Jump to content

Possible malware?


Recommended Posts

Hi, my laptop it's not working, and I saw for a second or two a command prompt window with this "setstretch.exe" and I don't know what is it. I just did a refresh but I fear there could be a malware.  

 

Here is the log of Farbar:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by utente (administrator) on ASUS on 16-01-2015 18:09:06
Running from C:\Users\utente\Desktop
Loaded Profiles: UpdatusUser & utente (Available profiles: UpdatusUser & utente & Administrator)
Platform: Windows 8 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McS6A87.tmp
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [31232 2012-07-26] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-23] (Realtek Semiconductor)
HKLM\...\Run: [btTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe [3411328 2012-07-24] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1527896 2012-06-21] (McAfee, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [644656 2013-08-17] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] => C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe [487584 2012-08-02] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3420404393-608974302-1735381035-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3420404393-608974302-1735381035-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3420404393-608974302-1735381035-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-17]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0296451421426439mcinstcleanup; C:\Windows\TEMP\029645~1.EXE [831600 2012-09-24] (McAfee, Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-05-22] (McAfee, Inc.)
R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McSchedulerSvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:35 - 2015-01-16 18:35 - 00000000 ____D () C:\Windows.old
2015-01-16 18:24 - 2015-01-16 18:24 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-16 18:09 - 2015-01-16 18:09 - 00016296 _____ () C:\Users\utente\Desktop\FRST.txt
2015-01-16 18:09 - 2015-01-16 18:09 - 00000000 ____D () C:\FRST
2015-01-16 18:08 - 2015-01-16 18:08 - 00000000 ___SH () C:\DkHyperbootSync
2015-01-16 18:07 - 2015-01-16 18:08 - 02125312 _____ (Farbar) C:\Users\utente\Desktop\FRST64.exe
2015-01-16 18:00 - 2015-01-16 18:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 18:00 - 2015-01-16 18:00 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 18:00 - 2015-01-16 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 18:00 - 2015-01-16 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 18:00 - 2015-01-16 18:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 18:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 18:00 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 18:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 17:57 - 2015-01-16 17:59 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\utente\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 17:55 - 2015-01-16 17:55 - 00000000 ____D () C:\Users\utente\AppData\Roaming\Macromedia
2015-01-16 17:54 - 2015-01-16 17:54 - 00000000 ____D () C:\Users\utente\AppData\Roaming\ASUS WebStorage
2015-01-16 17:53 - 2015-01-16 17:53 - 00000000 ____D () C:\Users\utente\AppData\Local\BMExplorer
2015-01-16 17:52 - 2015-01-16 17:52 - 00009320 _____ () C:\Users\utente\Desktop\Applicazioni rimosse.html
2015-01-16 17:52 - 2015-01-16 17:52 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-16 17:52 - 2015-01-16 17:52 - 00000000 ____D () C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-16 17:52 - 2015-01-16 17:52 - 00000000 ____D () C:\Users\utente\AppData\Roaming\Atheros
2015-01-16 17:46 - 2015-01-16 17:46 - 00000062 _____ () C:\Users\utente\AppData\Roaming\sp_data.sys
2015-01-16 17:45 - 2015-01-16 17:45 - 00001412 _____ () C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-16 17:45 - 2015-01-16 17:45 - 00000194 _____ () C:\Windows\FixPatch.log
2015-01-16 17:45 - 2015-01-16 17:45 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2015-01-16 17:45 - 2015-01-16 17:45 - 00000000 ____D () C:\Users\utente\AppData\Roaming\Adobe
2015-01-16 17:45 - 2015-01-16 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-16 17:45 - 2015-01-16 17:45 - 00000000 ____D () C:\ProgramData\FolderView
2015-01-16 17:40 - 2015-01-16 17:40 - 00000000 ____D () C:\Users\utente\AppData\Local\VirtualStore
2015-01-16 17:39 - 2015-01-16 17:40 - 00000000 ____D () C:\Users\utente\AppData\Local\ASUS
2015-01-16 17:39 - 2015-01-16 17:39 - 00000020 ___SH () C:\Users\utente\ntuser.ini
2015-01-16 17:38 - 2015-01-16 17:38 - 00001663 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2015-01-16 17:38 - 2015-01-16 17:38 - 00000117 _____ () C:\Windows\system32\netcfg-165906.txt
