Solved Can't remove a nasty strain of malware/adware

Cooperdale

New Member
Thread author
May 3, 2016
7
Hello everybody, thanks in advance for any help.

I'm trying to remove Malware from a PC (not mine). It keeps opening up ads in the form of new tabs in any browser.

As described above, Adwcleaner found nothing, neither did Malwarebytes.

I checked all autoruns items for something strange, which I didn't find.

I also reset browsers to their defaults, to no avail.

I really don't know what else to do.

I'm pasting FRST logs, hope they can be of help (the system won't let me upload them).

==========================================================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2016
Ran by Utente (2016-05-02 13:39:20)
Running from C:\Documents and Settings\Utente\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2008-10-24 22:49:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1275210071-179605362-725345543-500 - Administrator - Disabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1275210071-179605362-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1275210071-179605362-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1275210071-179605362-725345543-1002 - Limited - Disabled)
Utente (S-1-5-21-1275210071-179605362-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Utente

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.377.1 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2183461) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2360131) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2416400) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2482017) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2497640) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2530548) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2544521) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2559049) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2586448) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2618444) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB2647516) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2) (Version: 2 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB976325) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 7 (KB982381) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows XP (KB923689) (HKLM\...\KB923689) (Version: - Microsoft Corporation)
Aggiornamento della protezione per Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Aggiornamento per Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento per Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Aggiornamento per Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
AKSwitcher Service (HKLM\...\AKSwitcher) (Version: 1.0 - ArubaKey)
ArcSoft Panorama Maker 3.0 (HKLM\...\{1CABB679-3958-44AA-BFFF-4E68A2684255}) (Version: - )
ATI - Programma di disinstallazione (HKLM\...\All ATI Software) (Version: 6.14.10.1019 - )
ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 9.15.0.20713 - ATI Technologies Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1220.2142 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.451-071220a1-057721C-ATI - )
ATI HYDRAVISION (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: 3.25.0006 - )
ATI Parental Control & Encoder (Version: 3.0 - Nome società) Hidden
ATI Problem Report Wizard (HKLM\...\{5DA6F06A-B389-407B-BF8C-1548767914D8}) (Version: 8.10 - ATI Technologies)
AutoCAD 2010 - Italiano (HKLM\...\AutoCAD 2010 - Italiano) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden
ccc-core-preinstall (Version: 2007.1220.2143.38732 - ATI) Hidden
ccc-core-static (Version: 2007.1220.2143.38732 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DeskTopBinder - SmartDeviceMonitor for Client (HKLM\...\{C138D676-4F0F-4FDE-8BE5-26CFD3566DCD}) (Version: 8.6.7.0 - )
DeskTopBinder Lite (HKLM\...\{DD30D7C5-DD1A-46E7-9CA6-03CF6A398990}) (Version: 5.3.6.1 - Ricoh)
Docfa 3.0 SP5 (HKLM\...\Docfa 3.0 SP5) (Version: - )
Docfa 3.0.5 (HKLM\...\Docfa 3.0.5) (Version: - )
Docfa4 (HKLM\...\A9D22611-32B5-40C2-88BF-6A39245A0C76) (Version: 4.00.3 - Sogei)
DraftSight (HKLM\...\{7FB4CBC4-9236-4338-999D-6E77598D56A8}) (Version: 10.1.1069 - Dassault Systemes)
ESET NOD32 Antivirus (HKLM\...\{4E4A2342-F757-49F3-A3A1-364AF1AC0381}) (Version: 9.0.377.1 - ESET, spol. s r.o.)
ExtraCAD 6 (HKLM\...\ExtraCAD 6) (Version: - )
Facebook Plug-In (HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Image Web Server 7.0 IE Plugins (Build:3,1,0,229) (HKLM\...\Image Web Server IE Plugin) (Version: - )
J2SE Runtime Environment 5.0 Update 16 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150160}) (Version: 1.5.0.160 - Sun Microsystems, Inc.)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
K-Lite Mega Codec Pack 1.65 (HKLM\...\KLiteCodecPack_is1) (Version: 1.65 - )
Language Pack di AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden
