Jump to content

Strange result from roguekiller and gmer scan


Isidoro

Recommended Posts

Hello and :welcome:

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

I read now the : Paste the logs in your posts, attachments make my work harder and more complicated. idk how to edit my post then i just repost

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 10/02/2015
Ora scansione: 17:50:48
File di log: report mlwrb.txt
Amministratore: Si

Versione: 2.00.4.1028
Database malware: v2015.02.10.09
Database rootkit: v2015.02.03.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Autoprotezione: Disattivata

SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Mattia

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 437148
Tempo impiegato: 6 min, 41 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristica: Attivata
PUP: Avviso
PUM: Attivata

Processi: 0
(Nessun elemento malevolo rilevato)

Moduli: 0
(Nessun elemento malevolo rilevato)

Chiavi di registro: 1
PUP.Optional.ViewPassword.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ViewPassword, Spostato in quarantena, [3cd6a773cebc4bebbe00921ef211f010],

Valori di registro: 0
(Nessun elemento malevolo rilevato)

Dati di registro: 0
(Nessun elemento malevolo rilevato)

Cartelle: 0
(Nessun elemento malevolo rilevato)

File: 0
(Nessun elemento malevolo rilevato)

Settori fisici: 0
(Nessun elemento malevolo rilevato)


(end)

Link to post
Share on other sites

OK, let's re-run FRST.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Mattia (administrator) on RAFT on 10-02-2015 18:37:46
Running from H:\Users\Mattia\Contacts\Desktop\New folder
Loaded Profiles: Mattia (Available profiles: Mattia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) H:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) H:\Windows\System32\atiesrxx.exe
(AMD) H:\Windows\System32\atieclxx.exe
(Microsoft Corporation) H:\Windows\System32\rundll32.exe
(Microsoft Corporation) H:\Windows\SysWOW64\rundll32.exe
(ASUSTeK Computer Inc.) H:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Microsoft Corporation) H:\Program Files\Microsoft Security Client\msseces.exe
(Renesas Electronics Corporation) H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Ellora Assets Corp.) H:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(pdfforge GmbH) H:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) H:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => h:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [startCCC] => H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sDTray] => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers-x32: [Gestore icona firma digitale di AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => H:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1447828807-318650237-636904149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1447828807-318650237-636904149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1447828807-318650237-636904149-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> H:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> H:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{FB74242B-85B0-46B7-8932-E2E31EF3D044}: [NameServer] 208.67.222.222,195.27.150.42

FireFox:
========
FF ProfilePath: H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> H:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> H:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> H:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> H:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> H:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1447828807-318650237-636904149-1000: thehappycloud.com/HappyCloudPlugin -> H:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1447828807-318650237-636904149-1000: ubisoft.com/uplaypc -> C:\farcry\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: H:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
FF Extension: Adblock Plus - H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: DownThemAll! - H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF Extension: Skype Click to Call - H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-12]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-30]
CHR Extension: (YouTube) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Adblock Plus) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-18]
CHR Extension: (Google Search) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-10-18]
CHR Extension: (AdBlock) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-27]
CHR Extension: (Ghostery) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-28]
CHR Extension: (Google Wallet) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]
CHR Extension: (Gmail) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 66460fbe; h:\Program Files (x86)\TampaEngine\TampaEngine.dll [1640448 2015-02-06] () [File not signed]
R2 AMD FUEL Service; H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
S3 Autodesk Licensing Service; H:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-09-07] (Autodesk)
S3 FLEXnet Licensing Service 64; H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-10-23] (Macrovision Europe Ltd.) [File not signed]
R2 FreemakeVideoCapture; H:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-22] (Ellora Assets Corp.) [File not signed]
S3 IDriverT; H:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R4 MBAMService; C:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; h:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; h:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PDF Architect Helper Service; H:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; H:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; H:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; H:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; H:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; H:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; H:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; H:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; H:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; H:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; H:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-02-10] ()
S3 DIRECTIO; C:\Program Files (x86)\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R3 ElbyCDFL; H:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; H:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 libusb0; H:\Windows\System32\DRIVERS\libusb0.sys [43456 2011-01-30] (http://libusb-win32.sourceforge.net)
R2 lirsgt; H:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-09] ()
R4 MBAMProtector; H:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R0 MBAMSwissArmy; H:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)
S3 MEMSWEEP2; H:\Windows\system32\DB32.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R0 MpFilter; H:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 MTsensor; H:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NisDrv; H:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 PAC207; H:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.)
R2 Sentinel64; H:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 usbUDisc; H:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2013-11-03] (Scott)
R3 whfltr2k; H:\Windows\System32\DRIVERS\whfltr2k.sys [9600 2007-01-26] ()
S3 catchme; \??\H:\ComboFix\catchme.sys [X]
U3 aswMBR; \??\H:\Users\Mattia\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\H:\Users\Mattia\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 17:49 - 2015-02-10 17:50 - 00129752 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 17:49 - 2015-02-10 17:49 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 17:49 - 2015-02-10 17:49 - 00000000 ____D () H:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-10 17:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 17:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\mwac.sys
2015-02-10 14:47 - 2015-02-10 14:47 - 00060934 _____ () H:\Users\Mattia\Downloads\Shortcut.txt
2015-02-10 14:46 - 2015-02-10 14:56 - 00054463 _____ () H:\Users\Mattia\Downloads\FRST.txt
2015-02-10 14:25 - 2015-02-10 14:25 - 00025745 _____ () H:\ComboFix.txt
2015-02-10 13:47 - 2015-02-10 13:47 - 00091480 _____ () H:\Users\Mattia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-10 13:46 - 2015-02-10 14:42 - 00001306 _____ () H:\Windows\PFRO.log
2015-02-10 13:46 - 2015-02-10 14:42 - 00000560 _____ () H:\Windows\setupact.log
2015-02-10 13:46 - 2015-02-10 13:46 - 04911176 _____ () H:\Windows\system32\FNTCACHE.DAT
2015-02-10 13:46 - 2015-02-10 13:46 - 00000000 _____ () H:\Windows\setuperr.log
2015-02-10 13:23 - 2015-02-10 13:23 - 00000192 _____ () H:\Windows\wininit.ini
2015-02-10 13:06 - 2015-02-10 13:31 - 00000000 ____D () H:\ProgramData\HitmanPro
2015-02-10 12:46 - 2015-02-10 12:52 - 00000000 ____D () H:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-10 12:46 - 2015-02-10 12:46 - 00001401 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-10 12:46 - 2015-02-10 12:46 - 00001389 _____ () H:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-10 12:46 - 2015-02-10 12:46 - 00000000 ____D () H:\Windows\System32\Tasks\Safer-Networking
2015-02-10 12:46 - 2015-02-10 12:46 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-10 12:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) H:\Windows\system32\sdnclean64.exe
2015-02-10 12:36 - 2015-02-06 20:12 - 00000027 _____ () H:\Windows\system32\Drivers\etc\hosts.20150210-123628.backup
2015-02-10 12:29 - 2015-02-10 12:30 - 46525608 _____ (Safer-Networking Ltd. ) H:\Users\Mattia\Downloads\spybot-2.4.exe
2015-02-10 12:24 - 2015-02-10 15:18 - 00000000 ____D () H:\ProgramData\Spybot - Search & Destroy
2015-02-10 12:24 - 2015-02-10 12:46 - 00000000 ____D () H:\Program Files (x86)\Spybot - Search & Destroy
2015-02-10 12:15 - 2015-02-10 18:37 - 00000000 ____D () H:\FRST
2015-02-10 12:15 - 2015-02-10 14:47 - 00039411 _____ () H:\Users\Mattia\Downloads\Addition.txt
2015-02-10 12:11 - 2015-02-10 12:11 - 02132992 _____ (Farbar) H:\Users\Mattia\Downloads\FRST64.exe
2015-02-10 12:03 - 2015-02-10 12:03 - 13946571 _____ () H:\Users\Mattia\Downloads\SysinternalsSuite.zip
2015-02-10 12:03 - 2015-02-10 12:03 - 00037624 _____ () H:\Windows\system32\Drivers\TrueSight.sys
2015-02-10 12:03 - 2015-02-10 12:03 - 00000000 ____D () H:\ProgramData\RogueKiller
2015-02-10 12:02 - 2015-02-10 12:02 - 18570328 _____ () H:\Users\Mattia\Downloads\RogueKillerX64.exe
2015-02-10 12:01 - 2015-02-10 12:01 - 00380416 _____ () H:\Users\Mattia\Downloads\ld6h1zqy.exe
2015-02-10 10:18 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\DB32.tmp
2015-02-10 10:18 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\72BF.tmp
2015-02-09 17:40 - 2015-02-09 17:40 - 05611930 ____R (Swearware) H:\Users\Mattia\Downloads\ComboFix.exe
2015-02-09 17:36 - 2015-02-10 18:36 - 00000000 ____D () H:\Program Files (x86)\Sophos
2015-02-09 17:36 - 2015-02-09 17:39 - 00000000 ____D () H:\ProgramData\SecTaskMan
2015-02-09 17:36 - 2015-02-09 17:36 - 00001168 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00001157 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00001145 _____ () H:\Users\Public\Desktop\Security Task Manager.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00000000 ____D () H:\Users\Mattia\AppData\Local\SecTaskMan
2015-02-09 17:36 - 2015-02-09 17:36 - 00000000 ____D () H:\Program Files (x86)\Security Task Manager
2015-02-09 17:36 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\9991.tmp
2015-02-09 17:36 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\318B.tmp
2015-02-09 17:34 - 2015-02-09 17:34 - 00380416 _____ () H:\Users\Mattia\Downloads\utd3pp4j.exe
2015-02-09 17:33 - 2015-02-09 17:34 - 16409960 _____ (Safer Networking Limited ) H:\Users\Mattia\Downloads\spybotsd162.exe
2015-02-09 17:32 - 2015-02-09 17:33 - 05200384 _____ (AVAST Software) H:\Users\Mattia\Downloads\aswmbr.exe
2015-02-09 17:30 - 2015-02-09 17:30 - 01525384 _____ () H:\Users\Mattia\Downloads\sarsfx.exe
2015-02-09 17:25 - 2015-02-10 13:07 - 11227888 _____ (SurfRight B.V.) H:\Users\Mattia\Downloads\HitmanPro_x64.exe
2015-02-09 14:25 - 2015-02-09 14:25 - 04197016 _____ (Kaspersky Lab ZAO) H:\Users\Mattia\Downloads\tdsskiller.exe
2015-02-09 14:25 - 2015-02-09 14:25 - 01943800 _____ (Bleeping Computer, LLC) H:\Users\Mattia\Downloads\rkill.exe
2015-02-07 20:59 - 2015-02-10 18:10 - 00001150 _____ () H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 20:59 - 2015-02-10 14:42 - 00001146 _____ () H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 20:59 - 2015-02-08 11:05 - 00004146 _____ () H:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 20:59 - 2015-02-08 11:05 - 00003894 _____ () H:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 20:04 - 2015-02-06 20:04 - 00004772 _____ () H:\Users\Mattia\Desktop\JRT.txt
2015-02-06 20:01 - 2015-02-06 20:02 - 01388274 _____ (Thisisu) H:\Users\Mattia\Downloads\JRT.exe
2015-02-06 17:12 - 2015-02-06 17:12 - 00000000 ____D () H:\Program Files (x86)\TampaEngine
2015-02-06 17:10 - 2015-02-06 17:10 - 00000000 ____D () H:\ProgramData\ieglohkjilgeaebhlihohjkjhbmdjlof
2015-02-06 17:10 - 2015-02-06 17:10 - 00000000 ____D () H:\Program Files (x86)\uniSaales
2015-02-06 17:09 - 2015-02-06 18:17 - 00000000 ____D () H:\ProgramData\{087c5a26-d0cb-cabf-087c-c5a26d0c689b}
2015-02-06 14:15 - 2015-02-06 14:18 - 00000000 ____D () H:\Users\Mattia\Desktop\new folder4
2015-02-06 14:08 - 2015-02-06 14:19 - 00000000 ____D () H:\Program Files (x86)\Pandora Recovery
2015-02-04 12:04 - 2015-02-04 12:06 - 00000000 ____D () H:\Users\Mattia\Documents\Heroes of the Storm
2015-02-04 12:00 - 2015-02-04 12:00 - 00000714 _____ () H:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-04 12:00 - 2015-02-04 12:00 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-01 22:31 - 2015-02-01 22:33 - 121880235 _____ () H:\Users\Mattia\Downloads\PYRAMID-16BARRE.zip
2015-02-01 12:27 - 2015-02-10 14:45 - 00289759 _____ () H:\Windows\WindowsUpdate.log
2015-01-31 13:10 - 2015-01-31 13:15 - 31643015 _____ () H:\Users\Mattia\Downloads\p-4395.rar
2015-01-30 20:21 - 2015-01-30 20:25 - 65842920 _____ () H:\Users\Mattia\Downloads\JumpUltimateStarsPatchato.nds
2015-01-30 16:12 - 2015-01-30 16:12 - 00001369 _____ () H:\Users\Public\Desktop\League of Legends.lnk
2015-01-30 16:12 - 2015-01-30 16:12 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-01-24 11:36 - 2015-01-24 11:36 - 00058610 _____ () H:\Windows\SysWOW64\CCCInstall_201501241136455650.log
2015-01-24 11:36 - 2015-01-24 11:36 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-24 11:36 - 2015-01-24 11:36 - 00000000 ____D () H:\ProgramData\ATI
2015-01-21 15:54 - 2015-01-30 16:12 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Riot Games
2015-01-15 19:05 - 2015-01-18 16:49 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Time
2015-01-15 19:05 - 2015-01-15 19:05 - 00000707 _____ () H:\Users\Mattia\Desktop\Hard Time.lnk
2015-01-15 18:42 - 2015-01-15 18:42 - 00000771 _____ () H:\Users\Mattia\Desktop\The You Testament.lnk
2015-01-14 22:56 - 2015-02-10 12:36 - 00449919 ____R () H:\Windows\system32\Drivers\etc\hosts.20150210-151858.backup
2015-01-14 22:31 - 2011-06-26 07:45 - 00256000 _____ () H:\Windows\PEV.exe
2015-01-14 22:31 - 2010-11-07 18:20 - 00208896 _____ () H:\Windows\MBR.exe
2015-01-14 22:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) H:\Windows\NIRCMD.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) H:\Windows\SWREG.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) H:\Windows\SWSC.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00098816 _____ () H:\Windows\sed.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00080412 _____ () H:\Windows\grep.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00068096 _____ () H:\Windows\zip.exe
2015-01-14 22:29 - 2015-02-10 14:25 - 00000000 ____D () H:\Qoobox
2015-01-14 22:29 - 2015-01-14 22:57 - 00000000 ____D () H:\Windows\erdnt
2015-01-14 22:15 - 2015-01-14 22:19 - 00000000 ____D () H:\AdwCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-07-01 10:25 - 2012-12-18 14:21 - 00003914 _____ () H:\Windows\System32\Tasks\User_Feed_Synchronization-{FB4A4244-3EC1-4348-95BB-0BBD2397EBB6}
2015-02-10 18:24 - 2012-10-17 07:42 - 00000830 _____ () H:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 17:49 - 2013-02-12 21:30 - 00001112 _____ () H:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 17:49 - 2012-11-27 19:25 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Malwarebytes
2015-02-10 17:49 - 2012-11-27 19:25 - 00000000 ____D () H:\ProgramData\Malwarebytes
2015-02-10 17:48 - 2014-01-19 17:29 - 00000000 ____D () H:\Users\Mattia\AppData\Local\Battle.net
2015-02-10 17:48 - 2012-10-17 05:22 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Skype
2015-02-10 14:50 - 2009-07-14 05:45 - 00019520 ____H () H:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 14:50 - 2009-07-14 05:45 - 00019520 ____H () H:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 14:49 - 2009-07-14 06:13 - 00795894 _____ () H:\Windows\system32\PerfStringBackup.INI
2015-02-10 14:42 - 2009-07-14 06:08 - 00000006 ____H () H:\Windows\Tasks\SA.DAT
2015-02-10 14:24 - 2009-07-14 03:34 - 00000215 _____ () H:\Windows\system.ini
2015-02-10 13:45 - 2012-10-17 05:33 - 00000000 ____D () H:\Windows\pss
2015-02-10 13:44 - 2013-04-29 15:22 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\TS3Client
2015-02-10 13:44 - 2012-10-17 07:08 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\uTorrent
2015-02-10 11:21 - 2014-02-20 20:50 - 00000000 ____D () H:\Program Files (x86)\SpeedFan
2015-02-09 21:21 - 2014-01-19 17:30 - 00000000 ____D () H:\Program Files (x86)\Hearthstone
2015-02-09 17:35 - 2012-10-17 03:34 - 00000000 ___RD () H:\Users\Mattia\AppData\Local\MicrosoftNT
2015-02-08 19:31 - 2012-10-17 06:07 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\vlc
2015-02-08 09:32 - 2009-07-14 04:20 - 00000000 ____D () H:\Windows\system32\NDF
2015-02-07 21:01 - 2014-08-27 07:30 - 00002191 _____ () H:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 14:40 - 2012-10-17 07:58 - 00002441 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-06 14:08 - 2012-11-30 23:40 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\PandoraRecovery
2015-02-06 14:08 - 2012-11-30 23:24 - 00002016 _____ () H:\Users\Public\Desktop\Pandora Recovery.lnk
2015-02-06 14:08 - 2012-11-30 23:24 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-02-05 13:24 - 2012-10-17 07:42 - 00701616 _____ (Adobe Systems Incorporated) H:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:24 - 2012-10-17 07:42 - 00071344 _____ (Adobe Systems Incorporated) H:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 13:24 - 2012-10-17 07:42 - 00003768 _____ () H:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:04 - 2012-10-28 18:14 - 00000000 ____D () H:\ProgramData\Blizzard Entertainment
2015-01-28 23:02 - 2014-09-21 13:16 - 00000000 ____D () H:\Program Files (x86)\World of Warcraft
2015-01-28 22:54 - 2014-09-21 13:18 - 00001246 _____ () H:\Users\Public\Desktop\World of Warcraft.lnk
2015-01-27 21:27 - 2012-10-27 19:10 - 00000000 ____D () H:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 11:36 - 2014-07-31 14:29 - 00000000 ____D () H:\Program Files\ATI Technologies
2015-01-24 11:36 - 2014-06-18 08:48 - 00000000 ____D () H:\Program Files\AMD
2015-01-24 11:36 - 2013-04-27 10:49 - 00000000 ____D () H:\ProgramData\AMD
2015-01-24 11:35 - 2014-07-31 15:59 - 00000000 ____D () H:\Program Files (x86)\AMD
2015-01-17 23:48 - 2012-10-17 02:55 - 00000000 ____D () H:\Users\Mattia
2015-01-15 21:33 - 2014-08-08 14:02 - 00000000 ____D () H:\Program Files (x86)\WTFast
2015-01-14 23:05 - 2012-10-17 04:10 - 00000000 ___HD () H:\Program Files (x86)\InstallShield Installation Information
2015-01-14 23:00 - 2009-07-14 04:20 - 00000000 __RHD () H:\Users\Default
2015-01-14 22:56 - 2009-07-14 03:34 - 66584576 _____ () H:\Windows\system32\config\software.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 23855104 _____ () H:\Windows\system32\config\system.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\security.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\sam.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\default.bak
2015-01-14 22:51 - 2012-10-17 07:46 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Adobe
2015-01-11 19:38 - 2009-07-14 06:08 - 00032608 _____ () H:\Windows\Tasks\SCHEDLGU.TXT
2015-01-11 14:59 - 2013-05-08 20:59 - 00000000 ___RD () H:\Program Files (x86)\Skype
2015-01-11 14:58 - 2013-02-08 18:29 - 00000000 ____D () H:\ProgramData\Skype
2015-01-11 00:40 - 2012-10-20 05:42 - 00000000 ____D () H:\Users\Mattia\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-01-23 21:20 - 2014-06-11 15:37 - 0000132 _____ () H:\Users\Mattia\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-20 14:42 - 2014-02-20 01:52 - 0000954 _____ () H:\Users\Mattia\AppData\Roaming\pandacoin.conf
2014-04-03 09:25 - 2014-10-30 20:48 - 0000346 ___SH () H:\Users\Mattia\AppData\Local\70149b02515b3bb20dd492.47983420
2013-02-25 21:08 - 2013-02-25 21:08 - 0000094 _____ () H:\Users\Mattia\AppData\Local\fusioncache.dat
2014-08-02 18:57 - 2014-08-02 18:57 - 0000914 _____ () H:\Users\Mattia\AppData\Local\recently-used.xbel
2012-11-27 19:19 - 2014-09-24 13:01 - 0007597 _____ () H:\Users\Mattia\AppData\Local\Resmon.ResmonCfg
2014-08-27 21:16 - 2014-08-27 21:19 - 0000041 ___SH () H:\ProgramData\.zreglib

