Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware opens calendar and shows bubbles [Closed]


  • This topic is locked This topic is locked

#1
alex.tower

alex.tower

    New Member

  • Member
  • Pip
  • 9 posts

HI guys,

 

I'm facing this problem since a couple of months and it literally drives me crazy.

On my mother's computer from time to time everything slows down, the system calendar opens up and some bubbles show up too on the corner (see here https://www.dropbox....ubbles.png?dl=0).

I've very recently re-installed Windows 8 on her computer, applied all system updates including the 8.1 release.

Of course I tried to remove whatever this is using SpyBot Search and Destroy, Adwcleaner, Avira antivirus and Malwarebytes antimalware.

The only product which found something was Adwcleaner, that removed few registry keys and a very suspicious system service called Windows Manager Protect (mispelled as Windows Manger Protect).

 

Nothing changed, the nasty bubbles are still there showing up from time to time and making impossible to use the computer when they are there. My mother states her computer seems "under control" in the sense that someone else seems capable to move the mouse or close the current Skype conversation.

 

Does anyone have any idea about what this is and how hopefully eradicate it from a computer?

 

 

Thank you all in advance for all your help!!!!!

 

Cheers,

 

Alex


Edited by alex.tower, 01 February 2015 - 12:14 PM.

  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, alex.tower. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
First, I'd like to have a look at your system. Please, do the following:

FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop. There are two different versions:
  • Click here to download the 32-bit version.
  • Click here to download the 64-bit version.
If you don't know which version you should use, download one of them and check if it's working or not. If it doesn't, download the second one. Once you have the right one, perform the instructions below.
  • Right click FRST.exe (or FRST64.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content

  • 0

#3
alex.tower

alex.tower

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Nevan!

 

Thank you a lot for your help.

==============================================================================================================================================

