Jump to content

Recommended Posts

My browser is Firefox. A new tab pops up with the site :www.gconew.com

I ran "Malwarebytes", "Panda free antivirus" and "adwcleaner". None found any problem.

Here are the files FRST.txt and Addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-12-2015
Ran by Vittorio (administrator) on VITTORIO-1 (20-12-2015 15:51:40)
Running from D:\Dati PC\Documenti\Download
Loaded Profiles: Vittorio (Available Profiles: Vittorio)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Italiano (Italia)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech) C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe
(Broadcom Corporation.) C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Malwarebytes Corporation) C:\Programmi\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
(Panda Security, S.L.) C:\Programmi\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Programmi\Panda Security\Panda Devices Agent\AgentSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Panda Security, S.L.) C:\Programmi\Panda Security\Panda Security Protection\PSUAService.exe
(Logitech) C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Synaptics, Inc.) C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Acer.) C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe
(Malwarebytes Corporation) C:\Programmi\Malwarebytes Anti-Exploit\mbae.exe
(Panda Security, S.L.) C:\Programmi\Panda Security\Panda Security Protection\PSUAMain.exe
(Visicom Media Inc.) C:\Programmi\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Piriform Ltd) C:\Programmi\CCleaner\CCleaner.exe
(Broadcom Corporation.) C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
(Yahoo! Inc.) C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Panda Security, S.L.) C:\Programmi\Panda Security\Panda Security Protection\PSUAMain.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LVCOMSX] => C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe [237568 2006-07-20] (Logitech)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88204 2006-03-16] (Agere Systems)
HKLM\...\Run: [synTPLpr] => C:\Programmi\Synaptics\SynTP\SynTPLpr.exe [102491 2005-01-08] (Synaptics, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Programmi\Synaptics\SynTP\SynTPEnh.exe [692315 2005-01-08] (Synaptics, Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-11-28] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-28] (Intel Corporation)
HKLM\...\Run: [LogitechCameraAssistant] => C:\Programmi\Acer\OrbiCam\CameraAssistant.exe [331776 2006-07-21] (Acer.)
HKLM\...\Run: [LogitechVideo[inspector]] => C:\Programmi\Acer\OrbiCam\InstallHelper.exe [73728 2006-07-21] (Acer.)
HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Programmi\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM\...\Run: [PSUAMain] => C:\Programmi\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\Programmi\Panda Security URL Filtering\Panda_URL_Filtering.exe [254472 2015-10-02] (Visicom Media Inc.)
HKU\S-1-5-21-484763869-963894560-1177238915-1004\...\Run: [CCleaner Monitoring] => C:\Programmi\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-484763869-963894560-1177238915-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [708608 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8489984 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk [2014-01-05]
ShortcutTarget: BTTray.lnk -> C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Vittorio\Menu Avvio\Programmi\Esecuzione automatica\Yahoo! Widgets.lnk [2014-01-13]
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Programmi\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 128.199.233.113 8.8.4.4
Tcpip\..\Interfaces\{B504C420-665D-423C-9E1A-4858C25EBA1F}: [DhcpNameServer] 128.199.233.113 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-484763869-963894560-1177238915-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.it/
HKU\S-1-5-21-484763869-963894560-1177238915-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [s-1-5-21-484763869-963894560-1177238915-1004] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-484763869-963894560-1177238915-1004 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programmi\pandasecuritytb\pandasecurityDx.dll ()