LightScribe System Software 1.10.19.1 (HKLM\...\{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}) (Version: 1.10.19.1 - hxxp://www.lightscribe.com)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA (HKLM\...\{842F9881-E181-30B3-A152-008D61433274}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA (HKLM\...\{86BA3130-5938-3192-BBCF-6B0A2D86FA58}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano) (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ita) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM\...\{91130410-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62D5B0B1-9E1D-4d66-A593-D68F3FED7709}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{65A54DC3-5FF6-4C75-906E-3EA1A3B71040}) (Version: 8.10.376 - Nero AG)
Nikon View 6 (HKLM\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
NoAdware v5.0 (HKLM\...\NoAdware 5.0_is1) (Version: - )
OpenOffice.org 3.3 (HKLM\...\{2A845A64-3F80-41D7-9F33-6146E56997E6}) (Version: 3.3.9567 - OpenOffice.org)
Pacchetto driver Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (HKLM\...\DF095A5F6BDF51B12AC8DFCDBA1B044C442E0ADE) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Pannello voci Ver. 4.0 (HKLM\...\Pannello voci_is1) (Version: - Anastasis Soc. Coop.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5464 - Realtek Semiconductor Corp.)
Regolo Sicurezza 5 (HKLM\...\Microsoftware.RegoloSicurezza.5_is1) (Version: 5.0 - Microsoftware srl)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skins (Version: 2007.1220.2143.38732 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Type1232 TWAIN Driver Ver.3 (HKLM\...\{F67C1757-E0EF-466B-8C58-18686C445783}) (Version: - )
TypeC2550 TWAIN Driver Ver.4 (HKLM\...\{61777C41-766B-4C45-82D8-EE72917658F1}) (Version: 4.31 - )
UPSilon 2000 (HKLM\...\{E592E668-89A9-4098-B70C-0C2D59FB15CA}) (Version: 3.00 - Megatec)
Uranium Backup (HKLM\...\Uranium Backup) (Version: - )
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Voltura 1.0 (HKLM\...\Voltura 1.0) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Win2PDF 3.10 (HKLM\...\Win2PDF_is1) (Version: 3.10 - Dane Prairie Systems, LLC.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144514 - Microsoft Corporation)
WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Programmi\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Programmi\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Programmi\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programmi\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programmi\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-07-16 10:28 - 2006-03-19 15:15 - 00015360 _____ () C:\WINDOWS\system32\win2pdfm.dll
2009-07-09 12:26 - 2009-07-09 12:26 - 00081920 _____ () C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe
2012-12-27 14:57 - 2012-12-27 14:57 - 00948144 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtNetwork4.dll
2012-12-27 14:57 - 2012-12-27 14:57 - 02623408 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtCore4.dll
2012-12-27 14:57 - 2012-12-27 14:57 - 00387505 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtXml4.dll
2008-10-25 01:35 - 2005-08-03 22:32 - 00125952 _____ () C:\Programmi\WinRAR\rarext.dll
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Programmi\CCleaner\lang\lang-1040.dll
2007-10-29 14:00 - 2008-04-14 04:13 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-10-29 14:00 - 2007-10-29 14:00 - 00000768 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1275210071-179605362-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
DNS Servers: 208.67.222.222 - 208.67.220.220
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Function Palette.lnk => C:\WINDOWS\pss\Function Palette.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NkvMon.exe.lnk => C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Rupsmon Daemon.lnk => C:\WINDOWS\pss\Rupsmon Daemon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk => C:\WINDOWS\pss\ERUNT AutoBackup.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CpnIconMng => "C:\Programmi\Panda Security\WAC\CpIcnMng.exe"
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LightScribe Control Panel => C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: Skype => "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programmi\Java\jre1.5.0_16\bin\jusched.exe"
MSCONFIG\startupreg: VoicePanel => C:\Programmi\Anastasis\VoicePanel\VoicePanel.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [D:\Installation\Setupx.exe] => Enabled:Nero ControlCenter
StandardProfile\AuthorizedApplications: [C:\Programmi\Adobe\Photoshop Elements 2\PhotoshopElements.exe] => Enabled:Adobe Photoshop Elements
StandardProfile\AuthorizedApplications: [C:\Programmi\RDS\PLTBar.exe] => Enabled:Ridoc Document System Ridoc Desk ToolLauncher Module
StandardProfile\AuthorizedApplications: [C:\Programmi\Docfa30\PGM\DOCFA30.exe] => Enabled:DOCFA30
StandardProfile\AuthorizedApplications: [C:\Programmi\Docfa4\Pgm\Docfa40.exe] => Enabled:Docfa40
StandardProfile\AuthorizedApplications: [C:\Programmi\File comuni\Microsoft Shared\MSPaper\MSPSCAN.EXE] => Enabled:Microsoft® Office Document Scanning App
StandardProfile\AuthorizedApplications: [C:\Docfa4\PGM\Docfa40.exe] => Enabled:Docfa40
StandardProfile\AuthorizedApplications: [C:\Programmi\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Programmi\AVG\AVG2015\avgmfapx.exe] => Enabled:Installazione di AVG
StandardProfile\AuthorizedApplications: [C:\Programmi\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