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Daniela (administrator) on ARCHIMEDE on 01-02-2015 20:35:42
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available profiles: Daniela)
Platform: Windows 8.1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\Daniela\Downloads\adwcleaner_4.106.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1412495065-925347443-1446318384-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1412495065-925347443-1446318384-1001\...\MountPoints2: {6039a2ff-8c74-11e4-be7f-240a645605e0} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1412495065-925347443-1446318384-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default\Extensions\[email protected] [2015-01-07]
FF Extension: Adblock Plus - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StartMenuReviverService; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [765048 2014-09-17] (ReviverSoft)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-22] (Microsoft Corporation)
R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 20:35 - 2015-02-01 20:36 - 00014005 _____ () C:\Users\Daniela\Desktop\FRST.txt
2015-02-01 20:35 - 2015-02-01 20:35 - 00000000 ____D () C:\FRST
2015-02-01 20:34 - 2015-02-01 20:34 - 02131456 _____ (Farbar) C:\Users\Daniela\Desktop\FRST64.exe
2015-02-01 20:33 - 2015-02-01 20:32 - 01122304 _____ (Farbar) C:\Users\Daniela\Desktop\FRST.exe
2015-01-28 21:17 - 2015-01-28 21:17 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Privatefirewall
2015-01-28 21:10 - 2013-09-29 21:24 - 00133152 _____ (Privacyware/PWI, Inc.) C:\WINDOWS\system32\Drivers\pwipf6.sys
2015-01-28 21:09 - 2015-01-28 21:09 - 00000146 _____ () C:\WINDOWS\ODBC.INI
2015-01-28 21:09 - 2015-01-28 21:09 - 00000000 ____D () C:\ProgramData\Privacyware
2015-01-28 21:09 - 2015-01-28 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2015-01-28 21:09 - 2015-01-28 21:09 - 00000000 ____D () C:\Program Files (x86)\Privacyware
2015-01-28 21:07 - 2015-01-28 21:07 - 03749640 _____ (PWI, Inc. ) C:\Users\Daniela\Downloads\privatefirewall.exe
2015-01-28 20:45 - 2015-01-28 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 20:43 - 2015-01-28 20:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 17:05 - 2015-01-29 09:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-26 17:02 - 2015-01-26 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 10:55 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:55 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:55 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:55 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:55 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:55 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:55 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:55 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 10:55 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 10:55 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 10:55 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 10:55 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 10:55 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 10:55 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 10:55 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 10:55 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 10:55 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 10:55 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 10:55 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 10:55 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 10:55 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 10:55 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 10:55 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 10:55 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 10:27 - 2015-01-31 09:43 - 00000000 ____D () C:\Users\Daniela\FIABE SONORE
2015-01-07 20:21 - 2015-02-01 20:22 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-01-07 20:13 - 2015-01-07 20:13 - 00001263 _____ () C:\Users\Daniela\Desktop\Antibolle.lnk
2015-01-07 19:34 - 2015-02-01 20:33 - 00000000 ____D () C:\AdwCleaner
2015-01-07 19:34 - 2015-01-07 19:34 - 02173952 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.106.exe
2015-01-04 19:21 - 2015-01-29 09:44 - 00146944 ___SH () C:\Users\Daniela\Downloads\Thumbs.db
2015-01-04 19:08 - 2015-01-04 19:08 - 00000000 ____D () C:\ProgramData\Sun
2015-01-04 19:08 - 2015-01-04 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-04 19:08 - 2015-01-04 19:07 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-04 19:07 - 2015-01-04 19:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-04 19:07 - 2015-01-04 19:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-04 19:02 - 2015-01-04 19:02 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-04 19:02 - 2015-01-04 19:02 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-04 19:02 - 2015-01-04 19:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 18:59 - 2015-01-04 18:59 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Macromedia
2015-01-04 18:46 - 2014-12-21 20:48 - 00450709 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150104-184616.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 20:27 - 2014-12-21 17:54 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1412495065-925347443-1446318384-1001
2015-02-01 20:24 - 2014-12-21 19:03 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Skype
2015-02-01 20:23 - 2014-12-21 16:45 - 00000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2015-02-01 20:23 - 2013-07-30 20:12 - 00003260 _____ () C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
2015-02-01 20:23 - 2013-07-30 20:06 - 00003268 _____ () C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2015-02-01 20:23 - 2013-07-30 20:05 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2015-02-01 20:23 - 2013-07-30 20:05 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2015-02-01 20:23 - 2013-07-30 20:02 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-02-01 20:22 - 2014-12-21 18:42 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-01 20:21 - 2014-12-31 08:42 - 00006046 _____ () C:\WINDOWS\setupact.log
2015-02-01 20:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-01 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-01 12:08 - 2014-12-29 13:23 - 00143664 _____ () C:\WINDOWS\PFRO.log
2015-02-01 12:07 - 2014-12-29 11:37 - 01919426 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-31 09:36 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-30 19:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-30 17:25 - 2014-09-24 16:06 - 01813012 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 17:25 - 2014-09-24 15:33 - 00803564 _____ () C:\WINDOWS\system32\perfh010.dat
2015-01-30 17:25 - 2014-09-24 15:33 - 00156688 _____ () C:\WINDOWS\system32\perfc010.dat
2015-01-30 17:21 - 2014-12-21 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 21:10 - 2014-12-21 18:23 - 00366080 ___SH () C:\Users\Daniela\Desktop\Thumbs.db
2015-01-28 17:24 - 2014-12-21 18:23 - 00000000 ____D () C:\Users\Daniela\Desktop\materiale per NICOLA
2015-01-26 16:30 - 2014-12-21 18:39 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\vlc
2015-01-24 21:20 - 2014-09-24 17:37 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-24 17:37 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 18:11 - 2014-12-21 22:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-21 18:07 - 2014-12-21 22:53 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-21 18:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-11 10:30 - 2014-12-22 14:58 - 00000000 ____D () C:\Users\Daniela
2015-01-07 20:19 - 2013-04-26 00:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-07 19:55 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-07 19:53 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-07 19:42 - 2013-04-26 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 19:02 - 2013-04-26 00:15 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-04 18:59 - 2014-12-21 18:31 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Adobe
2015-01-04 18:26 - 2014-12-21 20:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-03 18:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2014-12-25 21:57 - 2014-12-25 21:57 - 0000046 _____ () C:\Users\Daniela\AppData\Roaming\Camdata.ini
2014-12-25 21:57 - 2014-12-25 21:57 - 0000408 _____ () C:\Users\Daniela\AppData\Roaming\CamLayout.ini
2014-12-25 21:57 - 2014-12-25 21:57 - 0000408 _____ () C:\Users\Daniela\AppData\Roaming\CamShapes.ini
2014-12-25 21:57 - 2014-12-25 21:57 - 0004535 _____ () C:\Users\Daniela\AppData\Roaming\CamStudio.cfg
2014-12-25 23:11 - 2014-12-25 23:11 - 0093696 _____ () C:\Users\Daniela\AppData\Roaming\ezpinst.exe
2014-12-25 23:11 - 2014-12-25 23:11 - 0007176 _____ () C:\Users\Daniela\AppData\Roaming\pcouffin.cat
2014-12-25 23:11 - 2014-12-25 23:11 - 0001167 _____ () C:\Users\Daniela\AppData\Roaming\pcouffin.inf
2014-12-25 23:11 - 2014-12-25 23:11 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\pcouffin.log
2014-12-25 23:11 - 2014-12-25 23:11 - 0082048 _____ (VSO Software) C:\Users\Daniela\AppData\Roaming\pcouffin.sys
2014-12-21 16:45 - 2015-02-01 20:23 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2014-12-25 21:55 - 2014-12-25 21:55 - 0000096 _____ () C:\Users\Daniela\AppData\Roaming\version2.xml
2014-12-25 22:39 - 2014-12-25 22:39 - 0004608 _____ () C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 09:40 - 2014-12-23 09:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-26 00:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 00:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 00:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-12-22 09:45 - 2012-10-24 20:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2758021.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\StartMenuReviver.exe
C:\ProgramData\uninstall2758021.exe