SearchScopes: HKU\S-1-5-21-484763869-963894560-1177238915-1004 -> DefaultScope {F2F7CDA0-1DD4-44CB-9A9D-562002D51A51} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-963894560-1177238915-1004 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_2&idate=2015-04-24&ent=ch_668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-484763869-963894560-1177238915-1004 -> {F2F7CDA0-1DD4-44CB-9A9D-562002D51A51} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Programmi\pandasecuritytb\pandasecurityDx.dll [2015-10-05] ()
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programmi\pandasecuritytb\pandasecurityDx.dll [2015-10-05] ()
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Vittorio\Dati applicazioni\Mozilla\Firefox\Profiles\smcyamqc.default-1450245464904
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-16] ()
FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Programmi\Yahoo!\Common\npyaxmpb.dll [2007-03-10] (Yahoo! Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-01-05] (Broadcom Corporation.) [File not signed]
R2 LVPrcSrv; c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe [94208 2006-07-20] (Logitech) [File not signed]
S2 LVSrvLauncher; C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe [86016 2006-07-20] (Logitech) [File not signed]
R2 MbaeSvc; C:\Programmi\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice_tmp.exe [147624 2015-12-17] (Mozilla Foundation)
R2 NanoServiceMain; C:\Programmi\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Programmi\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 PSUAService; C:\Programmi\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
S2 SkypeUpdate; C:\Programmi\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [328061 2006-01-05] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-01-05] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [850282 2006-01-05] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-01-05] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148900 2006-01-05] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Programmi\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-11-18] ()
R3 lv321av; C:\WINDOWS\System32\DRIVERS\lv321av.sys [1097728 2006-11-22] (Logitech)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [1581952 2006-07-20] (Logitech) [File not signed]
R3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [1955200 2006-07-20] (Logitech) [File not signed]
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [17792 2006-07-20] () [File not signed]
R3 LVUSBSta; C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [39424 2006-11-22] (Logitech)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1427968 2005-11-27] (Intel® Corporation)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-20 15:51 - 2015-12-20 15:51 - 00000000 ____D C:\FRST
2015-12-20 10:18 - 2015-12-20 10:18 - 00000807 _____ C:\Documents and Settings\All Users\Desktop\LibreOffice 5.0.lnk
2015-12-20 10:17 - 2015-12-20 10:19 - 00000000 ___SD C:\Documents and Settings\All Users\Menu Avvio\Programmi\LibreOffice 5.0
2015-12-20 10:08 - 2015-12-20 10:17 - 00000000 ____D C:\Programmi\LibreOffice 5
2015-12-20 09:43 - 2015-12-20 09:43 - 00000712 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk
2015-12-20 09:43 - 2015-12-20 09:43 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-12-20 09:39 - 2015-12-20 10:25 - 00000000 ____D C:\Programmi\Mozilla Maintenance Service
2015-12-20 09:10 - 2015-12-20 09:43 - 00000000 ____D C:\Programmi\Mozilla Firefox
2015-12-20 09:09 - 2015-12-20 09:09 - 00000000 ____D C:\Programmi\Mozilla Firefox(2)
2015-12-20 09:09 - 2015-12-20 09:09 - 00000000 ____D C:\Documents and Settings\Vittorio\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2015-12-19 13:35 - 2015-12-19 14:30 - 00000000 ____D C:\AdwCleaner
2015-12-18 10:23 - 2015-12-20 09:09 - 00000000 ____D C:\Programmi\Mozilla Maintenance Service(2)
2015-12-17 01:25 - 2015-12-20 10:25 - 00030616 _____ C:\Documents and Settings\Vittorio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2015-12-17 01:24 - 2015-12-20 10:25 - 00181832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-16 11:54 - 2015-12-16 11:54 - 00000000 ____D C:\Documents and Settings\Vittorio\Dati applicazioni\LibreOffice
2015-12-16 09:56 - 2015-05-22 09:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-12-16 09:43 - 2015-12-20 09:18 - 00000000 ____D C:\Documents and Settings\Vittorio\Dati applicazioni\pandasecuritytb
2015-12-16 09:43 - 2015-12-16 09:43 - 00000000 ____D C:\Programmi\Panda Security URL Filtering