==================== Restore Points =========================

03-02-2016 11:47:10 Punto di arresto del sistema
04-02-2016 12:24:17 Punto di arresto del sistema
05-02-2016 13:10:44 Punto di arresto del sistema
08-02-2016 12:12:32 Punto di arresto del sistema
09-02-2016 12:33:05 Punto di arresto del sistema
10-02-2016 13:10:35 Punto di arresto del sistema
11-02-2016 13:22:50 Punto di arresto del sistema
12-02-2016 13:29:56 Punto di arresto del sistema
15-02-2016 12:06:15 Punto di arresto del sistema
16-02-2016 13:19:04 Punto di arresto del sistema
17-02-2016 14:12:38 Punto di arresto del sistema
18-02-2016 14:29:53 Punto di arresto del sistema
19-02-2016 14:56:40 Punto di arresto del sistema
22-02-2016 13:34:01 Punto di arresto del sistema
23-02-2016 14:16:45 Punto di arresto del sistema
24-02-2016 14:45:24 Punto di arresto del sistema
25-02-2016 14:52:37 Punto di arresto del sistema
26-02-2016 15:49:39 Punto di arresto del sistema
28-02-2016 14:18:39 Punto di arresto del sistema
29-02-2016 14:26:11 Punto di arresto del sistema
01-03-2016 14:26:33 Punto di arresto del sistema
02-03-2016 14:47:02 Punto di arresto del sistema
03-03-2016 15:00:01 Punto di arresto del sistema
04-03-2016 15:00:41 Punto di arresto del sistema
07-03-2016 09:55:10 Punto di arresto del sistema
08-03-2016 10:25:12 Punto di arresto del sistema
09-03-2016 12:14:54 Punto di arresto del sistema
10-03-2016 12:46:26 Punto di arresto del sistema
11-03-2016 14:14:55 Punto di arresto del sistema
14-03-2016 09:38:20 Punto di arresto del sistema
15-03-2016 12:45:56 Punto di arresto del sistema
16-03-2016 13:20:41 Punto di arresto del sistema
17-03-2016 14:21:27 Punto di arresto del sistema
18-03-2016 14:22:40 Punto di arresto del sistema
21-03-2016 12:22:14 Punto di arresto del sistema
22-03-2016 13:16:54 Punto di arresto del sistema
23-03-2016 14:04:12 Punto di arresto del sistema
24-03-2016 14:34:46 Punto di arresto del sistema
25-03-2016 15:21:47 Punto di arresto del sistema
29-03-2016 11:49:44 Punto di arresto del sistema
30-03-2016 11:59:50 Punto di arresto del sistema
31-03-2016 12:21:31 Punto di arresto del sistema
01-04-2016 12:53:56 Punto di arresto del sistema
02-04-2016 13:21:07 Punto di arresto del sistema
04-04-2016 09:02:54 Punto di arresto del sistema
05-04-2016 09:16:54 Punto di arresto del sistema
06-04-2016 12:15:14 Punto di arresto del sistema
07-04-2016 13:07:56 Punto di arresto del sistema
08-04-2016 13:15:24 Punto di arresto del sistema
11-04-2016 12:29:52 Punto di arresto del sistema
12-04-2016 13:15:52 Punto di arresto del sistema
13-04-2016 13:38:33 Punto di arresto del sistema
14-04-2016 14:29:55 Punto di arresto del sistema
15-04-2016 14:52:28 Punto di arresto del sistema
18-04-2016 06:45:06 Punto di arresto del sistema
19-04-2016 10:10:53 Punto di arresto del sistema
20-04-2016 11:06:22 Punto di arresto del sistema
21-04-2016 11:21:51 Punto di arresto del sistema
22-04-2016 11:30:36 Punto di arresto del sistema
26-04-2016 09:49:18 Punto di arresto del sistema
27-04-2016 11:19:16 Punto di arresto del sistema
28-04-2016 12:22:35 Punto di arresto del sistema
29-04-2016 13:04:09 Punto di arresto del sistema
30-04-2016 13:25:35 Punto di arresto del sistema
02-05-2016 12:22:17 Punto di arresto del sistema