Some content of TEMP:
====================
C:\Users\Daniela\AppData\Local\Temp\avgnt.exe
C:\Users\Daniela\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniela\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 17:49

==================== End Of Log ============================

 

Addtion.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Daniela at 2015-02-01 20:37:38
Running from C:\Users\Daniela\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD 4.1.0.23 (HKLM-x32\...\MainApp.exe_is1) (Version:  - Copyright © 2003-2007 DVD X Studios.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
HP Deskjet 3070 B611 series Software di base dispositivo (HKLM\...\{70199358-0768-44F6-A057-581072C2549F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 it)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 it)) (Version: 31.4.0 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7138 - MyHeritage.com)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu Reviver (HKLM-x32\...\Start Menu Reviver) (Version: 2.5.0.18 - ReviverSoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-01-2015 18:53:37 McAfee Vulnerability Scanner
18-01-2015 10:22:57 Windows Update
21-01-2015 18:05:37 Windows Update
25-01-2015 11:13:28 Windows Update
28-01-2015 21:08:25 Installed Privatefirewall 7.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-01-04 18:46 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F21537F-5979-4BE0-A457-6D06912CC701} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2ACB7FFB-901E-4227-B1C6-EC838D70373D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-21] (Microsoft Corporation)
Task: {342E264C-6F8B-487A-82E4-9C375EFF71AB} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {4803A3A1-3C3C-4865-9597-B75B57D99871} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe [2014-09-17] (ReviverSoft)
Task: {4D4492B1-0F9A-4588-9AE3-D4F5E1BB2E95} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {56518EFA-467E-4382-887A-6856A26C9A92} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {5C2F3712-FB05-4969-B057-2C65CFB38EF0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-22] ()
Task: {74E70EB6-9A5B-4483-B1FC-5791FC8ABF20} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {ADAA6A77-6991-419F-8C0E-EED8B7F8EF68} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {CFB6306C-A10C-4BA1-92C4-80C429E81FD7} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-03-27 11:36 - 2013-03-27 11:36 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-03-27 11:33 - 2013-03-27 11:33 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-03-27 11:39 - 2013-03-27 11:39 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-06-27 02:57 - 2012-12-13 23:14 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-01-07 19:34 - 2015-01-07 19:34 - 02173952 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.106.exe
2014-12-21 20:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-21 20:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-21 20:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-21 20:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-21 20:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-07-30 19:44 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-01-26 17:02 - 2015-01-26 17:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\...\StartupApproved\Run32: => "CloneCDTray"
HKLM\...\StartupApproved\Run32: => "BCSSync"