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

H:\Windows\System32\winlogon.exe => File is digitally signed
H:\Windows\System32\wininit.exe => File is digitally signed
H:\Windows\SysWOW64\wininit.exe => File is digitally signed
H:\Windows\explorer.exe => File is digitally signed
H:\Windows\SysWOW64\explorer.exe => File is digitally signed
H:\Windows\System32\svchost.exe => File is digitally signed
H:\Windows\SysWOW64\svchost.exe => File is digitally signed
H:\Windows\System32\services.exe => File is digitally signed
H:\Windows\System32\User32.dll => File is digitally signed
H:\Windows\SysWOW64\User32.dll => File is digitally signed
H:\Windows\System32\userinit.exe => File is digitally signed
H:\Windows\SysWOW64\userinit.exe => File is digitally signed
H:\Windows\System32\rpcss.dll => File is digitally signed
H:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 15:46

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Mattia at 2015-02-10 18:38:06
Running from H:\Users\Mattia\Contacts\Desktop\New folder
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Wheel Mouse 6.0.0.002 (HKLM-x32\...\WheelMouse) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
AutoCAD 2007 - Italiano (HKLM-x32\...\{5783F2D7-5001-0410-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Convert AVI to MP4 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version:  - convertavitomp4.com)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
GameRanger (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Gaming Mouse (HKLM-x32\...\Gaming Mouse) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\HappyCloud) (Version: 1.368 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
inSSIDer Office (HKLM-x32\...\{8C127DE3-EC36-4BA3-A6EE-6DC4A9B6C526}) (Version: 3.1.1.6 - MetaGeek, LLC)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021F0}) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MIView (HKLM-x32\...\MIView) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 it)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1042.0 - Passmark Software)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
To the Moon (HKLM-x32\...\To the Moon1.0) (Version: 1.0 - Foxy Games)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )
VidCoder 1.4.25 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.4.25 - RandomEngy)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1447828807-318650237-636904149-1000_Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 -> H:\Windows\system32\webcheck.dll (Microsoft Corporation)

==================== Restore Points  =========================

30-01-2015 16:12:18 Installed League of Legends
30-01-2015 16:12:25 Installed DirectX
30-01-2015 20:30:20 Windows Update
03-02-2015 12:36:26 Windows Update
06-02-2015 20:06:55 ComboFix created restore point
07-02-2015 12:38:23 Windows Update
10-02-2015 13:31:29 Punto di controllo di HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-14 22:56 - 2015-02-10 15:18 - 00450029 ____R H:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17C10178-BFD2-4E04-A826-C3D88645E5FE} - System32\Tasks\GoogleUpdateTaskMachineCore => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {20BE280D-3A4B-460A-9A47-8D930E5751B9} - System32\Tasks\{9D3A29A5-4998-49BC-8806-6547725358BF} => E:\INSTALL.EXE
Task: {245BBB87-17F2-4F07-AECB-75442221B552} - System32\Tasks\ASUS\ASUS Update Checker => H:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {28FD2AC3-EA1D-401B-9BBB-DDC6BEE50FF3} - System32\Tasks\{FD3D6992-7DD0-4150-956D-E1A22717C0BC} => C:\Grim\Grim Fandango Launcher.exe
Task: {2EF478BC-61F3-46D2-ABEA-D1D69DFC9342} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {31E997AC-6F55-4F41-861A-95F21297ADB3} - System32\Tasks\{053A56D5-6B94-4626-B17E-E4F7A32237E1} => E:\INSTALL.EXE
Task: {3FE3273B-9A93-4A3C-A049-C8D9C0E024AF} - System32\Tasks\{C952F0C0-276F-4FA7-913E-8865C000B5E8} => E:\INSTALL.EXE
Task: {47C9C1CC-974E-4CAB-9B57-6D758A3C9CD2} - System32\Tasks\{1F169528-9668-427F-87A7-005CD5B59BFE} => H:\Users\Mattia\Desktop\Thief 2 The Metal Age\Thief2\thief2.exe
Task: {4D199495-7F33-4B9B-A72F-220DC03FFBF4} - System32\Tasks\GoogleUpdateTaskMachineUA => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {4EDE3656-1A45-4CB8-8706-CD4CBEF012AE} - System32\Tasks\{D95E3B7E-3A4C-49FC-A80F-1BDCB065C292} => E:\INSTALL.EXE
Task: {523EBA05-F320-4E10-95B6-4ECEB7B38F36} - System32\Tasks\{3A0A442E-8149-46F3-8704-692C349DDB77} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {54637438-9341-43A1-91AA-1EDD58942A24} - System32\Tasks\{FA197170-8D66-4806-B001-508270947269} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {5726AED3-4D26-4B18-A231-C5F9B502B9B0} - System32\Tasks\{8A78E1E0-43A4-41E8-9CA9-EC0BE9A0707B} => E:\INSTALL.EXE
Task: {65BE1B34-A9DA-4CE4-8A9C-AC88D10BCA48} - System32\Tasks\{443A561F-D473-4C32-B422-8BA142744B51} => E:\INSTALL.EXE
Task: {6809353C-1715-4E64-8206-D9E129D15FF7} - System32\Tasks\{0AD8FF27-59DA-4A06-B585-23CB1C4956ED} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {7226D2EC-2883-4222-885A-104FF7940B95} - System32\Tasks\{788D08F6-6FEE-4551-A6F8-91A8F6C4E467} => E:\INSTALL.EXE
Task: {7B77D393-76A1-49A2-A544-3B1672ED03BC} - System32\Tasks\{0C153D8E-6917-4326-8077-D4DEBE8B3854} => E:\INSTALL.EXE
Task: {7C9868DC-A3D9-4316-BF6A-9B5956D87A40} - System32\Tasks\{9BB10019-52F4-48B9-B2AF-B3F60A001C01} => H:\Program Files (x86)\Silver\silver.exe
Task: {8A889BD1-2AB9-4AF6-BF38-B9391F187AF5} - System32\Tasks\{8871D64B-3739-481B-8476-EBD58CD726AD} => H:\Users\Mattia\Desktop\Thief 2 The Metal Age\Thief2\thief2.exe
Task: {96260C12-92F6-4723-9C48-446DFB568152} - System32\Tasks\{53E9398C-664D-4278-AC34-C5449719B377} => E:\SETUP.EXE
Task: {A2AE9D68-763A-4C84-B4D6-9D415E98A33A} - System32\Tasks\{0EA80CDD-61B7-417E-96A5-9121EC2DC744} => H:\Users\Mattia\Downloads\msabtf.exe
Task: {B15DFEDB-225B-4BC0-9A58-F8B79E2F795D} - System32\Tasks\{8B992ED2-1F6B-4314-8A10-4F1D97D9AD98} => pcalua.exe -a C:\Magicka\Dependencies\dotnetfx35.exe -d C:\Magicka\Dependencies
Task: {B2150954-05B8-48E2-8621-C66D3DBA1DBD} - System32\Tasks\{B3B92E4D-DC7A-433C-8F40-B9C919EB56CA} => E:\Setup.exe
Task: {B464C02F-51DF-407B-BB43-F54A69984161} - System32\Tasks\{CCA70101-88D6-42D1-8DFC-DDFD21859704} => H:\Program Files (x86)\Deep Silver\Risen\bin\Risen.exe
Task: {B4C2404A-448C-4AF3-A48B-8E0A62BA36C9} - System32\Tasks\elbyExecuteWithUAC => H:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {B5A84D81-F97C-4D7E-9656-26868EBE3FC5} - System32\Tasks\Adobe Flash Player Updater => H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BA615D25-4593-48BA-B89C-91AB4BC95488} - System32\Tasks\{B723568E-04C9-480D-A0CB-19394A5B5F08} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {BB4E3CEC-CB36-44A8-8469-D63C16A837B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C4C3842C-94DD-4ECB-B083-6F4F2F9BFB32} - System32\Tasks\{9E0038CD-1F8F-4D86-83C3-DA6E47434EAC} => pcalua.exe -a "H:\Program Files (x86)\Paradox Interactive\Magicka\Dependencies\dotnetfx35.exe" -d "H:\Program Files (x86)\Paradox Interactive\Magicka\Dependencies"
Task: {C57A44D5-4230-4108-861D-42E1B9C3E48F} - System32\Tasks\{B355A456-6C58-4D6B-8B7D-7746A177371C} => E:\SETUP.EXE
Task: {C91F2CB9-2303-4662-AA8F-D741253074D9} - System32\Tasks\{3E508D56-8275-4C6F-A304-30A04F64A175} => E:\INSTALL.EXE
Task: {C94F4623-69DF-4E53-A20E-6F4776F63C7E} - System32\Tasks\{212D1F42-1C06-43F0-A2A1-C0EA6971A983} => F:\World of Warcraft 4.3.4.15595 FREAKZ Edition\Wow.exe
Task: {CEFB49FF-0ECB-42C6-94D3-197696335735} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {D2F6C7D7-7962-41C7-BE52-5EBA111BBEE4} - System32\Tasks\{869D0DA4-DC15-4023-ADDB-E2E0F46A25F9} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {D3A6BF7B-8B2D-4271-8210-17A3977205A6} - System32\Tasks\{C2C9CC36-1F13-4E91-AAE3-CC44E0F2CABC} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {D4BD8132-D73F-4F72-874E-64DA4738BAD3} - System32\Tasks\{35174E8D-1A4D-43D0-8C0D-73D20D302B9D} => E:\INSTALL.EXE
Task: {DEBE875B-8AD1-44AA-8764-A5A4EAA24EC9} - System32\Tasks\{ED12DD76-457F-477F-97F4-AD4342AD70C6} => E:\INSTALL.EXE
Task: {E5014C85-DA55-433A-995C-5B8563C4F2B5} - System32\Tasks\{DE39CE2D-F3A6-478E-847E-6B41ACF66E11} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {E8F183CD-F332-43DC-9A5F-E20A00888D00} - System32\Tasks\{187908E2-1B0D-40CA-BDED-3130E47754F7} => pcalua.exe -a "C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GhostReconSetup\GhostReconSetup.exe" -d "C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GhostReconSetup"
Task: {ECEAF003-8681-42BD-97E9-3CEAD339D862} - System32\Tasks\{9B84CF95-A1E2-4D6F-8D75-2B8F153B3FC2} => H:\Program Files (x86)\Deep Silver\Risen\bin\Risen.exe
Task: {EFBCA4C1-3E2A-4C12-B82D-D9C38053B3E1} - System32\Tasks\{27F485DC-0698-49EA-84E9-B9C84BAEA3FE} => F:\World of Warcraft 4.3.4.15595 FREAKZ Edition\Wow.exe
Task: {F471086A-C752-4786-B54C-5CC54D8AC32C} - System32\Tasks\ASUS\ASUS SIX Engine => H:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {F9F7369C-801B-40CD-A0EC-37AED84B2DF7} - System32\Tasks\{D5034AF3-2F2E-4EC5-998E-62A633866860} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: H:\Windows\Tasks\Adobe Flash Player Updater.job => H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-10 13:36 - 2009-04-02 11:27 - 00090112 _____ () H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2015-02-06 17:12 - 2015-02-06 17:12 - 01640448 _____ () h:\Program Files (x86)\TampaEngine\TampaEngine.dll
2014-08-10 17:31 - 2009-03-19 21:35 - 00208896 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2014-08-10 17:31 - 2009-03-19 21:35 - 00008704 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2014-08-10 17:31 - 2009-01-15 13:55 - 00565248 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2014-08-10 17:31 - 2009-03-25 15:53 - 00053248 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2015-02-10 12:46 - 2014-05-13 12:04 - 00109400 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-10 12:46 - 2014-05-13 12:04 - 00416600 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-10 12:46 - 2014-05-13 12:04 - 00167768 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-10 12:46 - 2012-08-23 10:38 - 00574840 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-10 12:46 - 2012-04-03 17:06 - 00565640 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-27 20:01 - 2015-01-27 20:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1447828807-318650237-636904149-1000\Control Panel\Desktop\\Wallpaper -> H:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: H:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SpeedFan.lnk => H:\Windows\pss\SpeedFan.lnk.CommonStartup
MSCONFIG\startupfolder: H:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => H:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: uTorrent => "H:\Users\Mattia\AppData\Roaming\uTorrent\uTorrent.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1447828807-318650237-636904149-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1447828807-318650237-636904149-1005 - Limited - Enabled)
Guest (S-1-5-21-1447828807-318650237-636904149-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1447828807-318650237-636904149-1003 - Limited - Enabled)
Mattia (S-1-5-21-1447828807-318650237-636904149-1000 - Administrator - Enabled) => H:\Users\Mattia

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (02/10/2015 01:47:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3264) Windows: Error -1811 occurred while opening logfile H:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00495.log.