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (05/02/2016 12:11:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM ha ricevuto l'errore "%%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""
per eseguire il server
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/02/2016 11:45:49 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (05/02/2016 11:45:09 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (05/02/2016 11:45:09 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (05/02/2016 11:44:29 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (05/02/2016 11:44:29 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (05/02/2016 11:43:48 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (05/02/2016 11:43:08 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.

Error: (05/02/2016 11:43:08 AM) (Source: DCOM) (EventID: 10020) (User: )
Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 25%
Total physical RAM: 3071.23 MB
Available physical RAM: 2285.25 MB
Total Virtual: 4957.16 MB
Available Virtual: 4327.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:278.22 GB) (Free:215.14 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Acronis) (Fixed) (Total:19.87 GB) (Free:12.14 GB) NTFS
Drive f: (Copie) (Fixed) (Total:931.51 GB) (Free:857.5 GB) NTFS
Drive g: (ARUBAKEY) (Removable) (Total:0.94 GB) (Free:0.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 76124D31)
Partition 1: (Active) - (Size=278.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.9 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FEBC4493)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 70707573)
No partition Table on disk 2.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2016
Ran by Utente (administrator) on TOMMASO (02-05-2016 13:38:33)
Running from C:\Documents and Settings\Utente\Desktop
Loaded Profiles: Utente (Available Profiles: Utente & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Programmi\Eset\ESET NOD32 Antivirus\ekrn.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
() C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe
(Dassault Systèmes) C:\Programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Hewlett-Packard Company) C:\Programmi\File comuni\LightScribe\LSSrvc.exe
(Nero AG) C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
(Google Inc.) C:\Programmi\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Mega System Technologies, Inc.) C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Mega Corp.) C:\Programmi\Megatec\UPSilon 2000\usbmate.exe
(ESET) C:\Programmi\Eset\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Advanced Micro Devices Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Piriform Ltd) C:\Programmi\CCleaner\CCleaner.exe
(Freesoft S.r.l.) C:\Programmi\FreeSoft\Uranium\Uranium.exe
(Logitech, Inc.) C:\Programmi\Logitech\SetPoint\SetPoint.exe
(RICOH COMPANY,LTD.) C:\Programmi\RDS\RMClient\PMCTray.exe
(Logitech, Inc.) C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384000 2007-08-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [JobHisInit] => C:\Programmi\RDS\RMClient\JobHisInit.exe [229481 2007-08-30] (RICOH COMPANY,LTD.)
HKLM\...\Run: [MplSetUp] => C:\Programmi\RDS\RMClient\MplSetUp.exe [49254 2007-08-30] (RICOH COMPANY,LTD.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21] (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll [2008-05-02] (Logitech, Inc.)
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [CCleaner Monitoring] => C:\Programmi\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [CCleaner] => C:\Programmi\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [Uranium] => C:\Programmi\FreeSoft\Uranium\Uranium.exe [9190528 2011-04-14] (Freesoft S.r.l.)
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\MountPoints2: {41c0254c-2b22-11de-925d-001e58e7f6a8} - G:\LaunchU3.exe -a
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Gestore icona firma digitale di AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk [2015-12-02]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk [2008-10-25]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\SmartDeviceMonitor for Client.lnk [2008-12-12]
ShortcutTarget: SmartDeviceMonitor for Client.lnk -> C:\Programmi\RDS\RMClient\PMClient.exe (RICOH COMPANY,LTD.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 31.3.244.140 31.3.244.132
Tcpip\..\Interfaces\{95A07F52-3415-45D8-8671-25C9B7C2C9AA}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{B3758DE8-3EEB-4428-8DF5-04E2DDEAA1B0}: [DhcpNameServer] 31.3.244.140 31.3.244.132