========================= Accounts: ==========================

Administrator (S-1-5-21-1412495065-925347443-1446318384-500 - Administrator - Disabled)
Daniela (S-1-5-21-1412495065-925347443-1446318384-1001 - Administrator - Enabled) => C:\Users\Daniela
Guest (S-1-5-21-1412495065-925347443-1446318384-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1412495065-925347443-1446318384-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 08:26:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Skype.exe versione 7.0.80.102 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 101c

Ora di avvio: 01d03e5464d63cdc

Ora di chiusura: 4294967295

Percorso applicazione: C:\Program Files (x86)\Skype\Phone\Skype.exe

ID segnalazione: 318d9689-aa48-11e4-bec7-240a645605e0

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (02/01/2015 00:03:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma adwcleaner_4.106.exe versione 4.1.0.6 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1370

Ora di avvio: 01d03e0d508853db

Ora di chiusura: 14985

Percorso applicazione: C:\Users\Daniela\Downloads\adwcleaner_4.106.exe

ID segnalazione: d68bc2e3-aa01-11e4-bec4-240a645605e0

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (02/01/2015 11:51:45 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/01/2015 11:44:33 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:22:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:17:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/26/2015 05:18:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Errore nel file manifesto o dei criteri "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2", alla riga C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/26/2015 05:15:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Errore nel file manifesto o dei criteri "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2", alla riga C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (02/01/2015 00:07:44 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/01/2015 00:07:43 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/01/2015 00:07:43 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/01/2015 00:07:43 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/28/2015 09:11:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio AntiVirSchedulerService.

Error: (01/28/2015 09:10:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio ZAtheros Bt and Wlan Coex Agent.

Error: (01/28/2015 09:10:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio ShellHWDetection.

Error: (01/28/2015 05:50:04 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/28/2015 05:49:34 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/26/2015 06:02:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Ottimizzazione avvio terminato con l'errore:
%%1062


Microsoft Office Sessions:
=========================
Error: (02/01/2015 08:26:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.0.80.102101c01d03e5464d63cdc4294967295C:\Program Files (x86)\Skype\Phone\Skype.exe318d9689-aa48-11e4-bec7-240a645605e0

Error: (02/01/2015 00:03:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: adwcleaner_4.106.exe4.1.0.6137001d03e0d508853db14985C:\Users\Daniela\Downloads\adwcleaner_4.106.exed68bc2e3-aa01-11e4-bec4-240a645605e0

Error: (02/01/2015 11:51:45 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/01/2015 11:44:33 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:22:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:17:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/26/2015 05:18:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\ReviverSoft\Start Menu Reviver\SMRWelcome.exe

Error: (01/26/2015 05:15:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files\CCleaner\CCleaner.exe


==================== Memory info ===========================

Processor: Intel® Core™ i3-2365M CPU @ 1.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3979.75 MB
Available physical RAM: 2216.63 MB
Total Pagefile: 4683.75 MB
Available Pagefile: 2847.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:151.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:215.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 32FAA5A0)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, alex.tower.

Please, provide the following scan report as well.

CKScanner
  • Download CKScanner and save it to your Desktop.
  • Right click CKScanner.exe and select Run as administrator.
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt on your desktop and copy/paste the content in your next reply.

  • 0

#5
alex.tower

alex.tower

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\windows\autokms\autokms.exe
scanner sequence 3.LB.11.MUNAHZ
 ----- EOF -----

 


Edited by alex.tower, 01 February 2015 - 02:00 PM.