System errors:
=============
Error: (02/10/2015 02:24:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/10/2015 02:22:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/10/2015 02:21:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS System Control Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/10/2015 02:19:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/10/2015 02:19:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/10/2015 01:47:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/10/2015 01:47:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (02/10/2015 11:19:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error: (02/10/2015 11:19:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\H:\Windows\system32\DB32.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/10/2015 11:19:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MEMSWEEP2 service failed to start due to the following error:
%%1275


Microsoft Office Sessions:
=========================
Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (02/10/2015 01:47:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3264Windows: H:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00495.log-1811


CodeIntegrity Errors:
===================================
  Date: 2015-02-10 11:19:14.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.675
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:39.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:39.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:16.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\72BF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:15.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\72BF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 17:36:37.026
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\9991.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 17:36:36.948
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\9991.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom II X4 965 Processor
Percentage of memory in use: 40%
Total physical RAM: 4094.05 MB
Available physical RAM: 2418.77 MB
Total Pagefile: 8186.29 MB
Available Pagefile: 6276.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:50.54 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:119.24 GB) (Free:26.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: C6ADA90E)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 20722071)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Your Chrome has been broken. You'll have to reinstall it later.

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startCreateRestorePoint:CloseProcesses:GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1447828807-318650237-636904149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =SearchScopes: HKU\S-1-5-21-1447828807-318650237-636904149-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin HKU\S-1-5-21-1447828807-318650237-636904149-1000: ubisoft.com/uplaypc -> C:\farcry\Ubisoft Game Launcher\npuplaypc.dll No FileFF SearchPlugin: H:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xmlR2 66460fbe; h:\Program Files (x86)\TampaEngine\TampaEngine.dll [1640448 2015-02-06] () [File not signed]h:\Program Files (x86)\TampaEngineS3 catchme; \??\H:\ComboFix\catchme.sys [X]U3 aswMBR; \??\H:\Users\Mattia\AppData\Local\Temp\aswMBR.sys [X]U3 aswVmm; \??\H:\Users\Mattia\AppData\Local\Temp\aswVmm.sys [X]cmd: type H:\ComboFix.txt2015-02-06 17:12 - 2015-02-06 17:12 - 00000000 ____D () H:\Program Files (x86)\TampaEngine2015-02-06 17:10 - 2015-02-06 17:10 - 00000000 ____D () H:\ProgramData\ieglohkjilgeaebhlihohjkjhbmdjlof2015-02-06 17:10 - 2015-02-06 17:10 - 00000000 ____D () H:\Program Files (x86)\uniSaales2015-02-06 17:09 - 2015-02-06 18:17 - 00000000 ____D () H:\ProgramData\{087c5a26-d0cb-cabf-087c-c5a26d0c689b}EmptyTemp:end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 01
Ran by Mattia at 2015-02-11 16:31:41 Run:1
Running from H:\Users\Mattia\Contacts\Desktop\New folder
Loaded Profiles: Mattia (Available profiles: Mattia)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1447828807-318650237-636904149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-1447828807-318650237-636904149-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1447828807-318650237-636904149-1000: ubisoft.com/uplaypc -> C:\farcry\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: H:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
R2 66460fbe; h:\Program Files (x86)\TampaEngine\TampaEngine.dll [1640448 2015-02-06] () [File not signed]
h:\Program Files (x86)\TampaEngine
S3 catchme; \??\H:\ComboFix\catchme.sys [X]
U3 aswMBR; \??\H:\Users\Mattia\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\H:\Users\Mattia\AppData\Local\Temp\aswVmm.sys [X]
cmd: type H:\ComboFix.txt
2015-02-06 17:12 - 2015-02-06 17:12 - 00000000 ____D () H:\Program Files (x86)\TampaEngine
2015-02-06 17:10 - 2015-02-06 17:10 - 00000000 ____D () H:\ProgramData\ieglohkjilgeaebhlihohjkjhbmdjlof
2015-02-06 17:10 - 2015-02-06 17:10 - 00000000 ____D () H:\Program Files (x86)\uniSaales
2015-02-06 17:09 - 2015-02-06 18:17 - 00000000 ____D () H:\ProgramData\{087c5a26-d0cb-cabf-087c-c5a26d0c689b}
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
H:\Windows\system32\GroupPolicy\Machine => Moved successfully.
H:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1447828807-318650237-636904149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1447828807-318650237-636904149-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKU\S-1-5-21-1447828807-318650237-636904149-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\farcry\Ubisoft Game Launcher\npuplaypc.dll not found.
H:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml => Moved successfully.
66460fbe => Service deleted successfully.
h:\Program Files (x86)\TampaEngine => Moved successfully.
catchme => Service deleted successfully.
aswMBR => Service not found.
aswVmm => Service not found.

=========  type H:\ComboFix.txt =========

ComboFix 15-02-09.01 - Mattia 10/02/2015  14:21:03.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1033.18.4094.2735 [GMT 1:00]
Eseguito da: h:\users\Mattia\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-01-10 al 2015-02-10  )))))))))))))))))))))))))))))))))))
.
.
2015-02-10 13:23 . 2015-02-10 13:23    --------    d-----w-    h:\users\HomeGroupUser$\AppData\Local\temp
2015-02-10 13:23 . 2015-02-10 13:23    --------    d-----w-    h:\users\Guest\AppData\Local\temp
2015-02-10 13:23 . 2015-02-10 13:23    --------    d-----w-    h:\users\Default\AppData\Local\temp
2015-02-10 13:23 . 2015-02-10 13:23    --------    d-----w-    h:\users\ASPNET\AppData\Local\temp
2015-02-10 13:23 . 2015-02-10 13:23    --------    d-----w-    h:\users\Administrator\AppData\Local\temp
2015-02-10 12:06 . 2015-02-10 12:31    --------    d-----w-    h:\programdata\HitmanPro
2015-02-10 11:46 . 2013-09-20 09:49    21040    ----a-w-    h:\windows\system32\sdnclean64.exe
2015-02-10 11:46 . 2015-02-10 11:52    --------    d-----w-    h:\program files (x86)\Spybot - Search & Destroy 2
2015-02-10 11:24 . 2015-02-10 12:23    --------    d-----w-    h:\programdata\Spybot - Search & Destroy
2015-02-10 11:24 . 2015-02-10 11:46    --------    d-----w-    h:\program files (x86)\Spybot - Search & Destroy
2015-02-10 11:15 . 2015-02-10 11:15    --------    d-----w-    H:\FRST
2015-02-10 11:03 . 2015-02-10 11:03    37624    ----a-w-    h:\windows\system32\drivers\TrueSight.sys
2015-02-10 11:03 . 2015-02-10 11:03    --------    d-----w-    h:\programdata\RogueKiller
2015-02-10 09:18 . 2011-08-25 08:33    6144    ------w-    h:\windows\system32\DB32.tmp
2015-02-10 09:18 . 2011-08-25 08:33    6144    ------w-    h:\windows\system32\72BF.tmp
2015-02-09 16:36 . 2011-08-25 08:33    6144    ------w-    h:\windows\system32\9991.tmp
2015-02-09 16:36 . 2015-02-09 16:36    --------    d-----w-    h:\users\Mattia\AppData\Local\SecTaskMan
2015-02-09 16:36 . 2015-02-09 16:39    --------    d-----w-    h:\programdata\SecTaskMan
2015-02-09 16:36 . 2015-02-09 16:36    --------    d-----w-    h:\program files (x86)\Security Task Manager
2015-02-09 16:36 . 2011-08-25 08:33    6144    ------w-    h:\windows\system32\318B.tmp
2015-02-09 16:36 . 2015-02-09 16:36    --------    d-----w-    h:\program files (x86)\Sophos
2015-02-09 16:27 . 2014-12-02 10:26    11870360    ----a-w-    h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C878A146-233A-44FA-A624-2600247B4257}\mpengine.dll
2015-02-08 14:22 . 2014-12-02 10:26    11870360    ----a-w-    h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-07 11:38 . 2014-09-17 09:13    1188440    ----a-w-    h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E13F789F-6119-4318-ABD9-E89902DD464D}\gapaengine.dll
2015-02-06 16:14 . 2015-02-06 16:14    --------    d-----w-    h:\users\Mattia\AppData\Roaming\EZDownloader
2015-02-06 16:12 . 2015-02-06 16:12    --------    d-----w-    h:\program files (x86)\TampaEngine
2015-02-06 16:10 . 2015-02-06 16:10    --------    d-----w-    h:\program files (x86)\uniSaales
2015-02-06 16:10 . 2015-02-06 16:10    --------    d-----w-    h:\programdata\ieglohkjilgeaebhlihohjkjhbmdjlof
2015-02-06 16:09 . 2015-02-06 17:17    --------    d-----w-    h:\programdata\{087c5a26-d0cb-cabf-087c-c5a26d0c689b}
2015-02-06 13:08 . 2015-02-06 13:19    --------    d-----w-    h:\program files (x86)\Pandora Recovery
2015-01-24 10:36 . 2015-01-24 10:36    --------    d-----w-    h:\programdata\ATI
2015-01-21 14:54 . 2015-01-30 15:12    --------    d-----w-    h:\users\Mattia\AppData\Roaming\Riot Games
2015-01-14 21:15 . 2015-01-14 21:19    --------    d-----w-    H:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 12:24 . 2012-10-17 06:42    71344    ----a-w-    h:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 12:24 . 2012-10-17 06:42    701616    ----a-w-    h:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 11:14 . 2012-10-17 04:31    298120    ------w-    h:\windows\system32\MpSigStub.exe
2014-11-21 02:44 . 2014-11-21 02:44    128384    ----a-w-    h:\windows\system32\amdhcp64.dll
2014-11-21 02:44 . 2014-11-21 02:44    118096    ----a-w-    h:\windows\SysWow64\amdhcp32.dll
2014-11-21 02:44 . 2014-11-21 02:44    78432    ----a-w-    h:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-11-21 02:44    78432    ----a-w-    h:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-11-21 02:44    71704    ----a-w-    h:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-11-21 02:44    71704    ----a-w-    h:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2014-09-15 22:31    144328    ----a-w-    h:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2014-11-21 02:44    126848    ----a-w-    h:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-11-21 02:44    118096    ----a-w-    h:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2014-11-21 02:44    100032    ----a-w-    h:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:44 . 2014-09-15 22:31    1348928    ----a-w-    h:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2014-11-21 02:44    1127496    ----a-w-    h:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2014-09-15 22:31    11076784    ----a-w-    h:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2014-11-21 02:44    9401480    ----a-w-    h:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-11-21 02:43    7558816    ----a-w-    h:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-11-21 02:43    7077776    ----a-w-    h:\windows\SysWow64\atiumdag.dll
2014-11-21 02:43 . 2014-11-21 02:43    8379720    ----a-w-    h:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-11-21 02:43    8369408    ----a-w-    h:\windows\system32\atiumd64.dll
2014-11-21 02:41 . 2014-11-21 02:41    294600    ----a-w-    h:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-11-21 02:40    18959360    ----a-w-    h:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-11-21 02:33    235008    ----a-w-    h:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-11-21 02:33    98816    ----a-w-    h:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-11-21 02:33    83456    ----a-w-    h:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-11-21 02:33    86528    ----a-w-    h:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-11-21 02:33    73216    ----a-w-    h:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-11-21 02:33    47899136    ----a-w-    h:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-11-21 02:32    40987136    ----a-w-    h:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-11-21 02:31    65024    ----a-w-    h:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-11-21 02:31    58880    ----a-w-    h:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-11-21 02:24    28354560    ----a-w-    h:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-11-21 02:19    23621632    ----a-w-    h:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-11-21 02:19    49664    ----a-w-    h:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-11-21 02:19    38912    ----a-w-    h:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-11-21 02:18    127488    ----a-w-    h:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-11-21 02:18    113664    ----a-w-    h:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-11-21 02:18    5837312    ----a-w-    h:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-11-21 02:17    367104    ----a-w-    h:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-11-21 02:17    62464    ----a-w-    h:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-11-21 02:17    52224    ----a-w-    h:\windows\SysWow64\aticalrt.dll
2014-11-21 02:16 . 2014-11-21 02:16    55808    ----a-w-    h:\windows\system32\aticalcl64.dll
2014-11-21 02:16 . 2014-11-21 02:16    49152    ----a-w-    h:\windows\SysWow64\aticalcl.dll
2014-11-21 02:16 . 2014-11-21 02:16    15716352    ----a-w-    h:\windows\system32\aticaldd64.dll
2014-11-21 02:16 . 2014-11-21 02:16    14302208    ----a-w-    h:\windows\SysWow64\aticaldd.dll
2014-11-21 02:15 . 2014-11-21 02:15    4590592    ----a-w-    h:\windows\SysWow64\amdmantle32.dll
2014-11-21 02:13 . 2014-11-21 02:13    91648    ----a-w-    h:\windows\system32\mantleaxl64.dll
2014-11-21 02:13 . 2014-11-21 02:13    85504    ----a-w-    h:\windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12 . 2014-11-21 02:12    442368    ----a-w-    h:\windows\system32\atidemgy.dll
2014-11-21 02:12 . 2014-11-21 02:12    31232    ----a-w-    h:\windows\system32\atimuixx.dll
2014-11-21 02:12 . 2014-11-21 02:12    774656    ----a-w-    h:\windows\system32\atieclxx.exe
2014-11-21 02:12 . 2014-11-21 02:12    244736    ----a-w-    h:\windows\system32\atiesrxx.exe
2014-11-21 02:12 . 2014-11-21 02:12    190976    ----a-w-    h:\windows\system32\atitmm64.dll
2014-11-21 02:10 . 2014-11-21 02:10    843776    ----a-w-    h:\windows\system32\coinst_14.50.dll
2014-11-21 02:09 . 2014-11-21 02:09    95744    ----a-w-    h:\windows\system32\amdave64.dll
2014-11-21 02:09 . 2014-11-21 02:09    90112    ----a-w-    h:\windows\SysWow64\amdave32.dll
2014-11-21 02:09 . 2014-11-21 02:09    89088    ----a-w-    h:\windows\system32\atisamu64.dll
2014-11-21 02:09 . 2014-11-21 02:09    80896    ----a-w-    h:\windows\SysWow64\atisamu32.dll
2014-11-21 02:09 . 2014-11-21 02:09    1214976    ----a-w-    h:\windows\system32\atiadlxx.dll
2014-11-21 02:09 . 2014-07-09 15:20    903168    ----a-w-    h:\windows\SysWow64\atiadlxy.dll
2014-11-21 02:09 . 2014-11-21 02:09    75264    ----a-w-    h:\windows\system32\atig6pxx.dll
2014-11-21 02:09 . 2014-11-21 02:09    69632    ----a-w-    h:\windows\SysWow64\atiglpxx.dll
2014-11-21 02:09 . 2014-11-21 02:09    69632    ----a-w-    h:\windows\system32\atiglpxx.dll
2014-11-21 02:08 . 2014-11-21 02:08    146944    ----a-w-    h:\windows\system32\atig6txx.dll
2014-11-21 02:08 . 2014-11-21 02:08    133632    ----a-w-    h:\windows\SysWow64\atigktxx.dll
2014-11-21 02:08 . 2014-11-21 02:08    589312    ----a-w-    h:\windows\system32\drivers\atikmpag.sys
2014-11-21 02:08 . 2014-11-21 02:08    43520    ----a-w-    h:\windows\system32\drivers\ati2erec.dll
2014-11-20 20:36 . 2014-11-20 20:36    51200    ----a-w-    h:\windows\system32\kdbsdk64.dll
2014-11-20 20:35 . 2014-11-20 20:35    38912    ----a-w-    h:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="h:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="h:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AsSysCtrlService;ASUS System Control Service;h:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;h:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;h:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;h:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;h:\program files (x86)\Skype\Updater\Updater.exe;h:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;h:\windows\system32\Drivers\ssadadb.sys;h:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);h:\windows\system32\DRIVERS\ssudbus.sys;h:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo64.sys;c:\program files (x86)\PerformanceTest\DirectIo64.sys [x]
R3 DrvAgent64;DrvAgent64;h:\windows\SysWOW64\Drivers\DrvAgent64.SYS;h:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;h:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;h:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;h:\windows\system32\DRIVERS\libusb0.sys;h:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;h:\windows\system32\DB32.tmp;h:\windows\SYSNATIVE\DB32.tmp [x]
R3 NisDrv;Microsoft Network Inspection System;h:\windows\system32\DRIVERS\NisDrvWFP.sys;h:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;h:\program files\Microsoft Security Client\NisSrv.exe;h:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;h:\windows\system32\drivers\nmwcdnsucx64.sys;h:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;h:\windows\system32\drivers\nmwcdnsux64.sys;h:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 PAC207;Trust 100K Series Webcam;h:\windows\system32\DRIVERS\PFC027.SYS;h:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);h:\windows\system32\DRIVERS\ssadbus.sys;h:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);h:\windows\system32\DRIVERS\ssadmdfl.sys;h:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;h:\windows\system32\DRIVERS\ssadmdm.sys;h:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);h:\windows\system32\DRIVERS\ssadserd.sys;h:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);h:\windows\system32\DRIVERS\ssudmdm.sys;h:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\tsusbflt.sys;h:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbUDisc;usbUDisc;h:\windows\system32\DRIVERS\USBDrv_AMD64.sys;h:\windows\SYSNATIVE\DRIVERS\USBDrv_AMD64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;h:\windows\system32\Wat\WatAdminSvc.exe;h:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 66460fbe;TampaEngine;h:\windows\system32\rundll32.exe;h:\windows\SYSNATIVE\rundll32.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;h:\windows\system32\atiesrxx.exe;h:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;h:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;h:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;h:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;h:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;h:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;h:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\Malwarebytes' Anti-Malware\mbamservice.exe;c:\malwarebytes' anti-malware\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;h:\program files (x86)\PDF Architect\HelperService.exe;h:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;h:\program files (x86)\PDF Architect\ConversionService.exe;h:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;h:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;h:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;h:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;h:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;h:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;h:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Sentinel64;Sentinel64;h:\windows\System32\Drivers\Sentinel64.sys;h:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;h:\windows\system32\drivers\AtihdW76.sys;h:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys;h:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;h:\windows\system32\DRIVERS\nusb3hub.sys;h:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;h:\windows\system32\DRIVERS\nusb3xhc.sys;h:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;h:\windows\system32\DRIVERS\Rt64win7.sys;h:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;h:\windows\system32\DRIVERS\usbfilter.sys;h:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;h:\windows\system32\DRIVERS\whfltr2k.sys;h:\windows\SYSNATIVE\DRIVERS\whfltr2k.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-07 20:00    1086280    ----a-w-    h:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-02-10 h:\windows\Tasks\Adobe Flash Player Updater.job
- h:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-17 12:24]
.
2015-02-10 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07 19:59]
.
2015-02-10 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07 19:59]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = h:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = h:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{FB74242B-85B0-46B7-8932-E2E31EF3D044}: NameServer = 208.67.222.222,195.27.150.42
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-93867497.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\h:\windows\system32\DB32.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2015-02-10  14:25:39
ComboFix-quarantined-files.txt  2015-02-10 13:25
ComboFix2.txt  2015-02-06 19:14
.
Pre-Run: 29.164.498.944 bytes free
Post-Run: 28.911.947.776 bytes free
.
- - End Of File - - 3007F0035FCC18FA204A43F7545DCDF6
A36C5E4F47E84449FF07ED3517B43A31