2015-12-16 09:43 - 2015-12-16 09:43 - 00000000 ____D C:\Documents and Settings\Vittorio\Impostazioni locali\Dati applicazioni\panda
2015-12-16 09:42 - 2015-12-16 09:43 - 00000000 ____D C:\Programmi\pandasecuritytb
2015-12-16 09:41 - 2015-12-16 09:41 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Panda Free Antivirus
2015-12-16 09:36 - 2015-12-16 09:36 - 00000000 ____D C:\Documents and Settings\LocalService\Menu Avvio\Programmi
2015-12-16 09:36 - 2015-12-16 09:36 - 00000000 ____D C:\Documents and Settings\LocalService\Menu Avvio
2015-12-11 15:31 - 2015-12-11 15:31 - 00970912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120.dll
2015-12-11 15:31 - 2015-12-11 15:31 - 00455328 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-20 15:52 - 2014-01-05 20:03 - 00000000 ____D C:\Documents and Settings\Vittorio\Impostazioni locali\Temp
2015-12-20 15:51 - 2014-01-05 20:40 - 00751592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-20 15:51 - 2014-01-05 20:31 - 00000000 ____D C:\WINDOWS
2015-12-20 15:51 - 2008-04-14 13:00 - 00345620 _____ C:\WINDOWS\system32\perfh010.dat
2015-12-20 15:51 - 2008-04-14 13:00 - 00048012 _____ C:\WINDOWS\system32\perfc010.dat
2015-12-20 15:47 - 2014-01-05 22:35 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-12-20 15:46 - 2014-01-05 20:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-20 12:38 - 2015-01-09 12:50 - 00327680 _____ C:\WINDOWS\system32\config\Nano.evt
2015-12-20 12:38 - 2014-01-05 20:03 - 00000194 ___SH C:\Documents and Settings\Vittorio\ntuser.ini
2015-12-20 12:38 - 2014-01-05 20:00 - 00032528 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-20 12:37 - 2015-04-24 16:36 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-20 11:54 - 2015-04-24 20:02 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-20 10:17 - 2014-01-05 20:40 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi
2015-12-20 10:08 - 2014-01-05 20:40 - 00000000 ___RD C:\Programmi
2015-12-20 09:41 - 2014-01-05 20:40 - 00000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni
2015-12-20 09:15 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-20 09:14 - 2014-01-05 20:03 - 00000000 ____D C:\Documents and Settings\Vittorio
2015-12-20 09:14 - 2014-01-05 20:00 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-12-20 09:14 - 2014-01-05 20:00 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-12-20 09:14 - 2014-01-05 19:53 - 00000000 ____D C:\WINDOWS\Registration
2015-12-20 09:09 - 2014-01-05 20:03 - 00000000 ___HD C:\Documents and Settings\Vittorio\Impostazioni locali\Dati applicazioni
2015-12-16 11:54 - 2014-01-05 20:03 - 00000000 __RHD C:\Documents and Settings\Vittorio\Dati applicazioni
2015-12-16 10:40 - 2014-01-05 20:40 - 00000000 ___HD C:\Documents and Settings\All Users\Modelli
2015-12-16 09:50 - 2014-01-05 20:31 - 00000000 ___HD C:\WINDOWS\inf
2015-12-16 09:42 - 2015-01-09 12:50 - 00000000 ____D C:\Documents and Settings\Vittorio\Dati applicazioni\Panda Security
2015-12-16 09:42 - 2015-01-09 12:49 - 00000000 ____D C:\Programmi\Panda Security
2015-12-16 09:42 - 2015-01-09 12:46 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Panda Security
2015-12-16 09:37 - 2015-04-24 16:51 - 00000000 ____D C:\Programmi\Malwarebytes Anti-Exploit
2015-12-16 09:37 - 2015-04-24 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Exploit
2015-12-16 09:36 - 2015-04-24 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes Anti-Exploit
2015-12-16 07:54 - 2014-01-13 03:22 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-16 07:54 - 2014-01-13 03:22 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-16 07:00 - 2015-04-24 17:25 - 00000664 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-12-16 06:52 - 2015-04-24 16:36 - 00000759 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-16 06:52 - 2015-04-24 16:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware
2015-12-16 06:52 - 2015-04-24 16:35 - 00000000 ____D C:\Programmi\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2014-01-12 23:42 - 2006-08-13 22:22 - 0169158 _____ () C:\Programmi\Restart.ico
2014-01-12 23:42 - 2007-07-26 23:24 - 0001494 _____ () C:\Programmi\Riavvio PC.lnk
2014-01-12 23:42 - 2006-08-13 22:22 - 0169158 _____ () C:\Programmi\Shotdown.ico
2014-01-12 23:42 - 2007-07-26 23:23 - 0001700 _____ () C:\Programmi\Spegni PC.lnk