  • 0

#6
alex.tower

alex.tower

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\windows\autokms\autokms.exe
scanner sequence 3.LB.11.MUNAHZ
 ----- EOF -----
 


  • 0

#7
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, alex.tower.

There are two things that I'd like to discuss for now.

First of, there are signs that your Microsoft Office Professional Plus 2010 has been obtained illegally. It violates our Terms of Use, which states:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

Because of that, I have to ask you to remove that software. Otherwise, I won't be able to help you.

 
Another thing is that your current Antivirus is Spybot - Search & Destroy. It is not recommended because of it's poor testing results. I'd recommend you to uninstall it and get back to using the built-in Windows Defender.
If you wish to leave it as it is, then tell me and I will provide the appropiate instructions.

 
Things that should appear in your next post:
  • Please tell me if you have uninstalled Microsoft Office Professional Plus 2010
  • Please tell me if you have uninstalled Spybot - Search&Destroy

  • 0

#8
alex.tower

alex.tower

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

HI Nevan,

 

I understand and apologize.

I have uninstalled Microsoft Office and Spybot and run the FRST and CKSCANNER tools again.

 

Kind regards,

Alex

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-02-2015
Ran by Daniela (administrator) on ARCHIMEDE on 02-02-2015 19:25:42
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available profiles: Daniela)
Platform: Windows 8.1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\Daniela\Downloads\adwcleaner_4.106.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1412495065-925347443-1446318384-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1412495065-925347443-1446318384-1001\...\MountPoints2: {6039a2ff-8c74-11e4-be7f-240a645605e0} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1412495065-925347443-1446318384-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default\Extensions\[email protected] [2015-01-07]
FF Extension: Adblock Plus - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 StartMenuReviverService; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [765048 2014-09-17] (ReviverSoft)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-22] (Microsoft Corporation)
R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)