========= End of CMD: =========

"H:\Program Files (x86)\TampaEngine" => File/Directory not found.
H:\ProgramData\ieglohkjilgeaebhlihohjkjhbmdjlof => Moved successfully.
H:\Program Files (x86)\uniSaales => Moved successfully.
H:\ProgramData\{087c5a26-d0cb-cabf-087c-c5a26d0c689b} => Moved successfully.
EmptyTemp: => Removed 82.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:31:51 ====

Link to post
Share on other sites

OK, re-run FRST.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01
Ran by Mattia (administrator) on RAFT on 11-02-2015 17:20:07
Running from H:\Users\Mattia\Contacts\Desktop\New folder
Loaded Profiles: Mattia (Available profiles: Mattia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) H:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) H:\Windows\System32\atiesrxx.exe
(AMD) H:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) H:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Ellora Assets Corp.) H:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) H:\Program Files\Microsoft Security Client\msseces.exe
(pdfforge GmbH) H:\Program Files (x86)\PDF Architect\HelperService.exe
(Renesas Electronics Corporation) H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(pdfforge GmbH) H:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ATI Technologies Inc.) H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) H:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) H:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => h:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [startCCC] => H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sDTray] => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers-x32: [Gestore icona firma digitale di AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => H:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1447828807-318650237-636904149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> H:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> H:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{FB74242B-85B0-46B7-8932-E2E31EF3D044}: [NameServer] 208.67.222.222,195.27.150.42