Some files in TEMP:
====================
C:\Documents and Settings\Vittorio\Impostazioni locali\Temp\sqlite3.dll
C:\Documents and Settings\Vittorio\Impostazioni locali\Temp\{4CF3DC10-2A08-4867-B030-24E0384C5A9B}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-12-2015
Ran by Vittorio (2015-12-20 15:52:27)
Running from D:\Dati PC\Documenti\Download
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2014-01-05 18:59:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-484763869-963894560-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-484763869-963894560-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-484763869-963894560-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-484763869-963894560-1177238915-1002 - Limited - Disabled)
Vittorio (S-1-5-21-484763869-963894560-1177238915-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Vittorio

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Arena 3.5 (HKLM\...\Arena 3.5_is1) (Version:  - )
Atheros Wireless LAN (HKLM\...\{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Driver di Acer® Camera (HKLM\...\QcDrv) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4436 - )
LibreOffice 5.0.4.2 (HKLM\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation)
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware versione 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 it) (HKLM\...\Mozilla Firefox 43.0.1 (x86 it)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
Panda Devices Agent (Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.00.02.0000 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.3.1.9 - Panda Security and Visicom Media Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.04 - Realtek Semiconductor Corp.)
scilab-5.5.2 (HKLM\...\scilab-5.5.2_is1) (Version:  - Scilab Enterprises)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Acer OrbiCam (HKLM\...\{BEA52CA9-73F9-4DCE-8698-E71CB946ADC8}) (Version: 9.70.0000 - Acer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.12.13.0 - )
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
UMVPLStandalone (Version: 9.70.1095 - Logitech Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.1400 - WIDCOMM, Inc.)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Widgets (HKLM\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{05C3F9E2-1E76-439F-9E37-9020946A191A}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{09303D01-B159-4F1B-A2B8-CA3117B8FA1B}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{54B2BE72-FEC7-443D-BAE9-3E70E618A7D8}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{73CA2532-42DE-449F-8C8A-229B8AAF3B68}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{949DB7D2-36F2-4CCA-8CA8-A3A6D4E5911C}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{A50A1B09-943D-4A78-B08D-56072A602ABD}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVComCX.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{C9448C44-BEFB-4941-8457-E5C4314D3D96}\localserver32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{CAF933C7-C65A-46D2-AA63-1FC84EB43954}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{CC9E9F9A-11A4-49DD-B468-782AFDE5607E}\InprocServer32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVMaEnum.dll (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{CD89D352-5A13-49F8-9EB5-7E6D1FB0CD57}\localserver32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{DB20D0C0-4CEF-11D0-8B17-00AA00211961}\localserver32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{DB20D0C3-4CEF-11D0-8B17-00AA00211961}\localserver32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe (Logitech)
CustomCLSID: HKU\S-1-5-21-484763869-963894560-1177238915-1004_Classes\CLSID\{E8ACF719-FFDE-4EE1-8923-48BDA8569FCC}\localserver32 -> C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe (Logitech)

==================== Restore Points =========================

16-12-2015 10:39:01 OpenOffice 4.1.1 rimosso
16-12-2015 11:48:17 LibreOffice 5.0.3.2 installato
18-12-2015 10:12:15 Punto di arresto del sistema
19-12-2015 10:53:20 Punto di arresto del sistema
19-12-2015 13:40:41 Removed SlimCleaner
20-12-2015 09:08:49 Operazione di ripristino
20-12-2015 09:25:50 OpenOffice 4.1.1 rimosso
20-12-2015 09:31:28 Removed SlimCleaner
20-12-2015 10:07:00 LibreOffice 5.0.4.2 installato
20-12-2015 15:49:49 prima di togliere panda

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 13:00 - 2008-04-14 13:00 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2008-04-14 13:00 - 2008-04-14 13:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Programmi\Panda Security\Panda Security Protection\SQLite3.dll
2006-01-05 21:36 - 2006-01-05 21:36 - 00053248 _____ () C:\Programmi\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-01-08 23:50 - 2008-01-08 23:50 - 00349147 _____ () C:\Programmi\Yahoo!\Widgets\sqlite3.dll
2008-03-19 01:21 - 2008-03-19 01:21 - 00512000 _____ () C:\Programmi\Yahoo!\Widgets\js32.dll
2008-03-19 01:21 - 2008-03-19 01:21 - 00094208 _____ () C:\Programmi\Yahoo!\Widgets\jsd.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-484763869-963894560-1177238915-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Vittorio\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
DNS Servers: 128.199.233.113 - 8.8.4.4
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Programmi\AVG\AVG2014\avgmfapx.exe] => Enabled:Installazione di AVG
StandardProfile\AuthorizedApplications: [C:\Programmi\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Programmi\pandasecuritytb\dtUser.exe] => Enabled:Panda Security Toolbar DTX Broker
StandardProfile\AuthorizedApplications: [C:\Programmi\pandasecuritytb\cleanupie.exe] => Enabled:Panda Security Toolbar IE Cleaner
StandardProfile\AuthorizedApplications: [C:\Programmi\pandasecuritytb\ToolbarCleaner.exe] => Enabled:ToolbarCleaner
StandardProfile\AuthorizedApplications: [C:\Programmi\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Programmi\Mozilla Firefox)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2015 07:15:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Applicazione in stallo firefox.exe, versione 43.0.0.5820, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.