2015-02-02 19:25 - 2015-02-02 19:25 - 00014005 _____ () C:\Users\Daniela\Desktop\FRST.txt
2015-02-01 20:35 - 2015-02-01 20:36 - 00014005 _____ () C:\Users\Daniela\Desktop\FRST.txt
2015-02-01 20:35 - 2015-02-01 20:35 - 00000000 ____D () C:\FRST
2015-02-01 20:34 - 2015-02-01 20:34 - 02131456 _____ (Farbar) C:\Users\Daniela\Desktop\FRST64.exe
2015-02-01 20:33 - 2015-02-01 20:32 - 01122304 _____ (Farbar) C:\Users\Daniela\Desktop\FRST.exe
2015-01-28 21:17 - 2015-01-28 21:17 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Privatefirewall
2015-01-28 21:10 - 2013-09-29 21:24 - 00133152 _____ (Privacyware/PWI, Inc.) C:\WINDOWS\system32\Drivers\pwipf6.sys
2015-01-28 21:09 - 2015-01-28 21:09 - 00000146 _____ () C:\WINDOWS\ODBC.INI
2015-01-28 21:09 - 2015-01-28 21:09 - 00000000 ____D () C:\ProgramData\Privacyware
2015-01-28 21:09 - 2015-01-28 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2015-01-28 21:09 - 2015-01-28 21:09 - 00000000 ____D () C:\Program Files (x86)\Privacyware
2015-01-28 21:07 - 2015-01-28 21:07 - 03749640 _____ (PWI, Inc. ) C:\Users\Daniela\Downloads\privatefirewall.exe
2015-01-28 20:45 - 2015-01-28 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 20:43 - 2015-01-28 20:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 17:05 - 2015-01-29 09:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-26 17:02 - 2015-01-26 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 10:55 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:55 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:55 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:55 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:55 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:55 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:55 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:55 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:55 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 10:55 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 10:55 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 10:55 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 10:55 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 10:55 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 10:55 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 10:55 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 10:55 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 10:55 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 10:55 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 10:55 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 10:55 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 10:55 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 10:55 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 10:55 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 10:55 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 10:27 - 2015-01-31 09:43 - 00000000 ____D () C:\Users\Daniela\FIABE SONORE
2015-01-07 20:21 - 2015-02-01 20:22 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-01-07 20:13 - 2015-01-07 20:13 - 00001263 _____ () C:\Users\Daniela\Desktop\Antibolle.lnk
2015-01-07 19:34 - 2015-02-01 20:33 - 00000000 ____D () C:\AdwCleaner
2015-01-07 19:34 - 2015-01-07 19:34 - 02173952 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.106.exe
2015-01-04 19:21 - 2015-01-29 09:44 - 00146944 ___SH () C:\Users\Daniela\Downloads\Thumbs.db
2015-01-04 19:08 - 2015-01-04 19:08 - 00000000 ____D () C:\ProgramData\Sun
2015-01-04 19:08 - 2015-01-04 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-04 19:08 - 2015-01-04 19:07 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-04 19:07 - 2015-01-04 19:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-04 19:07 - 2015-01-04 19:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-04 19:02 - 2015-01-04 19:02 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-04 19:02 - 2015-01-04 19:02 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-04 19:02 - 2015-01-04 19:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 18:59 - 2015-01-04 18:59 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Macromedia
2015-01-04 18:46 - 2014-12-21 20:48 - 00450709 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150104-184616.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 20:27 - 2014-12-21 17:54 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1412495065-925347443-1446318384-1001
2015-02-01 20:24 - 2014-12-21 19:03 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Skype
2015-02-01 20:23 - 2014-12-21 16:45 - 00000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2015-02-01 20:23 - 2013-07-30 20:12 - 00003260 _____ () C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
2015-02-01 20:23 - 2013-07-30 20:06 - 00003268 _____ () C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2015-02-01 20:23 - 2013-07-30 20:05 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2015-02-01 20:23 - 2013-07-30 20:05 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2015-02-01 20:23 - 2013-07-30 20:02 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-02-01 20:22 - 2014-12-21 18:42 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-01 20:21 - 2014-12-31 08:42 - 00006046 _____ () C:\WINDOWS\setupact.log
2015-02-01 20:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-01 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-01 12:08 - 2014-12-29 13:23 - 00143664 _____ () C:\WINDOWS\PFRO.log
2015-02-01 12:07 - 2014-12-29 11:37 - 01919426 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-31 09:36 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-30 19:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-30 17:25 - 2014-09-24 16:06 - 01813012 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 17:25 - 2014-09-24 15:33 - 00803564 _____ () C:\WINDOWS\system32\perfh010.dat
2015-01-30 17:25 - 2014-09-24 15:33 - 00156688 _____ () C:\WINDOWS\system32\perfc010.dat
2015-01-30 17:21 - 2014-12-21 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 21:10 - 2014-12-21 18:23 - 00366080 ___SH () C:\Users\Daniela\Desktop\Thumbs.db
2015-01-28 17:24 - 2014-12-21 18:23 - 00000000 ____D () C:\Users\Daniela\Desktop\materiale per NICOLA
2015-01-26 16:30 - 2014-12-21 18:39 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\vlc
2015-01-24 21:20 - 2014-09-24 17:37 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-24 17:37 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 18:11 - 2014-12-21 22:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-21 18:07 - 2014-12-21 22:53 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-21 18:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-11 10:30 - 2014-12-22 14:58 - 00000000 ____D () C:\Users\Daniela
2015-01-07 20:19 - 2013-04-26 00:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-07 19:55 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-07 19:53 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-07 19:42 - 2013-04-26 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 19:02 - 2013-04-26 00:15 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-04 18:59 - 2014-12-21 18:31 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Adobe
2015-01-04 18:26 - 2014-12-21 20:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-03 18:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2014-12-25 23:11 - 2014-12-25 23:11 - 0007176 _____ () C:\Users\Daniela\AppData\Roaming\pcouffin.cat
2014-12-25 23:11 - 2014-12-25 23:11 - 0001167 _____ () C:\Users\Daniela\AppData\Roaming\pcouffin.inf
2014-12-25 23:11 - 2014-12-25 23:11 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\pcouffin.log
2014-12-25 23:11 - 2014-12-25 23:11 - 0082048 _____ (VSO Software) C:\Users\Daniela\AppData\Roaming\pcouffin.sys
2014-12-21 16:45 - 2015-02-01 20:23 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2014-12-25 21:55 - 2014-12-25 21:55 - 0000096 _____ () C:\Users\Daniela\AppData\Roaming\version2.xml
2014-12-25 22:39 - 2014-12-25 22:39 - 0004608 _____ () C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 09:40 - 2014-12-23 09:40 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\ProgramData\uninstall2758021.exe


