2015-01-19 19:06 - 2014-11-02 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc

2015-01-19 18:47 - 2014-03-18 14:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-01-17 12:10 - 2014-05-26 02:00 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-16 19:11 - 2014-03-17 17:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp

2015-01-15 01:36 - 2014-03-18 02:18 - 00000000 ____D () C:\Program Files\CCleaner

2015-01-14 07:12 - 2014-03-21 02:30 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 07:06 - 2014-03-21 02:30 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-14 06:51 - 2014-03-15 11:50 - 00000000 ____D () C:\Program Files\Google

2015-01-14 05:19 - 2014-03-18 15:06 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2015-01-14 05:19 - 2014-03-18 15:04 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll

2015-01-14 05:19 - 2014-03-18 15:04 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll

2015-01-14 04:52 - 2014-06-17 18:10 - 00000000 ____D () C:\Program Files\Adobe

2015-01-14 04:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System

2015-01-14 04:05 - 2014-10-05 16:35 - 00000000 ____D () C:\Program Files\Yahoo!

2015-01-14 04:03 - 2014-03-17 21:58 - 00000000 ____D () C:\Program Files\VstPlugIns

2015-01-14 03:47 - 2014-03-15 11:40 - 01658888 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-14 03:47 - 2009-07-14 09:21 - 00740896 _____ () C:\Windows\system32\perfh010.dat

2015-01-14 03:47 - 2009-07-14 09:21 - 00146918 _____ () C:\Windows\system32\perfc010.dat

2015-01-14 03:18 - 2014-12-09 18:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-01-14 03:18 - 2014-05-26 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-14 03:18 - 2014-05-26 02:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT

2015-01-14 03:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2015-01-14 03:16 - 2014-10-17 00:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla

2015-01-14 03:16 - 2014-07-28 21:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Samsung

2015-01-08 15:07 - 2014-03-17 16:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe

2015-01-08 09:55 - 2014-03-15 11:55 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-01-05 22:34 - 2014-09-20 01:45 - 00000000 ____D () C:\Users\Administrator\Desktop\Guitar Pro

 

==================== Files in the root of some directories =======

 

2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt

2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt

2014-03-15 11:59 - 2014-03-15 11:59 - 0000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt

2014-10-07 18:51 - 2014-10-07 18:51 - 0009655 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

2014-11-28 17:54 - 2014-11-28 17:54 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{81945724-4E05-4C64-A297-DD88E033E7DA}

2014-03-17 15:04 - 2014-10-17 00:50 - 0020690 _____ () C:\ProgramData\hpzinstall.log

 

Some content of TEMP:

====================

C:\Users\Administrator\AppData\Local\temp\avgnt.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-03-15 12:25

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01

Ran by Administrator at 2015-01-27 18:35:20

Running from C:\Users\Administrator\Documents

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)

Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)

Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

B110 (Version: 140.0.142.000 - Hewlett-Packard) Hidden

BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Dropbox (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)

ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)

FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden

Guitar Pro 6 (HKLM\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)

Hercules Classic Silver (HKLM\...\{8678BD65-D66E-48BB-8531-91D0EF8998A1}) (Version: 3.2.2.1 - Hercules)

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)

HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden

HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden

HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden

IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)

IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

KORG USB-MIDI Driver Tools for Windows (HKLM\...\{B9AFA8A2-E972-48D2-A30B-B26302B3CE6A}) (Version: 1.14.0401 - Korg Inc.)

KORG X50 Editor (HKLM\...\{FC41140A-22CA-4309-B806-F70B0CA31A17}) (Version: 1.0.5 - KORG Inc.)

KORG X50 Plug-In Editor RTAS (HKLM\...\{B7876739-CC64-417F-A5C9-B997003259E1}) (Version: 1.0.5 - KORG Inc.)

KORG X50 Plug-In Editor VST (HKLM\...\{0BBE28FE-227A-4D34-A069-0EE3AC622850}) (Version: 1.0.5 - KORG Inc.)

LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )

LibreOffice 4.2.2.1 (HKLM\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)

LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)

Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 34.0.5 (x86 it) (HKLM\...\Mozilla Firefox 34.0.5 (x86 it)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)

Native Instruments FM8 (HKLM\...\Native Instruments FM8) (Version:  - )

Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version:  - Native Instruments)

Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)

Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Pokémon Trading Card Game Online (HKLM\...\{A05F805F-6986-47CB-9563-CE7B60649FF4}) (Version: 1.0.0 - The Pokémon Company International)

PS_AIO_07_B110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden

QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden

QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden

Raccolta foto (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)

Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 140.0.211.000 - Hewlett-Packard) Hidden

Spotify (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Steam (HKLM\...\Steam) (Version:  - Valve Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)

System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden

TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Unity Web Player (HKU\S-1-5-21-4025110536-2093787427-2300085386-500\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden

Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

XSplit Broadcaster (HKLM\...\{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}) (Version: 1.3.1403.1202 - SplitMediaLabs)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4025110536-2093787427-2300085386-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

20-01-2015 19:52:42 Windows Update

23-01-2015 01:14:19 Revo Uninstaller's restore point - FMRTE 15.1.3.6

23-01-2015 01:45:54 Revo Uninstaller's restore point - Switch - Convertitore di file audio

27-01-2015 18:17:13 Removed Java 7 Update 67

27-01-2015 18:20:39 Removed Java 8 Update 25

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:04 - 2015-01-24 16:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {20D56E42-815B-4B17-8603-35F54BDE9FA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)

Task: {248DEF31-2EC9-4BEC-9836-F135A7C9815D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {29FCC687-7445-4186-B2BD-D828C1D52473} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {454E49B4-80AA-48B4-80D3-5E14323FD536} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500UA => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17] (Facebook Inc.)