2015-01-16 17:38 - 2015-01-16 17:38 - 00000117 _____ () C:\Windows\system32\netcfg-165875.txt
2015-01-16 17:38 - 2015-01-16 17:38 - 00000117 _____ () C:\Windows\system32\netcfg-164625.txt
2015-01-16 17:38 - 2015-01-16 17:38 - 00000117 _____ () C:\Windows\system32\netcfg-161296.txt
2015-01-16 17:37 - 2015-01-16 17:45 - 00000000 ____D () C:\Users\utente
2015-01-16 17:37 - 2015-01-16 17:38 - 00026673 _____ () C:\Windows\diagwrn.xml
2015-01-16 17:37 - 2015-01-16 17:38 - 00026673 _____ () C:\Windows\diagerr.xml
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Risorse di stampa
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Risorse di rete
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Recenti
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Modelli
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Menu Avvio
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Impostazioni locali
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Documents\Video
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Documents\Musica
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Documents\Immagini
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Documenti
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\Dati applicazioni
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\AppData\Local\Dati applicazioni
2015-01-16 17:37 - 2015-01-16 17:37 - 00000000 _SHDL () C:\Users\utente\AppData\Local\Cronologia
2015-01-16 17:37 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-16 17:37 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 17:37 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-16 17:37 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Public\Documents\Video
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Public\Documents\Musica
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Public\Documents\Immagini
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Risorse di stampa
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Risorse di rete
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Recenti
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Modelli
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Menu Avvio
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Impostazioni locali
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Documents\Video
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Documents\Musica
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Documents\Immagini
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Documenti
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\Dati applicazioni
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dati applicazioni
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Cronologia
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default User\Documents\Video
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default User\Documents\Musica
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default User\Documents\Immagini
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dati applicazioni
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Cronologia
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\ProgramData\Modelli
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programmi
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\ProgramData\Menu Avvio
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\ProgramData\Documenti
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\ProgramData\Dati applicazioni
2015-01-16 17:36 - 2015-01-16 17:36 - 00000000 _SHDL () C:\Program Files\File comuni
2015-01-16 15:35 - 2015-01-16 15:36 - 01548384 _____ (Skype Technologies S.A.) C:\Users\utente\Desktop\SkypeSetup.exe
2015-01-16 13:41 - 2015-01-16 18:03 - 00000000 ___HD () C:\$SysReset
2015-01-10 23:38 - 2015-01-10 23:41 - 00017540 _____ () C:\Users\utente\Desktop\inc065.odt
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\Users\utente\Documents\ValiantHearts
2015-01-02 23:23 - 2015-01-02 23:23 - 00000000 ____D () C:\Users\utente\Documents\Hack 'n' Slash
2014-12-29 15:21 - 2014-12-29 15:21 - 00000222 _____ () C:\Users\utente\Desktop\Transistor.url
2014-12-22 17:56 - 2014-12-22 17:56 - 00000222 _____ () C:\Users\utente\Desktop\The Dark Eye Chains of Satinav.url
2014-12-22 17:36 - 2014-12-22 17:36 - 00000000 ____D () C:\Users\utente\Documents\nigoro
2014-12-22 17:04 - 2014-12-22 17:04 - 00000222 _____ () C:\Users\utente\Desktop\Killer is Dead.url
2014-12-22 16:39 - 2014-12-22 16:39 - 00000000 ____D () C:\Users\utente\Tracing
2014-12-21 22:58 - 2015-01-08 23:44 - 00083844 _____ () C:\Users\utente\Desktop\inc064.odt
2014-12-20 13:50 - 2014-12-20 13:50 - 00000222 _____ () C:\Users\utente\Desktop\Hack 'n' Slash.url
2014-12-18 20:42 - 2014-12-18 20:42 - 00000222 _____ () C:\Users\utente\Desktop\Theatre Of The Absurd.url