Some content of TEMP:
====================
C:\Users\Daniela\AppData\Local\Temp\avgnt.exe
C:\Users\Daniela\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniela\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 17:49

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-02-2015
Ran by Daniela at 2015-02-02 19:26:59
Running from C:\Users\Daniela\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD 4.1.0.23 (HKLM-x32\...\MainApp.exe_is1) (Version:  - Copyright © 2003-2007 DVD X Studios.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
HP Deskjet 3070 B611 series Software di base dispositivo (HKLM\...\{70199358-0768-44F6-A057-581072C2549F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 it)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 it)) (Version: 31.4.0 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7138 - MyHeritage.com)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Start Menu Reviver (HKLM-x32\...\Start Menu Reviver) (Version: 2.5.0.18 - ReviverSoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-01-2015 18:05:37 Windows Update
25-01-2015 11:13:28 Windows Update
28-01-2015 21:08:25 Installed Privatefirewall 7.0
02-02-2015 19:08:42 Uninstalled Microsoft Office Professional Plus 2010
02-02-2015 19:12:19 Uninstalled Spybot - Search & Destroy

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-01-04 18:46 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F21537F-5979-4BE0-A457-6D06912CC701} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2ACB7FFB-901E-4227-B1C6-EC838D70373D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-21] (Microsoft Corporation)
Task: {342E264C-6F8B-487A-82E4-9C375EFF71AB} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {4803A3A1-3C3C-4865-9597-B75B57D99871} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe [2014-09-17] (ReviverSoft)
Task: {56518EFA-467E-4382-887A-6856A26C9A92} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {74E70EB6-9A5B-4483-B1FC-5791FC8ABF20} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {ADAA6A77-6991-419F-8C0E-EED8B7F8EF68} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {CFB6306C-A10C-4BA1-92C4-80C429E81FD7} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)

==================== Loaded Modules (whitelisted) =============

2013-03-27 11:36 - 2013-03-27 11:36 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-03-27 11:33 - 2013-03-27 11:33 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-03-27 11:39 - 2013-03-27 11:39 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-06-27 02:57 - 2012-12-13 23:14 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-01-07 19:34 - 2015-01-07 19:34 - 02173952 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.106.exe
2013-07-30 19:44 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-01-26 17:02 - 2015-01-26 17:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\...\StartupApproved\Run32: => "CloneCDTray"
HKLM\...\StartupApproved\Run32: => "BCSSync"

========================= Accounts: ==========================

Administrator (S-1-5-21-1412495065-925347443-1446318384-500 - Administrator - Disabled)
Daniela (S-1-5-21-1412495065-925347443-1446318384-1001 - Administrator - Enabled) => C:\Users\Daniela
Guest (S-1-5-21-1412495065-925347443-1446318384-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1412495065-925347443-1446318384-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 08:26:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma Skype.exe versione 7.0.80.102 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 101c

Ora di avvio: 01d03e5464d63cdc

Ora di chiusura: 4294967295

Percorso applicazione: C:\Program Files (x86)\Skype\Phone\Skype.exe

ID segnalazione: 318d9689-aa48-11e4-bec7-240a645605e0

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (02/01/2015 00:03:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma adwcleaner_4.106.exe versione 4.1.0.6 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: 1370

Ora di avvio: 01d03e0d508853db

Ora di chiusura: 14985

Percorso applicazione: C:\Users\Daniela\Downloads\adwcleaner_4.106.exe

ID segnalazione: d68bc2e3-aa01-11e4-bec4-240a645605e0

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (02/01/2015 11:51:45 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/01/2015 11:44:33 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:22:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:17:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/26/2015 05:18:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Errore nel file manifesto o dei criteri "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2", alla riga C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/26/2015 05:15:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Errore nel file manifesto o dei criteri "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2", alla riga C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (02/01/2015 00:07:44 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/01/2015 00:07:43 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/01/2015 00:07:43 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/01/2015 00:07:43 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/28/2015 09:11:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio AntiVirSchedulerService.