FireFox:
========
FF ProfilePath: H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> H:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> H:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> H:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> H:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> H:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1447828807-318650237-636904149-1000: thehappycloud.com/HappyCloudPlugin -> H:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: Adblock Plus - H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: DownThemAll! - H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF Extension: Skype Click to Call - H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-12]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-30]
CHR Extension: (YouTube) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Adblock Plus) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-18]
CHR Extension: (Google Search) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-10-18]
CHR Extension: (AdBlock) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-27]
CHR Extension: (Ghostery) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-28]
CHR Extension: (Google Wallet) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]
CHR Extension: (Gmail) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
S3 Autodesk Licensing Service; H:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-09-07] (Autodesk)
S3 FLEXnet Licensing Service 64; H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-10-23] (Macrovision Europe Ltd.) [File not signed]
R2 FreemakeVideoCapture; H:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-22] (Ellora Assets Corp.) [File not signed]
S3 IDriverT; H:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; h:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; h:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PDF Architect Helper Service; H:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; H:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; H:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; H:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; H:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; H:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; H:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; H:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; H:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; H:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; H:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-02-10] ()
S3 DIRECTIO; C:\Program Files (x86)\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R3 ElbyCDFL; H:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; H:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 libusb0; H:\Windows\System32\DRIVERS\libusb0.sys [43456 2011-01-30] (http://libusb-win32.sourceforge.net)
R2 lirsgt; H:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-09] ()
R0 MBAMSwissArmy; H:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)
S3 MEMSWEEP2; H:\Windows\system32\DB32.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R0 MpFilter; H:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 MTsensor; H:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; H:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 PAC207; H:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.)
R2 Sentinel64; H:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 usbUDisc; H:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2013-11-03] (Scott)
R3 whfltr2k; H:\Windows\System32\DRIVERS\whfltr2k.sys [9600 2007-01-26] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 16:38 - 2015-02-11 16:38 - 00000020 _____ () H:\Users\Mattia\AppData\Roaming\appdataFr3.bin
2015-02-11 12:39 - 2015-02-11 12:39 - 00000000 ____D () H:\ProgramData\Red AdBlocker
2015-02-11 11:58 - 2015-02-11 16:32 - 00000168 _____ () H:\Windows\setupact.log
2015-02-11 11:58 - 2015-02-11 11:58 - 04911176 _____ () H:\Windows\system32\FNTCACHE.DAT
2015-02-11 11:58 - 2015-02-11 11:58 - 00091480 _____ () H:\Users\Mattia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-11 11:58 - 2015-02-11 11:58 - 00000000 _____ () H:\Windows\setuperr.log
2015-02-10 19:56 - 2015-02-10 19:56 - 00000000 ____D () H:\Users\Mattia\Documents\ProcAlyzer Dumps
2015-02-10 17:49 - 2015-02-10 17:50 - 00129752 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 17:49 - 2015-02-10 17:49 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 17:49 - 2015-02-10 17:49 - 00000000 ____D () H:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-10 17:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 17:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\mwac.sys
2015-02-10 14:47 - 2015-02-10 14:47 - 00060934 _____ () H:\Users\Mattia\Downloads\Shortcut.txt
2015-02-10 14:46 - 2015-02-10 14:56 - 00054463 _____ () H:\Users\Mattia\Downloads\FRST.txt
2015-02-10 14:25 - 2015-02-10 14:25 - 00025745 _____ () H:\ComboFix.txt
2015-02-10 13:23 - 2015-02-10 13:23 - 00000192 _____ () H:\Windows\wininit.ini
2015-02-10 13:06 - 2015-02-10 13:31 - 00000000 ____D () H:\ProgramData\HitmanPro
2015-02-10 12:46 - 2015-02-10 12:52 - 00000000 ____D () H:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-10 12:46 - 2015-02-10 12:46 - 00001401 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-10 12:46 - 2015-02-10 12:46 - 00001389 _____ () H:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-10 12:46 - 2015-02-10 12:46 - 00000000 ____D () H:\Windows\System32\Tasks\Safer-Networking
2015-02-10 12:46 - 2015-02-10 12:46 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-10 12:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) H:\Windows\system32\sdnclean64.exe
2015-02-10 12:36 - 2015-02-06 20:12 - 00000027 _____ () H:\Windows\system32\Drivers\etc\hosts.20150210-123628.backup
2015-02-10 12:29 - 2015-02-10 12:30 - 46525608 _____ (Safer-Networking Ltd. ) H:\Users\Mattia\Downloads\spybot-2.4.exe
2015-02-10 12:24 - 2015-02-10 15:18 - 00000000 ____D () H:\ProgramData\Spybot - Search & Destroy
2015-02-10 12:24 - 2015-02-10 12:46 - 00000000 ____D () H:\Program Files (x86)\Spybot - Search & Destroy
2015-02-10 12:15 - 2015-02-11 17:20 - 00000000 ____D () H:\FRST
2015-02-10 12:15 - 2015-02-10 14:47 - 00039411 _____ () H:\Users\Mattia\Downloads\Addition.txt
2015-02-10 12:11 - 2015-02-10 12:11 - 02132992 _____ (Farbar) H:\Users\Mattia\Downloads\FRST64.exe
2015-02-10 12:03 - 2015-02-11 15:11 - 00037624 _____ () H:\Windows\system32\Drivers\TrueSight.sys
2015-02-10 12:03 - 2015-02-10 12:03 - 13946571 _____ () H:\Users\Mattia\Downloads\SysinternalsSuite.zip
2015-02-10 12:03 - 2015-02-10 12:03 - 00000000 ____D () H:\ProgramData\RogueKiller
2015-02-10 12:02 - 2015-02-10 12:02 - 18570328 _____ () H:\Users\Mattia\Downloads\RogueKillerX64.exe
2015-02-10 12:01 - 2015-02-10 12:01 - 00380416 _____ () H:\Users\Mattia\Downloads\ld6h1zqy.exe
2015-02-10 10:18 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\DB32.tmp
2015-02-10 10:18 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\72BF.tmp
2015-02-09 17:40 - 2015-02-09 17:40 - 05611930 ____R (Swearware) H:\Users\Mattia\Downloads\ComboFix.exe
2015-02-09 17:36 - 2015-02-10 18:36 - 00000000 ____D () H:\Program Files (x86)\Sophos
2015-02-09 17:36 - 2015-02-09 17:39 - 00000000 ____D () H:\ProgramData\SecTaskMan
2015-02-09 17:36 - 2015-02-09 17:36 - 00001168 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00001157 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00001145 _____ () H:\Users\Public\Desktop\Security Task Manager.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00000000 ____D () H:\Users\Mattia\AppData\Local\SecTaskMan
2015-02-09 17:36 - 2015-02-09 17:36 - 00000000 ____D () H:\Program Files (x86)\Security Task Manager
2015-02-09 17:36 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\9991.tmp
2015-02-09 17:36 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\318B.tmp
2015-02-09 17:34 - 2015-02-09 17:34 - 00380416 _____ () H:\Users\Mattia\Downloads\utd3pp4j.exe
2015-02-09 17:33 - 2015-02-09 17:34 - 16409960 _____ (Safer Networking Limited ) H:\Users\Mattia\Downloads\spybotsd162.exe
2015-02-09 17:32 - 2015-02-09 17:33 - 05200384 _____ (AVAST Software) H:\Users\Mattia\Downloads\aswmbr.exe
2015-02-09 17:30 - 2015-02-09 17:30 - 01525384 _____ () H:\Users\Mattia\Downloads\sarsfx.exe
2015-02-09 17:25 - 2015-02-10 13:07 - 11227888 _____ (SurfRight B.V.) H:\Users\Mattia\Downloads\HitmanPro_x64.exe
2015-02-09 14:25 - 2015-02-09 14:25 - 04197016 _____ (Kaspersky Lab ZAO) H:\Users\Mattia\Downloads\tdsskiller.exe
2015-02-09 14:25 - 2015-02-09 14:25 - 01943800 _____ (Bleeping Computer, LLC) H:\Users\Mattia\Downloads\rkill.exe
2015-02-07 20:59 - 2015-02-11 17:10 - 00001150 _____ () H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 20:59 - 2015-02-11 16:32 - 00001146 _____ () H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 20:59 - 2015-02-08 11:05 - 00004146 _____ () H:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 20:59 - 2015-02-08 11:05 - 00003894 _____ () H:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 20:04 - 2015-02-06 20:04 - 00004772 _____ () H:\Users\Mattia\Desktop\JRT.txt
2015-02-06 20:01 - 2015-02-06 20:02 - 01388274 _____ (Thisisu) H:\Users\Mattia\Downloads\JRT.exe
2015-02-06 14:15 - 2015-02-06 14:18 - 00000000 ____D () H:\Users\Mattia\Desktop\new folder4
2015-02-06 14:08 - 2015-02-06 14:19 - 00000000 ____D () H:\Program Files (x86)\Pandora Recovery
2015-02-04 12:04 - 2015-02-04 12:06 - 00000000 ____D () H:\Users\Mattia\Documents\Heroes of the Storm
2015-02-04 12:00 - 2015-02-04 12:00 - 00000714 _____ () H:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-04 12:00 - 2015-02-04 12:00 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-01 22:31 - 2015-02-01 22:33 - 121880235 _____ () H:\Users\Mattia\Downloads\PYRAMID-16BARRE.zip
2015-02-01 12:27 - 2015-02-11 16:35 - 00321239 _____ () H:\Windows\WindowsUpdate.log
2015-01-31 13:10 - 2015-01-31 13:15 - 31643015 _____ () H:\Users\Mattia\Downloads\p-4395.rar
2015-01-30 20:21 - 2015-01-30 20:25 - 65842920 _____ () H:\Users\Mattia\Downloads\JumpUltimateStarsPatchato.nds
2015-01-30 16:12 - 2015-01-30 16:12 - 00001369 _____ () H:\Users\Public\Desktop\League of Legends.lnk
2015-01-30 16:12 - 2015-01-30 16:12 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-01-24 11:36 - 2015-01-24 11:36 - 00058610 _____ () H:\Windows\SysWOW64\CCCInstall_201501241136455650.log
2015-01-24 11:36 - 2015-01-24 11:36 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-24 11:36 - 2015-01-24 11:36 - 00000000 ____D () H:\ProgramData\ATI
2015-01-21 15:54 - 2015-01-30 16:12 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Riot Games
2015-01-15 19:05 - 2015-01-18 16:49 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Time
2015-01-15 19:05 - 2015-01-15 19:05 - 00000707 _____ () H:\Users\Mattia\Desktop\Hard Time.lnk
2015-01-15 18:42 - 2015-01-15 18:42 - 00000771 _____ () H:\Users\Mattia\Desktop\The You Testament.lnk
2015-01-14 22:56 - 2015-02-10 12:36 - 00449919 ____R () H:\Windows\system32\Drivers\etc\hosts.20150210-151858.backup
2015-01-14 22:31 - 2011-06-26 07:45 - 00256000 _____ () H:\Windows\PEV.exe
2015-01-14 22:31 - 2010-11-07 18:20 - 00208896 _____ () H:\Windows\MBR.exe
2015-01-14 22:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) H:\Windows\NIRCMD.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) H:\Windows\SWREG.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) H:\Windows\SWSC.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00098816 _____ () H:\Windows\sed.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00080412 _____ () H:\Windows\grep.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00068096 _____ () H:\Windows\zip.exe
2015-01-14 22:29 - 2015-02-10 14:25 - 00000000 ____D () H:\Qoobox
2015-01-14 22:29 - 2015-01-14 22:57 - 00000000 ____D () H:\Windows\erdnt
2015-01-14 22:15 - 2015-01-14 22:19 - 00000000 ____D () H:\AdwCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-07-01 10:25 - 2012-12-18 14:21 - 00003914 _____ () H:\Windows\System32\Tasks\User_Feed_Synchronization-{FB4A4244-3EC1-4348-95BB-0BBD2397EBB6}
2015-02-11 17:18 - 2014-01-19 17:29 - 00000000 ____D () H:\Users\Mattia\AppData\Local\Battle.net
2015-02-11 17:18 - 2012-10-17 06:07 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\vlc
2015-02-11 16:39 - 2009-07-14 06:13 - 00795894 _____ () H:\Windows\system32\PerfStringBackup.INI
2015-02-11 16:39 - 2009-07-14 05:45 - 00019520 ____H () H:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 16:39 - 2009-07-14 05:45 - 00019520 ____H () H:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 16:32 - 2014-10-10 14:08 - 00000008 __RSH () H:\ProgramData\ntuser.pol
2015-02-11 16:32 - 2009-07-14 06:08 - 00000006 ____H () H:\Windows\Tasks\SA.DAT
2015-02-11 16:31 - 2009-07-14 04:20 - 00000000 ___HD () H:\Windows\system32\GroupPolicy
2015-02-11 16:24 - 2012-10-17 07:42 - 00000830 _____ () H:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 12:18 - 2014-02-20 20:50 - 00000000 ____D () H:\Program Files (x86)\SpeedFan
2015-02-10 19:56 - 2012-10-17 05:22 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Skype
2015-02-10 17:49 - 2013-02-12 21:30 - 00001112 _____ () H:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 17:49 - 2012-11-27 19:25 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Malwarebytes
2015-02-10 17:49 - 2012-11-27 19:25 - 00000000 ____D () H:\ProgramData\Malwarebytes
2015-02-10 14:24 - 2009-07-14 03:34 - 00000215 _____ () H:\Windows\system.ini
2015-02-10 13:45 - 2012-10-17 05:33 - 00000000 ____D () H:\Windows\pss
2015-02-10 13:44 - 2013-04-29 15:22 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\TS3Client
2015-02-10 13:44 - 2012-10-17 07:08 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\uTorrent
2015-02-09 21:21 - 2014-01-19 17:30 - 00000000 ____D () H:\Program Files (x86)\Hearthstone
2015-02-09 17:35 - 2012-10-17 03:34 - 00000000 ___RD () H:\Users\Mattia\AppData\Local\MicrosoftNT
2015-02-08 09:32 - 2009-07-14 04:20 - 00000000 ____D () H:\Windows\system32\NDF
2015-02-07 21:01 - 2014-08-27 07:30 - 00002191 _____ () H:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 14:40 - 2012-10-17 07:58 - 00002441 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-06 14:08 - 2012-11-30 23:40 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\PandoraRecovery
2015-02-06 14:08 - 2012-11-30 23:24 - 00002016 _____ () H:\Users\Public\Desktop\Pandora Recovery.lnk
2015-02-06 14:08 - 2012-11-30 23:24 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-02-05 13:24 - 2012-10-17 07:42 - 00701616 _____ (Adobe Systems Incorporated) H:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:24 - 2012-10-17 07:42 - 00071344 _____ (Adobe Systems Incorporated) H:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 13:24 - 2012-10-17 07:42 - 00003768 _____ () H:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:04 - 2012-10-28 18:14 - 00000000 ____D () H:\ProgramData\Blizzard Entertainment
2015-01-28 23:02 - 2014-09-21 13:16 - 00000000 ____D () H:\Program Files (x86)\World of Warcraft
2015-01-28 22:54 - 2014-09-21 13:18 - 00001246 _____ () H:\Users\Public\Desktop\World of Warcraft.lnk
2015-01-27 21:27 - 2012-10-27 19:10 - 00000000 ____D () H:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 11:36 - 2014-07-31 14:29 - 00000000 ____D () H:\Program Files\ATI Technologies
2015-01-24 11:36 - 2014-06-18 08:48 - 00000000 ____D () H:\Program Files\AMD
2015-01-24 11:36 - 2013-04-27 10:49 - 00000000 ____D () H:\ProgramData\AMD
2015-01-24 11:35 - 2014-07-31 15:59 - 00000000 ____D () H:\Program Files (x86)\AMD
2015-01-17 23:48 - 2012-10-17 02:55 - 00000000 ____D () H:\Users\Mattia
2015-01-15 21:33 - 2014-08-08 14:02 - 00000000 ____D () H:\Program Files (x86)\WTFast
2015-01-14 23:05 - 2012-10-17 04:10 - 00000000 ___HD () H:\Program Files (x86)\InstallShield Installation Information
2015-01-14 23:00 - 2009-07-14 04:20 - 00000000 __RHD () H:\Users\Default
2015-01-14 22:56 - 2009-07-14 03:34 - 66584576 _____ () H:\Windows\system32\config\software.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 23855104 _____ () H:\Windows\system32\config\system.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\security.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\sam.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\default.bak
2015-01-14 22:51 - 2012-10-17 07:46 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2013-01-23 21:20 - 2014-06-11 15:37 - 0000132 _____ () H:\Users\Mattia\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-11 16:38 - 2015-02-11 16:38 - 0000020 _____ () H:\Users\Mattia\AppData\Roaming\appdataFr3.bin
2014-02-20 14:42 - 2014-02-20 01:52 - 0000954 _____ () H:\Users\Mattia\AppData\Roaming\pandacoin.conf
2014-04-03 09:25 - 2014-10-30 20:48 - 0000346 ___SH () H:\Users\Mattia\AppData\Local\70149b02515b3bb20dd492.47983420
2013-02-25 21:08 - 2013-02-25 21:08 - 0000094 _____ () H:\Users\Mattia\AppData\Local\fusioncache.dat
2014-08-02 18:57 - 2014-08-02 18:57 - 0000914 _____ () H:\Users\Mattia\AppData\Local\recently-used.xbel
2012-11-27 19:19 - 2014-09-24 13:01 - 0007597 _____ () H:\Users\Mattia\AppData\Local\Resmon.ResmonCfg
2014-08-27 21:16 - 2014-08-27 21:19 - 0000041 ___SH () H:\ProgramData\.zreglib

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

H:\Windows\System32\winlogon.exe => File is digitally signed
H:\Windows\System32\wininit.exe => File is digitally signed
H:\Windows\SysWOW64\wininit.exe => File is digitally signed
H:\Windows\explorer.exe => File is digitally signed
H:\Windows\SysWOW64\explorer.exe => File is digitally signed
H:\Windows\System32\svchost.exe => File is digitally signed
H:\Windows\SysWOW64\svchost.exe => File is digitally signed
H:\Windows\System32\services.exe => File is digitally signed
H:\Windows\System32\User32.dll => File is digitally signed
H:\Windows\SysWOW64\User32.dll => File is digitally signed
H:\Windows\System32\userinit.exe => File is digitally signed
H:\Windows\SysWOW64\userinit.exe => File is digitally signed
H:\Windows\System32\rpcss.dll => File is digitally signed
H:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 15:46