System errors:
=============
Error: (12/20/2015 08:42:02 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Il lease 192.168.1.60 dell'indirizzo IP della scheda di rete con indirizzo 0013024BC4F2 è stato
negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK.

Error: (12/19/2015 02:30:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Interruzione imprevista del servizio Servizio Gateway di livello applicazione. Questo evento si è già verificato 1 volta(e).

Error: (12/19/2015 02:30:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Panda Devices Agent è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e.  Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (12/19/2015 02:30:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Malwarebytes Anti-Exploit Service è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e.  Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.

Error: (12/19/2015 02:30:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Bluetooth Service è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e.  Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (12/19/2015 02:30:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Interruzione imprevista del servizio Logitech Process Monitor. Questo evento si è già verificato 1 volta(e).

Error: (12/19/2015 02:30:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Spooler di stampa è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e.  Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (12/19/2015 02:23:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Interruzione imprevista del servizio Servizio Gateway di livello applicazione. Questo evento si è già verificato 1 volta(e).

Error: (12/19/2015 02:23:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Panda Devices Agent è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e.  Le seguenti azioni di correzione saranno eseguite tra 300000 millisecondi: Riavvia il servizio.

Error: (12/19/2015 02:23:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Malwarebytes Anti-Exploit Service è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e.  Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T1350 @ 1.86GHz
Percentage of memory in use: 55%
Total physical RAM: 1014.11 MB
Available physical RAM: 449.1 MB
Total Virtual: 2441.43 MB
Available Virtual: 1933.4 MB

==================== Drives ================================

Drive c: (Vittorio 1) (Fixed) (Total:20.03 GB) (Free:12.65 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Vittorio 2) (Fixed) (Total:49.62 GB) (Free:29.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 0D600D60)
Partition 1: (Not Active) - (Size=4.9 GB) - (Type=12)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Do you know of and trust the IP Address highlighted in Red?

 

Tcpip\Parameters: [DhcpNameServer] 128.199.233.113 8.8.4.4
Tcpip\..\Interfaces\{B504C420-665D-423C-9E1A-4858C25EBA1F}: [DhcpNameServer] 128.199.233.113 8.8.4.4

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Post those logs to your next reply...

 

Thank you,

 

Kevin..

Link to post
Share on other sites

Kevin,

 

thanks for your help.

I do not know about the IP you highlighted in red.

I ran "Malwarebytes" and "Roguekiller" as per your instructions. 

Here are  the two log files. First the Malwarebytes scan log and then the Roguekiller log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 22-12-2015
Ora scansione: 5:53:34
File di log: malwarebytes scan log.txt
Amministratore: Sì

Versione: 2.2.0.1024
Database malware: v2015.12.22.01
Database rootkit: v2015.12.18.01
Licenza: Gratuito
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata

SO: Windows XP Service Pack 3
CPU: x86
File system: NTFS
Utente: Vittorio

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 287453
Tempo impiegato: 33 min, 38 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 0
(Nessun elemento nocivo rilevato)

Valori di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settori fisici: 0
(Nessun elemento nocivo rilevato)


(end)

 

 

RogueKiller V11.0.4.0 [Dec 20 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Vittorio [Administrator]
Started from : D:\Dati PC\Documenti\Download\RogueKiller.exe
Mode : Scan -- Date : 12/22/2015 06:57:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK8032GAX +++++
--- User ---
[MBR] 5c9fd7dc6953178db0be5f2e2ace869f
[bSP] 6be2b7745a5888c6e880d19d90873d3e : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 10233405 | Size: 20512 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 52243381 | Size: 50807 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

 

 

Link to post
Share on other sites

Thanks for those logs, continue as follows..

 

Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary.
 

DNSJumper instructions available here: http://www.sordum.org/7952/dns-jumper-v2-0/[/url]
 

Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper[/url]
 

Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool.

From the left hand pane select "Flush DNS"

From the main interface select the dropdown under "Choose a DNS Server"

From the list select either "Google Public DNS" or "Open DNS"

From the left hand pane select "Apply DNS"

When done re-boot your system....

 

Next,

 

Download by Xplode onto your Desktop.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

 

Next,

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit website.

Click there Run ESET Online Scanner.

If using Internet Explorer:


If using Mozilla Firefox or Google Chrome:


To perform the scan:



Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Post those logs, also let me know if any remaining issues or concerns...

 

Thank you,

 

Kevin

Link to post
Share on other sites

Kevin,

 

thanks a lot.