2014-12-18 20:42 - 2014-12-18 20:42 - 00000222 _____ () C:\Users\utente\Desktop\Gray Matter.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:35 - 2012-07-26 09:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-01-16 18:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-16 17:59 - 2014-08-25 10:42 - 00209511 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 17:59 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-16 17:56 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-16 17:53 - 2014-08-25 11:39 - 00000000 ____D () C:\Users\utente\Documents\Bluetooth Folder
2015-01-16 17:53 - 2014-08-25 10:52 - 00000000 ____D () C:\ProgramData\Atheros
2015-01-16 17:51 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-16 17:51 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-16 17:48 - 2012-08-17 01:53 - 00000000 ____D () C:\ProgramData\ChangeFolderView
2015-01-16 17:46 - 2014-08-25 10:56 - 00000000 ____D () C:\Program Files\McAfeeEx
2015-01-16 17:45 - 2014-08-25 11:37 - 00000000 ____D () C:\Users\utente\AppData\Local\Packages
2015-01-16 17:45 - 2012-08-17 01:53 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-01-16 17:45 - 2012-08-17 01:52 - 03899208 _____ () C:\Windows\AsDebug.log
2015-01-16 17:45 - 2012-08-17 01:52 - 00505136 _____ () C:\Windows\AsCDProc.log
2015-01-16 17:45 - 2012-08-17 01:48 - 00001766 _____ () C:\Windows\PQArecord.log
2015-01-16 17:45 - 2012-08-03 00:15 - 00791608 _____ () C:\Windows\system32\perfh013.dat
2015-01-16 17:45 - 2012-08-03 00:15 - 00161136 _____ () C:\Windows\system32\perfc013.dat
2015-01-16 17:45 - 2012-08-03 00:11 - 00797438 _____ () C:\Windows\system32\perfh010.dat
2015-01-16 17:45 - 2012-08-03 00:11 - 00155764 _____ () C:\Windows\system32\perfc010.dat
2015-01-16 17:45 - 2012-08-03 00:06 - 00796080 _____ () C:\Windows\system32\perfh00C.dat
2015-01-16 17:45 - 2012-08-03 00:06 - 00157634 _____ () C:\Windows\system32\perfc00C.dat
2015-01-16 17:45 - 2012-08-03 00:02 - 00747858 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 17:45 - 2012-08-03 00:02 - 00157910 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 17:45 - 2012-08-02 14:33 - 00000000 ____D () C:\Windows\Log
2015-01-16 17:45 - 2012-07-26 08:28 - 04568320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 17:43 - 2012-08-17 01:53 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-16 17:40 - 2012-08-17 01:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-16 17:39 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-01-16 17:39 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-01-16 17:38 - 2012-08-02 23:24 - 00000000 ____D () C:\Windows\Panther
2015-01-16 17:38 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-16 17:38 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-16 17:38 - 2012-07-26 08:21 - 00039437 _____ () C:\Windows\setupact.log
2015-01-16 17:38 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2015-01-16 17:36 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-16 17:36 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 17:35 - 2012-08-02 14:24 - 00001124 _____ () C:\Windows\PFRO.log
2015-01-16 17:00 - 2014-09-02 13:54 - 00000000 ____D () C:\Users\utente\Desktop\desk
2015-01-16 16:49 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-16 15:22 - 2014-09-02 13:49 - 00000000 ____D () C:\Users\utente\Desktop\Inc
2015-01-16 14:05 - 2014-09-21 22:30 - 00000000 ____D () C:\Users\utente\Desktop\Shortcut
2015-01-14 19:22 - 2014-09-02 14:14 - 00000000 ____D () C:\Users\utente\Desktop\Something
2015-01-14 11:32 - 2014-09-02 14:08 - 00000000 ____D () C:\Users\utente\Desktop\I
2015-01-12 23:39 - 2014-09-02 14:12 - 00000000 ____D () C:\Users\utente\Desktop\books
2015-01-12 23:39 - 2014-09-02 14:07 - 00000000 ____D () C:\Users\utente\Desktop\Materiale v
2015-01-12 00:07 - 2014-08-31 22:34 - 00000000 ____D () C:\Users\utente\Documents\OmmWriter
2015-01-10 23:12 - 2014-11-08 14:23 - 00044993 _____ () C:\Users\utente\Desktop\inc062.odt
2015-01-10 14:24 - 2014-09-02 14:11 - 00000000 ____D () C:\Users\utente\Desktop\Comics
2015-01-10 00:40 - 2014-09-02 14:13 - 00000000 ____D () C:\Users\utente\Desktop\R
2015-01-08 22:27 - 2014-09-13 11:57 - 00000000 ____D () C:\Users\utente\.gimp-2.8
2015-01-08 00:38 - 2014-09-02 14:15 - 00000000 ____D () C:\Users\utente\Desktop\Archiviati
2015-01-07 00:31 - 2014-10-18 16:47 - 00000000 ____D () C:\Users\utente\Desktop\write
2015-01-05 11:37 - 2014-09-02 14:13 - 00000000 ____D () C:\Users\utente\Desktop\YoT
2014-12-31 22:17 - 2014-10-18 19:47 - 00072350 _____ () C:\Users\utente\Desktop\possibile inc.odt
2014-12-25 14:30 - 2014-09-02 14:03 - 00000000 ____D () C:\Users\utente\Desktop\games
2014-12-19 23:14 - 2014-08-30 09:59 - 00000000 ____D () C:\Users\utente\Documents\my games