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 01
Ran by Mattia at 2015-02-11 17:20:24
Running from H:\Users\Mattia\Contacts\Desktop\New folder
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Wheel Mouse 6.0.0.002 (HKLM-x32\...\WheelMouse) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
AutoCAD 2007 - Italiano (HKLM-x32\...\{5783F2D7-5001-0410-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Convert AVI to MP4 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version:  - convertavitomp4.com)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
GameRanger (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Gaming Mouse (HKLM-x32\...\Gaming Mouse) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\HappyCloud) (Version: 1.368 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
inSSIDer Office (HKLM-x32\...\{8C127DE3-EC36-4BA3-A6EE-6DC4A9B6C526}) (Version: 3.1.1.6 - MetaGeek, LLC)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021F0}) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MIView (HKLM-x32\...\MIView) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 it)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1042.0 - Passmark Software)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Red AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Red AdBlocker) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
To the Moon (HKLM-x32\...\To the Moon1.0) (Version: 1.0 - Foxy Games)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )
VidCoder 1.4.25 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.4.25 - RandomEngy)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1447828807-318650237-636904149-1000_Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 -> H:\Windows\system32\webcheck.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-02-2015 12:36:26 Windows Update
06-02-2015 20:06:55 ComboFix created restore point
07-02-2015 12:38:23 Windows Update
10-02-2015 13:31:29 Punto di controllo di HitmanPro
10-02-2015 20:27:55 Windows Update
11-02-2015 16:31:41 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-14 22:56 - 2015-02-10 15:18 - 00450029 ____R H:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17C10178-BFD2-4E04-A826-C3D88645E5FE} - System32\Tasks\GoogleUpdateTaskMachineCore => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {20BE280D-3A4B-460A-9A47-8D930E5751B9} - System32\Tasks\{9D3A29A5-4998-49BC-8806-6547725358BF} => E:\INSTALL.EXE
Task: {245BBB87-17F2-4F07-AECB-75442221B552} - System32\Tasks\ASUS\ASUS Update Checker => H:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {28FD2AC3-EA1D-401B-9BBB-DDC6BEE50FF3} - System32\Tasks\{FD3D6992-7DD0-4150-956D-E1A22717C0BC} => C:\Grim\Grim Fandango Launcher.exe
Task: {2EF478BC-61F3-46D2-ABEA-D1D69DFC9342} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {31E997AC-6F55-4F41-861A-95F21297ADB3} - System32\Tasks\{053A56D5-6B94-4626-B17E-E4F7A32237E1} => E:\INSTALL.EXE
Task: {3FE3273B-9A93-4A3C-A049-C8D9C0E024AF} - System32\Tasks\{C952F0C0-276F-4FA7-913E-8865C000B5E8} => E:\INSTALL.EXE
Task: {47C9C1CC-974E-4CAB-9B57-6D758A3C9CD2} - System32\Tasks\{1F169528-9668-427F-87A7-005CD5B59BFE} => H:\Users\Mattia\Desktop\Thief 2 The Metal Age\Thief2\thief2.exe
Task: {4D199495-7F33-4B9B-A72F-220DC03FFBF4} - System32\Tasks\GoogleUpdateTaskMachineUA => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {4EDE3656-1A45-4CB8-8706-CD4CBEF012AE} - System32\Tasks\{D95E3B7E-3A4C-49FC-A80F-1BDCB065C292} => E:\INSTALL.EXE
Task: {523EBA05-F320-4E10-95B6-4ECEB7B38F36} - System32\Tasks\{3A0A442E-8149-46F3-8704-692C349DDB77} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {54637438-9341-43A1-91AA-1EDD58942A24} - System32\Tasks\{FA197170-8D66-4806-B001-508270947269} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {5726AED3-4D26-4B18-A231-C5F9B502B9B0} - System32\Tasks\{8A78E1E0-43A4-41E8-9CA9-EC0BE9A0707B} => E:\INSTALL.EXE
Task: {65BE1B34-A9DA-4CE4-8A9C-AC88D10BCA48} - System32\Tasks\{443A561F-D473-4C32-B422-8BA142744B51} => E:\INSTALL.EXE
Task: {6809353C-1715-4E64-8206-D9E129D15FF7} - System32\Tasks\{0AD8FF27-59DA-4A06-B585-23CB1C4956ED} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {7226D2EC-2883-4222-885A-104FF7940B95} - System32\Tasks\{788D08F6-6FEE-4551-A6F8-91A8F6C4E467} => E:\INSTALL.EXE
Task: {7B77D393-76A1-49A2-A544-3B1672ED03BC} - System32\Tasks\{0C153D8E-6917-4326-8077-D4DEBE8B3854} => E:\INSTALL.EXE
Task: {7C9868DC-A3D9-4316-BF6A-9B5956D87A40} - System32\Tasks\{9BB10019-52F4-48B9-B2AF-B3F60A001C01} => H:\Program Files (x86)\Silver\silver.exe
Task: {8A889BD1-2AB9-4AF6-BF38-B9391F187AF5} - System32\Tasks\{8871D64B-3739-481B-8476-EBD58CD726AD} => H:\Users\Mattia\Desktop\Thief 2 The Metal Age\Thief2\thief2.exe
Task: {96260C12-92F6-4723-9C48-446DFB568152} - System32\Tasks\{53E9398C-664D-4278-AC34-C5449719B377} => E:\SETUP.EXE
Task: {A2AE9D68-763A-4C84-B4D6-9D415E98A33A} - System32\Tasks\{0EA80CDD-61B7-417E-96A5-9121EC2DC744} => H:\Users\Mattia\Downloads\msabtf.exe
Task: {B15DFEDB-225B-4BC0-9A58-F8B79E2F795D} - System32\Tasks\{8B992ED2-1F6B-4314-8A10-4F1D97D9AD98} => pcalua.exe -a C:\Magicka\Dependencies\dotnetfx35.exe -d C:\Magicka\Dependencies
Task: {B2150954-05B8-48E2-8621-C66D3DBA1DBD} - System32\Tasks\{B3B92E4D-DC7A-433C-8F40-B9C919EB56CA} => E:\Setup.exe
Task: {B464C02F-51DF-407B-BB43-F54A69984161} - System32\Tasks\{CCA70101-88D6-42D1-8DFC-DDFD21859704} => H:\Program Files (x86)\Deep Silver\Risen\bin\Risen.exe
Task: {B4C2404A-448C-4AF3-A48B-8E0A62BA36C9} - System32\Tasks\elbyExecuteWithUAC => H:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {B5A84D81-F97C-4D7E-9656-26868EBE3FC5} - System32\Tasks\Adobe Flash Player Updater => H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BA615D25-4593-48BA-B89C-91AB4BC95488} - System32\Tasks\{B723568E-04C9-480D-A0CB-19394A5B5F08} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {BB4E3CEC-CB36-44A8-8469-D63C16A837B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C4C3842C-94DD-4ECB-B083-6F4F2F9BFB32} - System32\Tasks\{9E0038CD-1F8F-4D86-83C3-DA6E47434EAC} => pcalua.exe -a "H:\Program Files (x86)\Paradox Interactive\Magicka\Dependencies\dotnetfx35.exe" -d "H:\Program Files (x86)\Paradox Interactive\Magicka\Dependencies"
Task: {C57A44D5-4230-4108-861D-42E1B9C3E48F} - System32\Tasks\{B355A456-6C58-4D6B-8B7D-7746A177371C} => E:\SETUP.EXE
Task: {C91F2CB9-2303-4662-AA8F-D741253074D9} - System32\Tasks\{3E508D56-8275-4C6F-A304-30A04F64A175} => E:\INSTALL.EXE
Task: {C94F4623-69DF-4E53-A20E-6F4776F63C7E} - System32\Tasks\{212D1F42-1C06-43F0-A2A1-C0EA6971A983} => F:\World of Warcraft 4.3.4.15595 FREAKZ Edition\Wow.exe
Task: {CEFB49FF-0ECB-42C6-94D3-197696335735} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => H:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {D2F6C7D7-7962-41C7-BE52-5EBA111BBEE4} - System32\Tasks\{869D0DA4-DC15-4023-ADDB-E2E0F46A25F9} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {D3A6BF7B-8B2D-4271-8210-17A3977205A6} - System32\Tasks\{C2C9CC36-1F13-4E91-AAE3-CC44E0F2CABC} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {D4BD8132-D73F-4F72-874E-64DA4738BAD3} - System32\Tasks\{35174E8D-1A4D-43D0-8C0D-73D20D302B9D} => E:\INSTALL.EXE
Task: {DEBE875B-8AD1-44AA-8764-A5A4EAA24EC9} - System32\Tasks\{ED12DD76-457F-477F-97F4-AD4342AD70C6} => E:\INSTALL.EXE
Task: {E5014C85-DA55-433A-995C-5B8563C4F2B5} - System32\Tasks\{DE39CE2D-F3A6-478E-847E-6B41ACF66E11} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {E8F183CD-F332-43DC-9A5F-E20A00888D00} - System32\Tasks\{187908E2-1B0D-40CA-BDED-3130E47754F7} => pcalua.exe -a "C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GhostReconSetup\GhostReconSetup.exe" -d "C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GhostReconSetup"
Task: {ECEAF003-8681-42BD-97E9-3CEAD339D862} - System32\Tasks\{9B84CF95-A1E2-4D6F-8D75-2B8F153B3FC2} => H:\Program Files (x86)\Deep Silver\Risen\bin\Risen.exe
Task: {EFBCA4C1-3E2A-4C12-B82D-D9C38053B3E1} - System32\Tasks\{27F485DC-0698-49EA-84E9-B9C84BAEA3FE} => F:\World of Warcraft 4.3.4.15595 FREAKZ Edition\Wow.exe
Task: {F471086A-C752-4786-B54C-5CC54D8AC32C} - System32\Tasks\ASUS\ASUS SIX Engine => H:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {F9F7369C-801B-40CD-A0EC-37AED84B2DF7} - System32\Tasks\{D5034AF3-2F2E-4EC5-998E-62A633866860} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: H:\Windows\Tasks\Adobe Flash Player Updater.job => H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () H:\Program Files\Unlocker\UnlockerCOM.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-10 13:36 - 2009-04-02 11:27 - 00090112 _____ () H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-10 17:31 - 2009-03-19 21:35 - 00208896 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2014-08-10 17:31 - 2009-03-19 21:35 - 00008704 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2014-08-10 17:31 - 2009-01-15 13:55 - 00565248 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2015-02-10 12:46 - 2014-05-13 12:04 - 00109400 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-10 12:46 - 2014-05-13 12:04 - 00416600 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-10 12:46 - 2014-05-13 12:04 - 00167768 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-10 12:46 - 2012-08-23 10:38 - 00574840 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-10 12:46 - 2012-04-03 17:06 - 00565640 _____ () H:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-27 20:01 - 2015-01-27 20:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1447828807-318650237-636904149-1000\Control Panel\Desktop\\Wallpaper -> H:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 195.27.150.42

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: H:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SpeedFan.lnk => H:\Windows\pss\SpeedFan.lnk.CommonStartup
MSCONFIG\startupfolder: H:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => H:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: uTorrent => "H:\Users\Mattia\AppData\Roaming\uTorrent\uTorrent.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1447828807-318650237-636904149-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1447828807-318650237-636904149-1005 - Limited - Enabled)
Guest (S-1-5-21-1447828807-318650237-636904149-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1447828807-318650237-636904149-1003 - Limited - Enabled)
Mattia (S-1-5-21-1447828807-318650237-636904149-1000 - Administrator - Enabled) => H:\Users\Mattia

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 04:31:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0597148a-b48e-416d-9556-57605778d66d}

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FreemakeVideoCapture service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect Helper Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/11/2015 04:31:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0597148a-b48e-416d-9556-57605778d66d}

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (02/10/2015 01:47:34 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


CodeIntegrity Errors:
===================================
  Date: 2015-02-10 11:19:14.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.675
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:39.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:39.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:16.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\72BF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:15.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\72BF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 17:36:37.026
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\9991.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 17:36:36.948
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\9991.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom II X4 965 Processor
Percentage of memory in use: 41%
Total physical RAM: 4094.05 MB
Available physical RAM: 2410.01 MB
Total Pagefile: 8186.29 MB
Available Pagefile: 6121.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:50.46 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:119.24 GB) (Free:27.19 GB) NTFS
Drive j: () (Removable) (Total:29.89 GB) (Free:29.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: C6ADA90E)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 20722071)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 29.9 GB) (Disk ID: 49864985)
Partition 1: (Active) - (Size=29.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

That looks good.

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

Thanks for your help again , I know your rules on piracy and ill delete all the "weird" stuff if is needed

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=51da049737ae8349a6bcd907d168ecd8
# engine=22422
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-11 05:30:16
# local_time=2015-02-11 06:30:16 (+0100, W. Europe Standard Time)
# country="Italy"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 62922765 94937038 0 0
# scanned=124508
# found=14
# cleaned=0
# scan_time=2377
sh=4433E05FBB82297C67ABA5F7C8DBD9183B820904 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GetFLV Pro 9.6.7.1 Multilingual + Keygen\GetFLV Pro 9.6.7.1 Multilingual + Keygen.tgz"
sh=5BA3CCC6F3B00B93CD52AC7979D021F4EA8C3F55 ft=1 fh=dafc2b4b212f15a7 vn="a variant of Win32/HackTool.Patcher.N potentially unsafe application" ac=I fn="C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GetFLV Pro 9.6.7.1 Multilingual + Keygen\GetFLV Pro 9.6.7.1 Multilingual + Keygen\GetFLV.v9.1.2.6.Loader.exe"
sh=4FE2F56D55B7E0D189F0BB575B244CE0CD9039BD ft=1 fh=dddd1de02ccb77ff vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GetFLV Pro 9.6.7.1 Multilingual + Keygen\GetFLV Pro 9.6.7.1 Multilingual + Keygen\Keygen.exe"
sh=4FE2F56D55B7E0D189F0BB575B244CE0CD9039BD ft=1 fh=dddd1de02ccb77ff vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GetFLV Pro 9.6.7.1 Multilingual + Keygen\GetFLV Pro 9.6.7.1 Multilingual + Keygen\Keygen + Loader\Keygen.exe"
sh=35E164BA783D4C59694E359F6D6CD8AC207E77AC ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\Outlast.MULTi9-PROPHET\ppt-olst.iso"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=85941307610E5A110555D75383E264B7A9AB9B99 ft=1 fh=3c91ddd4f4fc324a vn="a variant of Win32/Keygen.BL potentially unsafe application" ac=I fn="C:\Users\Mattia\Desktop\Autocad 2010 Crack\AutoCAD 2010 Keygen X-force\KeyGen_xf-acad2010_x32.exe"
sh=CB26149209467CD51A7BEB94EEBB7D484D46D0DE ft=1 fh=e7352bfa957c59bd vn="a variant of Win32/Keygen.BL potentially unsafe application" ac=I fn="C:\Users\Mattia\Desktop\Autocad 2010 Crack\AutoCAD 2010 Keygen X-force\KeyGen_xf-acad2010_x64.exe"
sh=4C6AB8986FEFD366B68AB4511DBE6722DC7851E0 ft=1 fh=2adb27b547629c14 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Mattia\Downloads\ps3video9-600-setup.exe"
 

 

 

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Java 7 Update 21  
 Java 7 Update 45  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
 Google Chrome 37.0.2062.124 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive H: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

I have deleted and uninstalled all the weird stuff except the quarantine of FRST because i dont know if is a good thing to do

I have done again a scan

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=51da049737ae8349a6bcd907d168ecd8
# engine=22425
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-11 09:46:19
# local_time=2015-02-11 10:46:19 (+0100, W. Europe Standard Time)
# country="Italy"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 62938128 94952401 0 0
# scanned=358118
# found=217
# cleaned=0
# scan_time=5282
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\AdwCleaner\Quarantine\H\Users\Mattia\AppData\Local\torch\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=24EEF3D9C4ED4A41452206515762DFC44790E7B8 ft=1 fh=c71c00116a37d867 vn="a variant of Win32/SProtector.O potentially unwanted application" ac=I fn="H:\FRST\Quarantine\H\Program Files (x86)\TampaEngine\TampaEngine.dll"
sh=1AC13E100D9C2842F7CDB44C652F563BA06B0754 ft=1 fh=c71c00117ccb3a88 vn="a variant of Win32/BHOUninstaller.AA potentially unwanted application" ac=I fn="H:\FRST\Quarantine\H\Program Files (x86)\uniSaales\uniSaales.exe"
sh=6AFCD4C59BC8435495D2E0C563C032BDAA451A6D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\FRST\Quarantine\H\ProgramData\ieglohkjilgeaebhlihohjkjhbmdjlof\wAOyotlZ.js"
sh=9118822A571E5B46385C893B589233B645EE507D ft=1 fh=79839279d47797d5 vn="a variant of Win32/Adware.MultiPlug.EP application" ac=I fn="H:\FRST\Quarantine\H\ProgramData\{087c5a26-d0cb-cabf-087c-c5a26d0c689b}\inSSIDer 4.1 Full Crack.exe"
sh=3E9D15D20B23B24F9D1CF2BAEF074E82720DB282 ft=1 fh=c71c0011a0eda817 vn="a variant of Win32/Adware.MultiPlug.EG application" ac=I fn="H:\Qoobox\Quarantine\H\Program Files (x86)\unaiisaales\gZS8EyZtQ5HARx.dll.vir"
sh=3FCCC44830A9AD239A14DEBE11594E256E0FE2F1 ft=1 fh=c71c0011531a73d2 vn="a variant of Win32/BHOUninstaller.AA potentially unwanted application" ac=I fn="H:\Qoobox\Quarantine\H\Program Files (x86)\unaiisaales\gZS8EyZtQ5HARx.exe.vir"
sh=F9B6D211F4C8F1B9313C1F788A7650BC0732761F ft=1 fh=4abd756eb18b2c9d vn="a variant of Win64/Adware.MultiPlug.F application" ac=I fn="H:\Qoobox\Quarantine\H\Program Files (x86)\unaiisaales\gZS8EyZtQ5HARx.x64.dll.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\content.js.vir"
sh=635C897C7B2657269B9D399DBEAA39538A44FCF8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\eg0LkCq7q.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\233\lsdb.js.vir"
sh=9B7A9A3698559D7F1BD66843729339519EDFCDB4 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\content.js.vir"
sh=12AAA245FA32A444D2D1E9F4979469449B1FF79D ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\lsdb.js.vir"
sh=0FA297088D34E3C63CBEA082862E2FECDBD04E56 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llgebgamlhiicimdipeenigpnnacpfmf\2.0\NIrUErOak.js.vir"
sh=AB86CC511E3B2EAA3F0E63787F87B3DBF6A66B61 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\c.js.vir"
sh=C5F19544A3F8492872F02F88FE6611FD1EBBE5C6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\micnghaiccleekalpfbmgopbkjehimoo\1.0\lsdb.js.vir"
sh=5CEB8520E3988F5B20B2C062F47BDA1695CCF08F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\extensions\ic@Tfl.org\content\bg.js.vir"
sh=D5FC60000AF179F8DB1530281D0EAADFF17F2795 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="H:\Qoobox\Quarantine\H\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\extensions\lWcTl@W.org\content\bg.js.vir"

 

 

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Java 7 Update 21  
 Java 7 Update 45  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
 Google Chrome 37.0.2062.124 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive H: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Hi,

please do the following:

ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.
Please include the content of CKFiles.txt in your next reply.
Link to post
Share on other sites

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\mattia\pictures\mattia\book\media\it ebooks\security\penetration testing\software & system\crackproof your software.pdf
c:\users\mattia\pictures\mattia\book\media\it ebooks\software engineering\best practices (language neutral)\personal (career advice)\cracking the coding interview.pdf
scanner sequence 3.LB.11.BRNAOZ
 ----- EOF -----
 

Link to post
Share on other sites

Sorry but I receive the forum error : Your post was too long. Please go back and shorten it a little.