 

I ran the programs as you asked but in the following and different order because at the beginning "adwcleaner" refused to install:

DNS jumper, JRT, ESET, Adwcleaner.

Now I do not know if  the virus is gone.

Here are the three logs (JRT, ESET, Adwcleaner):

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Microsoft Windows XP x86
Ran by Vittorio (Administrator) on 24-12-2015 at  0:24:10,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\\{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Value)

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ad4cff1037ce0745a3e9b8e75061aa60
# end=init
# utc_time=2015-12-24 08:34:13
# local_time=2015-12-24 09:34:13 (+0100, ora solare Europa occidentale)
# country="Italy"
# osver=5.1.2600 NT Service Pack 3
Update Init
Update Download
Update Finalize
Updated modules version: 27342
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ad4cff1037ce0745a3e9b8e75061aa60
# end=updated
# utc_time=2015-12-24 08:50:10
# local_time=2015-12-24 09:50:10 (+0100, ora solare Europa occidentale)
# country="Italy"
# osver=5.1.2600 NT Service Pack 3
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ad4cff1037ce0745a3e9b8e75061aa60
# engine=27342
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-24 09:22:26
# local_time=2015-12-24 10:22:26 (+0100, ora solare Europa occidentale)
# country="Italy"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 98 693677 218992766 0 0
# scanned=62149
# found=8
# cleaned=0
# scan_time=1934
sh=377E5D7507CBC78B8F73E2230028979D82959327 ft=1 fh=f0078ff53f707ef9 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Documents and Settings\Vittorio\Impostazioni locali\Temp\{4CF3DC10-2A08-4867-B030-24E0384C5A9B}.exe"
sh=313A51E95C712D325429F3EC1A537CD326B45FAF ft=1 fh=b071c0cdab5e5279 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Programmi\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=A8BEA83F453DD57C61B6FBF42EC34C7970538D16 ft=1 fh=e4972ae9c9bdbfd8 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\Programmi\pandasecuritytb\pandasecurityDx.dll"
sh=9D940C780259475D57323079EA8695C1A3EDA411 ft=1 fh=1746cea884d557dd vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Programmi\pandasecuritytb\pandasecuritytb.dll"
sh=C6E9C18B997F9A82B1AFD311B13681C5DC54A01F ft=1 fh=4ea2f57798fab6e9 vn="a variant of Win32/Toolbar.Visicom.E potentially unwanted application" ac=I fn="C:\Programmi\pandasecuritytb\ToolbarCleaner.exe"
sh=5208ECDCC250F219019AA972749BA71FD06417B1 ft=1 fh=4fae1286e66135e9 vn="a variant of Win32/Toolbar.Visicom.E potentially unwanted application" ac=I fn="C:\Programmi\pandasecuritytb\uninstall.exe"
sh=6EB1CB1D94A00DAF1FB91218B050FDCBA8436C03 ft=1 fh=4ee2e677a5bceddb vn="Win32/Joke.ScreenMate potentially unsafe application" ac=I fn="D:\Contenuto Anna\Reinstallazione (NON CANCELLARE!)\Documenti\scuola\FELIX2.doc.EXE"
sh=B7C20CA5F3D03CA0B47FE84EA238FF4F69E5183B ft=1 fh=075c4223825eb116 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\RECYCLER\S-1-5-21-484763869-963894560-1177238915-1004\Dd7.exe"
 

 

# AdwCleaner v5.026 - Logfile created 24/12/2015 at 10:40:30
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Vittorio - VITTORIO-1
# Running from : D:\Dati PC\Documenti\Download\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\Vittorio\Impostazioni locali\Dati applicazioni\slimware utilities inc

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [985 bytes] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24-12-2015 at  0:25:27,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

Save any open work. TFC will close all open application windows.

Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.

If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important



What is the status of system, does the issue still happen when you have Firefox open?

Link to post
Share on other sites

Kevin,

 

I ran TFC. Afterwards I spent a long time surfing the web using Firefox and the uninvited site did not show up any more.

I assume you fixed the problem.

Congratulations!

I have a second computer where I use Chrome as a browser and now Chrome  has the same problem: from time to time a window with the site "www.gconew.com" pops up.

Will you please guide me towards fixing the issue there too?

What should I do first?
Thanks again.

Link to post
Share on other sites

We need to finish this one first..

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

 

Open a new thread for your other PC and post FRST logs, i`m about for maybe another 2 to 3 hours...

Kevin...  busy.gif
 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.