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.it/
HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> DefaultScope {00000000-0000-0000-0000-474f4f474c45} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {00000000-0000-0000-0000-474f4f474c45} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {115511CE-B4D1-42D7-8EBC-9622074118D6} URL = hxxp://it.search.yahoo.com/search?fr=mcafee&type=A010IT773&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {286B705F-8441-48F7-8706-8529CE432C16} URL = hxxps://it.search.yahoo.com/search?fr=mcafee&type=B010IT773D20140613&p={searchTerms}
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll [2008-05-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx [2008-04-14] (Microsoft Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} hxxp://www.cartografiarl.regione.liguria.it/ecwplugins/ncs.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programmi\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1275210071-179605362-725345543-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )

Chrome:
=======
CHR Profile: C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default
CHR Extension: (Presentazioni Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02]
CHR Extension: (Documenti Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
CHR Extension: (Fogli Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02]
CHR Extension: (Google Documenti offline) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]
CHR Extension: (AdBlock) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-02]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Programmi\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AK910SwitchService; C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe [81920 2009-07-09] () [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-12-20] () [File not signed]
R2 DraftSight API Service; C:\Programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [86016 2012-12-27] (Dassault Systèmes) [File not signed]
R2 ekrn; C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [1982752 2016-04-13] (ESET)
S3 FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-12-21] (Macrovision Europe Ltd.) [File not signed]
S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
S3 LBTServ; C:\Programmi\File comuni\LogiShrd\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
R2 LightScribeService; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [79136 2007-10-18] (Hewlett-Packard Company)
R2 Nero BackItUp Scheduler 3; C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe [382248 2007-11-15] (Nero AG)
R2 Rupsmon; C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe [151552 2007-08-06] (Mega System Technologies, Inc.) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programmi\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 USBMate; C:\Programmi\Megatec\UPSilon 2000\USBMate.exe [106496 2007-02-01] (Mega Corp.) [File not signed]
S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2006-11-02] (Microsoft Corporation)
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-18] (Advanced Micro Devices)
R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [36864 2007-08-29] (Atheros Communications, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206312 2016-04-13] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2016-04-13] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [127496 2016-04-13] (ESET)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
U2 CertPropSvc; no ImagePath
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U4 WinDefend; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 13:38 - 2016-05-02 13:38 - 01728000 _____ (Farbar) C:\Documents and Settings\Utente\Desktop\FRST.exe
2016-05-02 13:38 - 2016-05-02 13:38 - 00018119 _____ C:\Documents and Settings\Utente\Desktop\FRST.txt
2016-05-02 13:38 - 2016-05-02 13:38 - 00000000 ____D C:\FRST
2016-05-02 11:42 - 2016-05-02 11:42 - 00108656 _____ C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2016-05-02 11:19 - 2016-05-02 11:19 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\TeamViewer
2016-05-02 11:18 - 2016-05-02 11:18 - 05044584 _____ (TeamViewer) C:\Documents and Settings\Utente\Desktop\TeamViewerQS_it-idcbft9wzh.exe
2016-05-02 10:51 - 2016-05-02 10:51 - 00014045 _____ C:\Documents and Settings\Utente\Desktop\rubrica.csv
2016-05-02 10:30 - 2016-05-02 10:30 - 00001781 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Chrome.lnk
2016-05-02 10:30 - 2016-05-02 10:30 - 00001775 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-05-02 10:27 - 2016-05-02 10:27 - 00987728 _____ (Google Inc.) C:\Documents and Settings\Utente\Desktop\ChromeSetup.exe
2016-05-02 10:19 - 2016-05-02 10:19 - 00150410 _____ C:\Documents and Settings\Utente\Desktop\bookmarks_02_05_16.html
2016-05-02 10:10 - 2016-05-02 10:12 - 00000314 _____ C:\Documents and Settings\Utente\Desktop\dati.txt
2016-05-02 09:57 - 2016-05-02 09:59 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-02 09:57 - 2016-05-02 09:57 - 00000749 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Programmi\Malwarebytes Anti-Malware
2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware
2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2016-05-02 09:57 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-02 09:57 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-02 09:56 - 2016-05-02 09:56 - 22851472 _____ (Malwarebytes ) C:\Documents and Settings\Utente\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-02 09:48 - 2016-05-02 09:48 - 03615296 _____ C:\Documents and Settings\Utente\Desktop\adwcleaner_5.115.exe