Need to put the eset log files attached here.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Mattia (administrator) on RAFT on 13-02-2015 00:12:35
Running from C:\Users\Mattia\Pictures\vari antiqualcosa
Loaded Profiles: Mattia (Available profiles: Mattia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) H:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) H:\Windows\System32\atiesrxx.exe
(AMD) H:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) H:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Microsoft Corporation) H:\Program Files\Microsoft Security Client\msseces.exe
(Ellora Assets Corp.) H:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(pdfforge GmbH) H:\Program Files (x86)\PDF Architect\HelperService.exe
(Renesas Electronics Corporation) H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(pdfforge GmbH) H:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) H:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) H:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => h:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [startCCC] => H:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-1447828807-318650237-636904149-1000] => localhost:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1447828807-318650237-636904149-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> H:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> H:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - H:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{FB74242B-85B0-46B7-8932-E2E31EF3D044}: [NameServer] 208.67.222.222,195.27.150.42

FireFox:
========
FF ProfilePath: H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> H:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> H:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> H:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> H:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> H:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1447828807-318650237-636904149-1000: thehappycloud.com/HappyCloudPlugin -> H:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: Adblock Plus - H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: DownThemAll! - H:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\kk2ng5pk.default-1413073041997\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF Extension: Skype Click to Call - H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-12]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-30]
CHR Extension: (YouTube) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Adblock Plus) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-18]
CHR Extension: (Google Search) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-10-18]
CHR Extension: (AdBlock) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-27]
CHR Extension: (Ghostery) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-28]
CHR Extension: (Google Wallet) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]
CHR Extension: (Gmail) - H:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
S3 Autodesk Licensing Service; H:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-09-07] (Autodesk)
S3 FLEXnet Licensing Service 64; H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-10-23] (Macrovision Europe Ltd.) [File not signed]
R2 FreemakeVideoCapture; H:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-22] (Ellora Assets Corp.) [File not signed]
S3 IDriverT; H:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; h:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; h:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PDF Architect Helper Service; H:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; H:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 SwitchBoard; H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; H:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; H:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; H:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; H:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; H:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; H:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-02-10] ()
S3 DIRECTIO; C:\Program Files (x86)\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R3 ElbyCDFL; H:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; H:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 libusb0; H:\Windows\System32\DRIVERS\libusb0.sys [43456 2011-01-30] (http://libusb-win32.sourceforge.net)
R2 lirsgt; H:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-09] ()
R0 MBAMSwissArmy; H:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)
S3 MEMSWEEP2; H:\Windows\system32\DB32.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R0 MpFilter; H:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 MTsensor; H:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; H:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 PAC207; H:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.)
R2 Sentinel64; H:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 usbUDisc; H:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2013-11-03] (Scott)
R3 whfltr2k; H:\Windows\System32\DRIVERS\whfltr2k.sys [9600 2007-01-26] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:35 - 2015-02-12 21:35 - 00000425 _____ () H:\Users\Mattia\Downloads\ckfiles.txt
2015-02-12 21:31 - 2015-02-12 21:32 - 00468480 _____ () H:\Users\Mattia\Downloads\CKScanner.exe
2015-02-12 16:01 - 2015-02-12 21:27 - 00000504 _____ () H:\Windows\setupact.log
2015-02-12 16:01 - 2015-02-12 16:01 - 04841416 _____ () H:\Windows\system32\FNTCACHE.DAT
2015-02-12 16:01 - 2015-02-12 16:01 - 00059912 _____ () H:\Users\Mattia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-12 16:01 - 2015-02-12 16:01 - 00000000 _____ () H:\Windows\setuperr.log
2015-02-11 17:45 - 2015-02-11 17:45 - 00000000 ____D () H:\Program Files (x86)\ESET
2015-02-11 16:38 - 2015-02-11 16:38 - 00000020 _____ () H:\Users\Mattia\AppData\Roaming\appdataFr3.bin
2015-02-11 12:39 - 2015-02-11 12:39 - 00000000 ____D () H:\ProgramData\Red AdBlocker
2015-02-10 19:56 - 2015-02-10 19:56 - 00000000 ____D () H:\Users\Mattia\Documents\ProcAlyzer Dumps
2015-02-10 17:49 - 2015-02-10 17:50 - 00129752 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 17:49 - 2015-02-10 17:49 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 17:49 - 2015-02-10 17:49 - 00000000 ____D () H:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-10 17:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 17:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) H:\Windows\system32\Drivers\mwac.sys
2015-02-10 14:25 - 2015-02-10 14:25 - 00025745 _____ () H:\ComboFix.txt
2015-02-10 13:23 - 2015-02-11 20:36 - 00000243 _____ () H:\Windows\wininit.ini
2015-02-10 13:06 - 2015-02-10 13:31 - 00000000 ____D () H:\ProgramData\HitmanPro
2015-02-10 12:46 - 2015-02-11 20:36 - 00000000 ____D () H:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-10 12:46 - 2015-02-10 12:46 - 00000000 ____D () H:\Windows\System32\Tasks\Safer-Networking
2015-02-10 12:36 - 2015-02-06 20:12 - 00000027 _____ () H:\Windows\system32\Drivers\etc\hosts.20150210-123628.backup
2015-02-10 12:24 - 2015-02-11 17:40 - 00000000 ____D () H:\ProgramData\Spybot - Search & Destroy
2015-02-10 12:24 - 2015-02-10 12:46 - 00000000 ____D () H:\Program Files (x86)\Spybot - Search & Destroy
2015-02-10 12:15 - 2015-02-13 00:12 - 00000000 ____D () H:\FRST
2015-02-10 12:03 - 2015-02-11 15:11 - 00037624 _____ () H:\Windows\system32\Drivers\TrueSight.sys
2015-02-10 12:03 - 2015-02-10 12:03 - 00000000 ____D () H:\ProgramData\RogueKiller
2015-02-10 10:18 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\DB32.tmp
2015-02-10 10:18 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\72BF.tmp
2015-02-09 17:36 - 2015-02-10 18:36 - 00000000 ____D () H:\Program Files (x86)\Sophos
2015-02-09 17:36 - 2015-02-09 17:39 - 00000000 ____D () H:\ProgramData\SecTaskMan
2015-02-09 17:36 - 2015-02-09 17:36 - 00001168 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00001157 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00001145 _____ () H:\Users\Public\Desktop\Security Task Manager.lnk
2015-02-09 17:36 - 2015-02-09 17:36 - 00000000 ____D () H:\Users\Mattia\AppData\Local\SecTaskMan
2015-02-09 17:36 - 2015-02-09 17:36 - 00000000 ____D () H:\Program Files (x86)\Security Task Manager
2015-02-09 17:36 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\9991.tmp
2015-02-09 17:36 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) H:\Windows\system32\318B.tmp
2015-02-07 20:59 - 2015-02-13 00:10 - 00001150 _____ () H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 20:59 - 2015-02-12 21:27 - 00001146 _____ () H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 20:59 - 2015-02-08 11:05 - 00004146 _____ () H:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 20:59 - 2015-02-08 11:05 - 00003894 _____ () H:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 20:04 - 2015-02-06 20:04 - 00004772 _____ () H:\Users\Mattia\Desktop\JRT.txt
2015-02-06 14:15 - 2015-02-06 14:18 - 00000000 ____D () H:\Users\Mattia\Desktop\new folder4
2015-02-06 14:08 - 2015-02-06 14:19 - 00000000 ____D () H:\Program Files (x86)\Pandora Recovery
2015-02-04 12:04 - 2015-02-04 12:06 - 00000000 ____D () H:\Users\Mattia\Documents\Heroes of the Storm
2015-02-01 12:27 - 2015-02-12 22:06 - 00378944 _____ () H:\Windows\WindowsUpdate.log
2015-01-30 16:12 - 2015-01-30 16:12 - 00001369 _____ () H:\Users\Public\Desktop\League of Legends.lnk
2015-01-30 16:12 - 2015-01-30 16:12 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-01-24 11:36 - 2015-01-24 11:36 - 00058610 _____ () H:\Windows\SysWOW64\CCCInstall_201501241136455650.log
2015-01-24 11:36 - 2015-01-24 11:36 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-24 11:36 - 2015-01-24 11:36 - 00000000 ____D () H:\ProgramData\ATI
2015-01-21 15:54 - 2015-01-30 16:12 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Riot Games
2015-01-15 19:05 - 2015-01-18 16:49 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Time
2015-01-15 19:05 - 2015-01-15 19:05 - 00000707 _____ () H:\Users\Mattia\Desktop\Hard Time.lnk
2015-01-15 18:42 - 2015-01-15 18:42 - 00000771 _____ () H:\Users\Mattia\Desktop\The You Testament.lnk
2015-01-14 22:56 - 2015-02-10 12:36 - 00449919 ____R () H:\Windows\system32\Drivers\etc\hosts.20150210-151858.backup
2015-01-14 22:31 - 2011-06-26 07:45 - 00256000 _____ () H:\Windows\PEV.exe
2015-01-14 22:31 - 2010-11-07 18:20 - 00208896 _____ () H:\Windows\MBR.exe
2015-01-14 22:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) H:\Windows\NIRCMD.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) H:\Windows\SWREG.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) H:\Windows\SWSC.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00098816 _____ () H:\Windows\sed.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00080412 _____ () H:\Windows\grep.exe
2015-01-14 22:31 - 2000-08-31 01:00 - 00068096 _____ () H:\Windows\zip.exe
2015-01-14 22:29 - 2015-02-10 14:25 - 00000000 ____D () H:\Qoobox
2015-01-14 22:29 - 2015-01-14 22:57 - 00000000 ____D () H:\Windows\erdnt
2015-01-14 22:15 - 2015-01-14 22:19 - 00000000 ____D () H:\AdwCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-07-01 10:25 - 2012-12-18 14:21 - 00003914 _____ () H:\Windows\System32\Tasks\User_Feed_Synchronization-{FB4A4244-3EC1-4348-95BB-0BBD2397EBB6}
2015-02-13 00:10 - 2012-10-17 05:22 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Skype
2015-02-13 00:09 - 2014-01-19 17:29 - 00000000 ____D () H:\Users\Mattia\AppData\Local\Battle.net
2015-02-12 23:24 - 2012-10-17 07:42 - 00000830 _____ () H:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 21:34 - 2009-07-14 05:45 - 00019520 ____H () H:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 21:34 - 2009-07-14 05:45 - 00019520 ____H () H:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 21:31 - 2009-07-14 06:13 - 00795894 _____ () H:\Windows\system32\PerfStringBackup.INI
2015-02-12 21:27 - 2009-07-14 06:08 - 00000006 ____H () H:\Windows\Tasks\SA.DAT
2015-02-12 14:00 - 2014-09-21 13:18 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-02-12 02:15 - 2014-09-21 13:18 - 00001068 _____ () H:\Users\Public\Desktop\World of Warcraft.lnk
2015-02-11 20:34 - 2009-07-14 06:08 - 00032620 _____ () H:\Windows\Tasks\SCHEDLGU.TXT
2015-02-11 20:32 - 2012-10-17 06:20 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-11 20:30 - 2012-10-17 07:08 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\uTorrent
2015-02-11 20:10 - 2012-10-23 22:19 - 00000000 ____D () H:\ProgramData\Autodesk
2015-02-11 20:10 - 2009-07-14 04:20 - 00000000 ____D () H:\Windows\Help
2015-02-11 17:18 - 2012-10-17 06:07 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\vlc
2015-02-11 16:32 - 2014-10-10 14:08 - 00000008 __RSH () H:\ProgramData\ntuser.pol
2015-02-11 16:31 - 2009-07-14 04:20 - 00000000 ___HD () H:\Windows\system32\GroupPolicy
2015-02-11 12:18 - 2014-02-20 20:50 - 00000000 ____D () H:\Program Files (x86)\SpeedFan
2015-02-10 17:49 - 2013-02-12 21:30 - 00001112 _____ () H:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 17:49 - 2012-11-27 19:25 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Malwarebytes
2015-02-10 17:49 - 2012-11-27 19:25 - 00000000 ____D () H:\ProgramData\Malwarebytes
2015-02-10 14:24 - 2009-07-14 03:34 - 00000215 _____ () H:\Windows\system.ini
2015-02-10 13:45 - 2012-10-17 05:33 - 00000000 ____D () H:\Windows\pss
2015-02-10 13:44 - 2013-04-29 15:22 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\TS3Client
2015-02-09 21:21 - 2014-01-19 17:30 - 00000000 ____D () H:\Program Files (x86)\Hearthstone
2015-02-09 17:35 - 2012-10-17 03:34 - 00000000 ___RD () H:\Users\Mattia\AppData\Local\MicrosoftNT
2015-02-08 09:32 - 2009-07-14 04:20 - 00000000 ____D () H:\Windows\system32\NDF
2015-02-07 21:01 - 2014-08-27 07:30 - 00002191 _____ () H:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 14:40 - 2012-10-17 07:58 - 00002441 _____ () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-06 14:08 - 2012-11-30 23:40 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\PandoraRecovery
2015-02-06 14:08 - 2012-11-30 23:24 - 00002016 _____ () H:\Users\Public\Desktop\Pandora Recovery.lnk
2015-02-06 14:08 - 2012-11-30 23:24 - 00000000 ____D () H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-02-05 13:24 - 2012-10-17 07:42 - 00701616 _____ (Adobe Systems Incorporated) H:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:24 - 2012-10-17 07:42 - 00071344 _____ (Adobe Systems Incorporated) H:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 13:24 - 2012-10-17 07:42 - 00003768 _____ () H:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:04 - 2012-10-28 18:14 - 00000000 ____D () H:\ProgramData\Blizzard Entertainment
2015-01-27 21:27 - 2012-10-27 19:10 - 00000000 ____D () H:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 11:36 - 2014-07-31 14:29 - 00000000 ____D () H:\Program Files\ATI Technologies
2015-01-24 11:36 - 2014-06-18 08:48 - 00000000 ____D () H:\Program Files\AMD
2015-01-24 11:36 - 2013-04-27 10:49 - 00000000 ____D () H:\ProgramData\AMD
2015-01-24 11:35 - 2014-07-31 15:59 - 00000000 ____D () H:\Program Files (x86)\AMD
2015-01-17 23:48 - 2012-10-17 02:55 - 00000000 ____D () H:\Users\Mattia
2015-01-14 23:05 - 2012-10-17 04:10 - 00000000 ___HD () H:\Program Files (x86)\InstallShield Installation Information
2015-01-14 23:00 - 2009-07-14 04:20 - 00000000 __RHD () H:\Users\Default
2015-01-14 22:56 - 2009-07-14 03:34 - 66584576 _____ () H:\Windows\system32\config\software.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 23855104 _____ () H:\Windows\system32\config\system.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\security.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\sam.bak
2015-01-14 22:56 - 2009-07-14 03:34 - 00262144 _____ () H:\Windows\system32\config\default.bak
2015-01-14 22:51 - 2012-10-17 07:46 - 00000000 ____D () H:\Users\Mattia\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2013-01-23 21:20 - 2014-06-11 15:37 - 0000132 _____ () H:\Users\Mattia\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-11 16:38 - 2015-02-11 16:38 - 0000020 _____ () H:\Users\Mattia\AppData\Roaming\appdataFr3.bin
2014-02-20 14:42 - 2014-02-20 01:52 - 0000954 _____ () H:\Users\Mattia\AppData\Roaming\pandacoin.conf
2014-04-03 09:25 - 2014-10-30 20:48 - 0000346 ___SH () H:\Users\Mattia\AppData\Local\70149b02515b3bb20dd492.47983420
2013-02-25 21:08 - 2013-02-25 21:08 - 0000094 _____ () H:\Users\Mattia\AppData\Local\fusioncache.dat
2014-08-02 18:57 - 2014-08-02 18:57 - 0000914 _____ () H:\Users\Mattia\AppData\Local\recently-used.xbel
2012-11-27 19:19 - 2014-09-24 13:01 - 0007597 _____ () H:\Users\Mattia\AppData\Local\Resmon.ResmonCfg
2014-08-27 21:16 - 2014-08-27 21:19 - 0000041 ___SH () H:\ProgramData\.zreglib

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

H:\Windows\System32\winlogon.exe => File is digitally signed
H:\Windows\System32\wininit.exe => File is digitally signed
H:\Windows\SysWOW64\wininit.exe => File is digitally signed
H:\Windows\explorer.exe => File is digitally signed
H:\Windows\SysWOW64\explorer.exe => File is digitally signed
H:\Windows\System32\svchost.exe => File is digitally signed
H:\Windows\SysWOW64\svchost.exe => File is digitally signed
H:\Windows\System32\services.exe => File is digitally signed
H:\Windows\System32\User32.dll => File is digitally signed
H:\Windows\SysWOW64\User32.dll => File is digitally signed
H:\Windows\System32\userinit.exe => File is digitally signed
H:\Windows\SysWOW64\userinit.exe => File is digitally signed
H:\Windows\System32\rpcss.dll => File is digitally signed
H:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 15:46