Task: {7DA86F38-FE1D-4605-AEA4-63D5A0952D1A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500Core => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17] (Facebook Inc.)

Task: {A348D993-7C5C-4C78-B5E0-8E783E0954A2} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION

Task: {AC91BC61-1DAD-4DCC-AC46-D9F99CA1083F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)

Task: {BCF27025-BD7C-446B-A09C-7BBD62D8BD62} - \NCH Software\WavePadSevenDays No Task File <==== ATTENTION

Task: {F20CE41C-B9E9-4C2B-9161-01FAE40C90E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500Core.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025110536-2093787427-2300085386-500UA.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2015-01-14 06:51 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll

2015-01-14 06:51 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll

2015-01-14 06:51 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-14 06:51 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

2015-01-14 06:51 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-4025110536-2093787427-2300085386-500 - Administrator - Enabled) => C:\Users\Administrator

Guest (S-1-5-21-4025110536-2093787427-2300085386-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4025110536-2093787427-2300085386-1001 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: Photosmart B110 series

Description: Photosmart B110 series

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: HP

Service: StillCam

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart B110 series

Description: Photosmart B110 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/27/2015 06:28:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome dell'applicazione che ha generato l'errore: SpotifyWebHelper.exe, versione: 0.9.15.27, timestamp: 0x54803b75

Nome del modulo che ha generato l'errore: SpotifyWebHelper.exe, versione: 0.9.15.27, timestamp: 0x54803b75

Codice eccezione: 0xc0000005

Offset errore 0x00012397

ID processo che ha generato l'errore: 0x144

Ora di avvio dell'applicazione che ha generato l'errore: 0xSpotifyWebHelper.exe0

Percorso dell'applicazione che ha generato l'errore: SpotifyWebHelper.exe1

Percorso del modulo che ha generato l'errore: SpotifyWebHelper.exe2

ID segnalazione: SpotifyWebHelper.exe3

 

Error: (01/27/2015 06:26:17 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Attivazione della licenza di Windows non riuscita. Errore: 0x80070005.

 

Error: (01/27/2015 06:22:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc100

Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.18247, timestamp: 0x521ea91c

Codice eccezione: 0xc0000005

Offset errore 0x000303a2

ID processo che ha generato l'errore: 0x280

Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0

Percorso dell'applicazione che ha generato l'errore: svchost.exe1

Percorso del modulo che ha generato l'errore: svchost.exe2

ID segnalazione: svchost.exe3

 

Error: (01/26/2015 10:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome dell'applicazione che ha generato l'errore: SpotifyWebHelper.exe, versione: 0.9.15.27, timestamp: 0x54803b75

Nome del modulo che ha generato l'errore: SpotifyWebHelper.exe, versione: 0.9.15.27, timestamp: 0x54803b75

Codice eccezione: 0xc0000005

Offset errore 0x00012397

ID processo che ha generato l'errore: 0x128

Ora di avvio dell'applicazione che ha generato l'errore: 0xSpotifyWebHelper.exe0

Percorso dell'applicazione che ha generato l'errore: SpotifyWebHelper.exe1

Percorso del modulo che ha generato l'errore: SpotifyWebHelper.exe2

ID segnalazione: SpotifyWebHelper.exe3

 

Error: (01/26/2015 10:26:46 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Attivazione della licenza di Windows non riuscita. Errore: 0x80070005.

 

 

System errors:

=============

Error: (01/27/2015 06:30:14 PM) (Source: DCOM) (EventID: 10001) (User: )

Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

 

Error: (01/27/2015 06:27:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Avira Service Host.

 

Error: (01/27/2015 06:26:19 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)

Description: Servizio Utilità di pianificazione: impossibile caricare le attività all'avvio del servizio. Dati aggiuntivi: valore errore: 2147549183.

 

Error: (01/27/2015 06:26:14 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Precedente arresto del sistema inatteso a 18:22:00 su ‎27/‎01/‎2015.

 

Error: (01/26/2015 10:26:45 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)

Description: Servizio Utilità di pianificazione: impossibile caricare le attività all'avvio del servizio. Dati aggiuntivi: valore errore: 2147549183.

 

 

Microsoft Office Sessions:

=========================

Error: (01/27/2015 06:28:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c00000050001239714401d03a565d74b54cC:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exef371c15f-a649-11e4-86a7-0024813aed5c

 

Error: (01/27/2015 06:26:17 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (01/27/2015 06:22:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe6.1.7600.163854a5bc100ntdll.dll6.1.7601.18247521ea91cc0000005000303a228001d039aec7079657C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll1d9cb05a-a649-11e4-92c9-0024813aed5c

 

Error: (01/26/2015 10:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c00000050001239712801d039aecad78a87C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe3d31bf34-a5a6-11e4-92c9-0024813aed5c

 

Error: (01/26/2015 10:26:46 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

 

==================== Memory info =========================== 

 

Processor: Intel® Celeron® CPU 550 @ 2.00GHz

Percentage of memory in use: 54%

Total physical RAM: 2039.3 MB

Available physical RAM: 924.36 MB

Total Pagefile: 4078.61 MB

Available Pagefile: 2698.34 MB

Total Virtual: 2047.88 MB

Available Virtual: 1912.48 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:148.95 GB) (Free:94.67 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: CB64FC8A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.