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-08-02 14:24

==================== End Of Log ============================

 

And there is the additional log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by utente at 2015-01-16 18:09:30
Running from C:\Users\utente\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee  Antivirus e antispyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Antivirus e antispyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee  Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.6.112 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware versione 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 11.6.385 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6829 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12E907FF-CABF-4E49-84A7-F45891F60F8B} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {1F6222CF-1C38-414E-858B-EA932209B060} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {1F703C79-EF11-4CE8-83CB-B93399E53DE6} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {5AE60632-B308-4230-95E5-E309DC97F715} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {9C97C8DA-9C4F-4746-AA11-F70597129878} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {A98702FF-BDB3-40AD-BE67-F40ACE5AB35D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {E1D4D77A-4E02-403C-99C7-3C6C3D02C08F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)

==================== Loaded Modules (whitelisted) =============

2012-08-17 01:53 - 2012-06-22 07:41 - 00024704 _____ () C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll
2012-11-29 17:15 - 2012-11-29 17:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-01-29 04:43 - 2012-10-15 05:09 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-09-29 19:02 - 2012-09-29 19:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-29 18:57 - 2012-09-29 18:57 - 00020480 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\it-IT\BtTray.it-IT.dll
2012-09-29 18:59 - 2012-09-29 18:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 19:01 - 2012-09-29 19:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-08-25 10:45 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3420404393-608974302-1735381035-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3420404393-608974302-1735381035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3420404393-608974302-1735381035-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-3420404393-608974302-1735381035-1001 - Limited - Enabled) => C:\Users\UpdatusUser
utente (S-1-5-21-3420404393-608974302-1735381035-1002 - Administrator - Enabled) => C:\Users\utente

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 05:37:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: services (804) Ripristino database non riuscito. Errore imprevisto -1216.

Error: (01/16/2015 05:37:02 PM) (Source: ESENT) (EventID: 494) (User: )
Description: services (804) Ripristino del database non riuscito con errore -1216 in quanto sono stati rilevati riferimenti a un database, "C:\WINDOWS\Security\Database\secedit.sdb", non più esistente. Il database non è stato portato a uno stato di chiusura normale prima della rimozione (o dello spostamento o della ridenominazione). Il modulo di gestione di database non consentirà il completamento del ripristino di questa istanza finché non viene ripristinato il database mancante. Se il database non è più disponibile o non è più richiesto, le procedure per la risoluzione di questo errore sono disponibili nella Microsoft Knowledge Base o seguendo il collegamento "Ulteriori informazioni" alla fine di questo messaggio.

System errors:
=============
Error: (01/16/2015 05:52:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: impostazioni specifiche dell'applicazioneLocaleAttivazione{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (tramite LRPC)Non disponibileNon disponibile

Error: (01/16/2015 05:42:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio McAfee Network Agent bloccato in partenza.

Microsoft Office Sessions:
=========================
Error: (01/16/2015 05:37:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: services804-1216

Error: (01/16/2015 05:37:02 PM) (Source: ESENT) (EventID: 494) (User: )
Description: services804-1216C:\WINDOWS\Security\Database\secedit.sdb

==================== Memory info ===========================

Processor: Intel® Core i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 8077.54 MB
Available physical RAM: 5951.19 MB
Total Pagefile: 12685.54 MB
Available Pagefile: 10217.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.92 GB) (Free:176.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:393.41 GB) (Free:134.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EB51AD9D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 5D381594)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Thanks in advance

(I usually use Avira, but after I did the refresh I found again McAfee)

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and upload your next reply.
 
 
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.