2016-04-28 11:58 - 2016-04-28 11:58 - 01634584 _____ C:\Documents and Settings\Utente\Desktop\Trimestre 2016.pdf
2016-04-27 17:29 - 2016-04-27 17:29 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\ESET
2016-04-16 11:32 - 2016-04-16 11:32 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\LEONARDO
2016-04-13 13:31 - 2016-04-13 13:31 - 00206312 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00146024 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00127496 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwtdir.sys
2016-04-12 19:25 - 2016-04-12 19:25 - 00002607 _____ C:\Documents and Settings\Utente\Desktop\ritirocertificato.zip
2016-04-12 17:32 - 2016-04-14 17:31 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\DISCIPLINARE
2016-04-07 09:56 - 2016-04-07 09:56 - 00252349 _____ C:\Documents and Settings\Utente\Desktop\tuttocitta.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 13:38 - 2008-10-25 00:50 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Temp
2016-05-02 13:00 - 2011-12-19 18:30 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-02 11:42 - 2008-11-14 20:28 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2016-05-02 11:42 - 2008-10-25 01:21 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-05-02 11:42 - 2008-10-25 00:50 - 00000000 ___HD C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni
2016-05-02 11:42 - 2008-10-25 00:50 - 00000000 ____D C:\Documents and Settings\Utente
2016-05-02 11:41 - 2011-12-19 18:30 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-02 11:41 - 2008-10-25 00:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-02 11:40 - 2008-10-25 00:50 - 00032616 ____N C:\WINDOWS\SchedLgU.Txt
2016-05-02 11:40 - 2008-10-25 00:50 - 00000306 ___SH C:\Documents and Settings\Utente\ntuser.ini
2016-05-02 10:30 - 2008-10-28 18:59 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google
2016-05-02 10:30 - 2008-10-25 02:30 - 00000000 ___RD C:\Programmi
2016-05-02 10:30 - 2008-10-25 02:29 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi
2016-05-02 10:29 - 2008-10-28 18:59 - 00000000 ____D C:\Programmi\Google
2016-05-02 10:29 - 2008-10-27 12:00 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Mozilla
2016-05-02 10:16 - 2015-12-01 19:43 - 00000194 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-05-02 10:15 - 2015-12-01 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\Impostazioni locali\Temp
2016-05-02 10:14 - 2015-03-20 19:01 - 00000000 ____D C:\Programmi\Avira
2016-05-02 10:14 - 2015-03-20 19:01 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Avira
2016-05-02 10:14 - 2008-10-25 02:20 - 00000000 ____D C:\WINDOWS\PeerNet
2016-05-02 10:13 - 2013-10-15 19:34 - 00754504 _____ C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2016-05-02 10:13 - 2008-10-25 00:50 - 00000000 ___HD C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni
2016-05-02 09:57 - 2008-10-25 02:27 - 00000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni
2016-05-02 09:55 - 2008-10-25 02:30 - 01073550 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-02 09:55 - 2007-10-29 14:00 - 00479236 _____ C:\WINDOWS\system32\perfh010.dat
2016-05-02 09:55 - 2007-10-29 14:00 - 00079720 _____ C:\WINDOWS\system32\perfc010.dat
2016-05-02 09:50 - 2013-10-25 18:15 - 00000000 ____D C:\AdwCleaner
2016-05-02 09:47 - 2015-12-01 19:43 - 00000000 __RHD C:\Documents and Settings\Administrator\Dati applicazioni
2016-05-02 09:47 - 2015-03-20 19:28 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Avira
2016-05-02 09:47 - 2015-03-20 19:23 - 00000000 ____D C:\Documents and Settings\LocalService\Dati applicazioni\Avira
2016-05-02 09:41 - 2015-12-01 19:43 - 00000000 ____D C:\Documents and Settings\Administrator
2016-05-01 19:32 - 2007-10-29 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2016-04-30 11:30 - 2009-07-16 10:28 - 00001667 _____ C:\WINDOWS\1way.ini
2016-04-29 09:47 - 2010-11-10 12:08 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\PUC ALASSIO e ONERI
2016-04-28 11:41 - 2015-03-20 19:30 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2016-04-28 11:37 - 2008-10-25 00:44 - 00000000 ____D C:\WINDOWS\Registration
2016-04-28 11:27 - 2008-10-25 18:45 - 00002442 _____ C:\Documents and Settings\Utente\Desktop\Word .lnk
2016-04-28 08:16 - 2015-12-01 17:53 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\NoAdware
2016-04-27 18:39 - 2015-03-24 18:53 - 00000000 ____D C:\Programmi\NoAdware5.0
2016-04-27 17:31 - 2008-10-25 02:20 - 00000000 ___HD C:\WINDOWS\inf
2016-04-22 10:21 - 2015-04-30 09:01 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\SICUREZZA
2016-04-21 09:31 - 2008-10-29 17:34 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2016-04-19 18:00 - 2012-09-13 18:44 - 00000920 _____ C:\Documents and Settings\Utente\Dati applicazioni\wklnhst.dat
2016-04-19 18:00 - 2008-10-25 00:50 - 00000000 __RHD C:\Documents and Settings\Utente\Dati applicazioni
2016-04-15 17:36 - 2014-11-19 10:06 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\CLIENTI
2016-04-15 08:48 - 2013-10-29 12:54 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Package Cache
2016-04-08 11:47 - 2014-09-24 16:04 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\LEGGI DETRAZIONE TARIFFARIO
2016-04-05 15:52 - 2014-09-11 12:24 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\PTCP
2016-04-05 08:31 - 2011-04-27 18:57 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\FAUSTO