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Mattia at 2015-02-13 00:13:00
Running from C:\Users\Mattia\Pictures\vari antiqualcosa
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Wheel Mouse 6.0.0.002 (HKLM-x32\...\WheelMouse) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Convert AVI to MP4 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version:  - convertavitomp4.com)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
GameRanger (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Gaming Mouse (HKLM-x32\...\Gaming Mouse) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\HappyCloud) (Version: 1.368 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
inSSIDer Office (HKLM-x32\...\{8C127DE3-EC36-4BA3-A6EE-6DC4A9B6C526}) (Version: 3.1.1.6 - MetaGeek, LLC)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021F0}) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MIView (HKLM-x32\...\MIView) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 it)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1042.0 - Passmark Software)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Red AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Red AdBlocker) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
To the Moon (HKLM-x32\...\To the Moon1.0) (Version: 1.0 - Foxy Games)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VidCoder 1.4.25 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.4.25 - RandomEngy)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1447828807-318650237-636904149-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1447828807-318650237-636904149-1000_Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 -> H:\Windows\system32\webcheck.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-14 22:56 - 2015-02-10 15:18 - 00450029 ____R H:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17C10178-BFD2-4E04-A826-C3D88645E5FE} - System32\Tasks\GoogleUpdateTaskMachineCore => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {20BE280D-3A4B-460A-9A47-8D930E5751B9} - System32\Tasks\{9D3A29A5-4998-49BC-8806-6547725358BF} => E:\INSTALL.EXE
Task: {245BBB87-17F2-4F07-AECB-75442221B552} - System32\Tasks\ASUS\ASUS Update Checker => H:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {28FD2AC3-EA1D-401B-9BBB-DDC6BEE50FF3} - System32\Tasks\{FD3D6992-7DD0-4150-956D-E1A22717C0BC} => C:\Grim\Grim Fandango Launcher.exe
Task: {31E997AC-6F55-4F41-861A-95F21297ADB3} - System32\Tasks\{053A56D5-6B94-4626-B17E-E4F7A32237E1} => E:\INSTALL.EXE
Task: {3FE3273B-9A93-4A3C-A049-C8D9C0E024AF} - System32\Tasks\{C952F0C0-276F-4FA7-913E-8865C000B5E8} => E:\INSTALL.EXE
Task: {47C9C1CC-974E-4CAB-9B57-6D758A3C9CD2} - System32\Tasks\{1F169528-9668-427F-87A7-005CD5B59BFE} => H:\Users\Mattia\Desktop\Thief 2 The Metal Age\Thief2\thief2.exe
Task: {4D199495-7F33-4B9B-A72F-220DC03FFBF4} - System32\Tasks\GoogleUpdateTaskMachineUA => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {4EDE3656-1A45-4CB8-8706-CD4CBEF012AE} - System32\Tasks\{D95E3B7E-3A4C-49FC-A80F-1BDCB065C292} => E:\INSTALL.EXE
Task: {523EBA05-F320-4E10-95B6-4ECEB7B38F36} - System32\Tasks\{3A0A442E-8149-46F3-8704-692C349DDB77} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {54637438-9341-43A1-91AA-1EDD58942A24} - System32\Tasks\{FA197170-8D66-4806-B001-508270947269} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {5726AED3-4D26-4B18-A231-C5F9B502B9B0} - System32\Tasks\{8A78E1E0-43A4-41E8-9CA9-EC0BE9A0707B} => E:\INSTALL.EXE
Task: {65BE1B34-A9DA-4CE4-8A9C-AC88D10BCA48} - System32\Tasks\{443A561F-D473-4C32-B422-8BA142744B51} => E:\INSTALL.EXE
Task: {6809353C-1715-4E64-8206-D9E129D15FF7} - System32\Tasks\{0AD8FF27-59DA-4A06-B585-23CB1C4956ED} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {7226D2EC-2883-4222-885A-104FF7940B95} - System32\Tasks\{788D08F6-6FEE-4551-A6F8-91A8F6C4E467} => E:\INSTALL.EXE
Task: {7B77D393-76A1-49A2-A544-3B1672ED03BC} - System32\Tasks\{0C153D8E-6917-4326-8077-D4DEBE8B3854} => E:\INSTALL.EXE
Task: {7C9868DC-A3D9-4316-BF6A-9B5956D87A40} - System32\Tasks\{9BB10019-52F4-48B9-B2AF-B3F60A001C01} => H:\Program Files (x86)\Silver\silver.exe
Task: {8A889BD1-2AB9-4AF6-BF38-B9391F187AF5} - System32\Tasks\{8871D64B-3739-481B-8476-EBD58CD726AD} => H:\Users\Mattia\Desktop\Thief 2 The Metal Age\Thief2\thief2.exe
Task: {96260C12-92F6-4723-9C48-446DFB568152} - System32\Tasks\{53E9398C-664D-4278-AC34-C5449719B377} => E:\SETUP.EXE
Task: {A2AE9D68-763A-4C84-B4D6-9D415E98A33A} - System32\Tasks\{0EA80CDD-61B7-417E-96A5-9121EC2DC744} => H:\Users\Mattia\Downloads\msabtf.exe
Task: {B15DFEDB-225B-4BC0-9A58-F8B79E2F795D} - System32\Tasks\{8B992ED2-1F6B-4314-8A10-4F1D97D9AD98} => pcalua.exe -a C:\Magicka\Dependencies\dotnetfx35.exe -d C:\Magicka\Dependencies
Task: {B2150954-05B8-48E2-8621-C66D3DBA1DBD} - System32\Tasks\{B3B92E4D-DC7A-433C-8F40-B9C919EB56CA} => E:\Setup.exe
Task: {B464C02F-51DF-407B-BB43-F54A69984161} - System32\Tasks\{CCA70101-88D6-42D1-8DFC-DDFD21859704} => H:\Program Files (x86)\Deep Silver\Risen\bin\Risen.exe
Task: {B4C2404A-448C-4AF3-A48B-8E0A62BA36C9} - System32\Tasks\elbyExecuteWithUAC => H:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {B5A84D81-F97C-4D7E-9656-26868EBE3FC5} - System32\Tasks\Adobe Flash Player Updater => H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BA615D25-4593-48BA-B89C-91AB4BC95488} - System32\Tasks\{B723568E-04C9-480D-A0CB-19394A5B5F08} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {C4C3842C-94DD-4ECB-B083-6F4F2F9BFB32} - System32\Tasks\{9E0038CD-1F8F-4D86-83C3-DA6E47434EAC} => pcalua.exe -a "H:\Program Files (x86)\Paradox Interactive\Magicka\Dependencies\dotnetfx35.exe" -d "H:\Program Files (x86)\Paradox Interactive\Magicka\Dependencies"
Task: {C57A44D5-4230-4108-861D-42E1B9C3E48F} - System32\Tasks\{B355A456-6C58-4D6B-8B7D-7746A177371C} => E:\SETUP.EXE
Task: {C91F2CB9-2303-4662-AA8F-D741253074D9} - System32\Tasks\{3E508D56-8275-4C6F-A304-30A04F64A175} => E:\INSTALL.EXE
Task: {C94F4623-69DF-4E53-A20E-6F4776F63C7E} - System32\Tasks\{212D1F42-1C06-43F0-A2A1-C0EA6971A983} => F:\World of Warcraft 4.3.4.15595 FREAKZ Edition\Wow.exe
Task: {D2F6C7D7-7962-41C7-BE52-5EBA111BBEE4} - System32\Tasks\{869D0DA4-DC15-4023-ADDB-E2E0F46A25F9} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {D3A6BF7B-8B2D-4271-8210-17A3977205A6} - System32\Tasks\{C2C9CC36-1F13-4E91-AAE3-CC44E0F2CABC} => H:\Program Files (x86)\Lucasarts\Grim\Grim Fandango Launcher.exe
Task: {D4BD8132-D73F-4F72-874E-64DA4738BAD3} - System32\Tasks\{35174E8D-1A4D-43D0-8C0D-73D20D302B9D} => E:\INSTALL.EXE
Task: {DEBE875B-8AD1-44AA-8764-A5A4EAA24EC9} - System32\Tasks\{ED12DD76-457F-477F-97F4-AD4342AD70C6} => E:\INSTALL.EXE
Task: {E5014C85-DA55-433A-995C-5B8563C4F2B5} - System32\Tasks\{DE39CE2D-F3A6-478E-847E-6B41ACF66E11} => H:\Users\Mattia\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
Task: {E8F183CD-F332-43DC-9A5F-E20A00888D00} - System32\Tasks\{187908E2-1B0D-40CA-BDED-3130E47754F7} => pcalua.exe -a "C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GhostReconSetup\GhostReconSetup.exe" -d "C:\+++NEW DOWNLOAD GENERIC FOLDERS+++\GhostReconSetup"
Task: {ECEAF003-8681-42BD-97E9-3CEAD339D862} - System32\Tasks\{9B84CF95-A1E2-4D6F-8D75-2B8F153B3FC2} => H:\Program Files (x86)\Deep Silver\Risen\bin\Risen.exe
Task: {EFBCA4C1-3E2A-4C12-B82D-D9C38053B3E1} - System32\Tasks\{27F485DC-0698-49EA-84E9-B9C84BAEA3FE} => F:\World of Warcraft 4.3.4.15595 FREAKZ Edition\Wow.exe
Task: {F471086A-C752-4786-B54C-5CC54D8AC32C} - System32\Tasks\ASUS\ASUS SIX Engine => H:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {F9F7369C-801B-40CD-A0EC-37AED84B2DF7} - System32\Tasks\{D5034AF3-2F2E-4EC5-998E-62A633866860} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: H:\Windows\Tasks\Adobe Flash Player Updater.job => H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () H:\Program Files\Unlocker\UnlockerCOM.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-10 13:36 - 2009-04-02 11:27 - 00090112 _____ () H:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () H:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-10 17:31 - 2009-03-19 21:35 - 00208896 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2014-08-10 17:31 - 2009-03-19 21:35 - 00008704 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2014-08-10 17:31 - 2009-01-15 13:55 - 00565248 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2014-08-10 17:31 - 2009-03-25 15:53 - 00053248 _____ () H:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2012-09-24 04:43 - 2012-09-24 04:43 - 00313992 _____ () H:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2012-12-18 20:08 - 2012-12-18 20:08 - 14588632 _____ () H:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2015-01-27 20:01 - 2015-01-27 20:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1447828807-318650237-636904149-1000\Control Panel\Desktop\\Wallpaper -> H:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 195.27.150.42

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: H:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SpeedFan.lnk => H:\Windows\pss\SpeedFan.lnk.CommonStartup
MSCONFIG\startupfolder: H:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => H:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SDTray => "H:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: uTorrent => "H:\Users\Mattia\AppData\Roaming\uTorrent\uTorrent.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1447828807-318650237-636904149-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1447828807-318650237-636904149-1005 - Limited - Enabled)
Guest (S-1-5-21-1447828807-318650237-636904149-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1447828807-318650237-636904149-1003 - Limited - Enabled)
Mattia (S-1-5-21-1447828807-318650237-636904149-1000 - Administrator - Enabled) => H:\Users\Mattia

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 10:03:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: H:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 10:03:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: H:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 09:50:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: H:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 09:50:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: H:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 09:34:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: be8

Start Time: 01d047031ced9ea1

Termination Time: 1

Application Path: H:\Users\Mattia\Downloads\CKScanner.exe

Report Id: 84228b9a-b2f6-11e4-85b7-20cf30c13265

Error: (02/12/2015 04:56:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: H:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (02/12/2015 10:44:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume H: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/12/2015 00:02:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/12/2015 00:02:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (02/11/2015 05:57:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2015 05:57:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2015 05:43:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2015 05:43:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/11/2015 04:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/12/2015 10:03:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestH:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mattia\Pictures\vari antiqualcosa\esetsmartinstaller_enu.exe

Error: (02/12/2015 10:03:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestH:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mattia\Pictures\vari antiqualcosa\esetsmartinstaller_enu.exe

Error: (02/12/2015 09:50:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestH:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mattia\Pictures\vari antiqualcosa\esetsmartinstaller_enu.exe

Error: (02/12/2015 09:50:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestH:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mattia\Pictures\vari antiqualcosa\esetsmartinstaller_enu.exe

Error: (02/12/2015 09:34:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CKScanner.exe2.5.1.1be801d047031ced9ea11H:\Users\Mattia\Downloads\CKScanner.exe84228b9a-b2f6-11e4-85b7-20cf30c13265

Error: (02/12/2015 04:56:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: H:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestH:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifesth:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2015 00:02:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer


CodeIntegrity Errors:
===================================
  Date: 2015-02-10 11:19:14.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.675
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 11:19:14.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:39.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:39.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\DB32.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:16.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\72BF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-10 10:18:15.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\72BF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 17:36:37.026
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\9991.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 17:36:36.948
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\9991.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom II X4 965 Processor
Percentage of memory in use: 52%
Total physical RAM: 4094.05 MB
Available physical RAM: 1943.14 MB
Total Pagefile: 8186.29 MB
Available Pagefile: 6257.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:59.04 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:119.24 GB) (Free:62.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: C6ADA90E)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 20722071)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

log.txt

Link to post
Share on other sites

Let's sweep out the remnants.

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startC:\Program Files\WinZip\Utils\WzSysScanend
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
Ran by Mattia at 2015-02-13 11:52:04 Run:2
Running from H:\Users\Mattia\Contacts\Desktop\New folder
Loaded Profiles: Mattia (Available profiles: Mattia)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files\WinZip\Utils\WzSysScan
end
*****************

C:\Program Files\WinZip\Utils\WzSysScan => Moved successfully.

==== End of Fixlog 11:52:07 ====

Link to post
Share on other sites

OK, now it's time to deal with Chrome. Yours is altered for adware to bypass security, so we need to rectify that.

chrome.png Reset Chrome to defaults

Please open Google Chrome.

  • Enter the Chrome menu by clicking the chrome-menu.png button.
  • Select Settings.
  • Click Show advanced settings and find the Reset browser settings section.
  • Click Reset browser settings.
  • In the dialog that appears, click Reset.
  • Chrome will reset itself.
Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore Chrome engine to a state similar after a fresh installation.

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Google Chrome
After completing uninstalls, please manually reboot your machine!

chrome.png Google Chrome reinstall

Please go to the official Chrome download website and install a fresh version.

Report when done.

Link to post
Share on other sites

Hi , after the reset and the uninstall of chrome I have not reinstalled because I do not really need 2 browser.

I have a question : some weeks ago combofix move to quarantine the entire League Of Legends Folders , I have reinstalled it , but still take up 11 more gb the H:\Qoobox\Quarantine\H\Program Files (x86)\lol\League Of Legends folders , can I delete it or or it could be dangerous ?

Link to post
Share on other sites

I will remove it later, along with other tools'n'toys we've used.

Now from the Security Check;

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10 Out of date!

Defragment your hard drive soon! (Do NOT defrag if SSD!)

Is disabled UAC your own setting?

Internet Explorer (even if unused) must be updated. This is a critical part of the system itself and leaving it that way is a security risk.

InternetSexplorer.png Updating Internet Explorer manually

IE is an integrated part of Windows core. Leaving it without updates is a great risk for your data security, even if you don't use it!

  • Visit THISwebsite.
  • You will find there IE 11 to be downloaded nad installed.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.