==================== Files in the root of some directories =======

2009-11-17 19:07 - 2009-11-17 19:07 - 0021935 _____ () C:\Programmi\FirmaVerifica2.1_InstallLog.log
2014-11-28 12:28 - 2014-11-28 12:31 - 155536928 _____ () C:\Programmi\OOo_3.3.0_Win_x86_install-wJRE_it.exe
2012-09-13 18:44 - 2016-04-19 18:00 - 0000920 _____ () C:\Documents and Settings\Utente\Dati applicazioni\wklnhst.dat
2015-12-01 17:58 - 2015-12-01 18:35 - 0002219 ____H () C:\Documents and Settings\Utente\Dati applicazioni\xpy.ini
2008-11-03 10:51 - 2014-05-29 18:12 - 0024064 _____ () C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
 

Cooperdale

New Member
Thread author
May 3, 2016
7
Ok. Firefox wouldn't let me, Chrome did.
 

Attachments

  • Addition.txt
    38.2 KB · Views: 2
  • FRST.txt
    27.6 KB · Views: 2

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.



51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 

Cooperdale

New Member
Thread author
May 3, 2016
7
Ok, here they are. Zemana didn't find anything.
 

Attachments

  • 2016.05.03-20.05.32-i0-t92-d0.txt
    892 bytes · Views: 5
  • zoek-results.log
    8.5 KB · Views: 6

Cooperdale

New Member
Thread author
May 3, 2016
7
It's not actually mine, that's why the replies are not very quick. It seems to behave fine but yesterday the problem came up only twice during daily use, so I'm not sure yet.
 

Cooperdale

New Member
Thread author
May 3, 2016
7
Yesterday everything went smoothly. I'll wait till the weekend if you don't mind before considering this solved. Anyway, thanks for all the great help.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top