Error: (01/28/2015 09:10:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio ZAtheros Bt and Wlan Coex Agent.

Error: (01/28/2015 09:10:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio ShellHWDetection.

Error: (01/28/2015 05:50:04 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/28/2015 05:49:34 PM) (Source: DCOM) (EventID: 10010) (User: Archimede)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/26/2015 06:02:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Ottimizzazione avvio terminato con l'errore:
%%1062


Microsoft Office Sessions:
=========================
Error: (02/01/2015 08:26:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.0.80.102101c01d03e5464d63cdc4294967295C:\Program Files (x86)\Skype\Phone\Skype.exe318d9689-aa48-11e4-bec7-240a645605e0

Error: (02/01/2015 00:03:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: adwcleaner_4.106.exe4.1.0.6137001d03e0d508853db14985C:\Users\Daniela\Downloads\adwcleaner_4.106.exed68bc2e3-aa01-11e4-bec4-240a645605e0

Error: (02/01/2015 11:51:45 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/01/2015 11:44:33 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/30/2015 05:23:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:22:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/28/2015 09:17:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/26/2015 05:18:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\ReviverSoft\Start Menu Reviver\SMRWelcome.exe

Error: (01/26/2015 05:15:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files\CCleaner\CCleaner.exe


==================== Memory info ===========================

Processor: Intel® Core™ i3-2365M CPU @ 1.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3979.75 MB
Available physical RAM: 2216.63 MB
Total Pagefile: 4683.75 MB
Available Pagefile: 2847.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:153.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:215.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 32FAA5A0)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
scanner sequence 3.LB.11.MUNAHZ
 ----- EOF -----


Edited by alex.tower, 02 February 2015 - 12:45 PM.

  • 0

#9
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, alex.tower.

Please, tell me if the problem with calendar and the bubbles disappears after performing the following instructions.

Step #1
Uninstall programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove Start Menu Reviver.

 
Step #2
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   2.79KB   78 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if the problem with calendar and the bubbles has disappeared

  • 0

#10
alex.tower

alex.tower

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Nevan!

 

Thank you for your help.

I completed step 1 and step 2.

 

Since the bubbles are coming from time to time, I cannot tell you right now if the problem has been solved. I'll come back to you in a couple of days.

 

 

Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Daniela at 2015-02-05 19:22:11 Run:2
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available profiles: Daniela)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files\ReviverSoft
HKU\S-1-5-21-1412495065-925347443-1446318384-1001\...\MountPoints2: {6039a2ff-8c74-11e4-be7f-240a645605e0} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Avira Browser Safety - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default\Extensions\[email protected] [2015-01-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R2 StartMenuReviverService; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [765048 2014-09-17] (ReviverSoft)
2015-01-07 20:21 - 2015-02-01 20:22 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
C:\Windows\AutoKMS\AutoKMS.exe
Task: {5C2F3712-FB05-4969-B057-2C65CFB38EF0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-22] ()
C:\ProgramData\Spybot - Search & Destroy
C:\ProgramData\uninstall2758021.exe
Task: {4803A3A1-3C3C-4865-9597-B75B57D99871} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe [2014-09-17] (ReviverSoft)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
2015-01-07 20:19 - 2013-04-26 00:18 - 00000000 ____D () C:\ProgramData\McAfee
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
C:\ProgramData\uninstall2758021.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Hosts:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Program Files\ReviverSoft" => File/Directory not found.
"HKU\S-1-5-21-1412495065-925347443-1446318384-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6039a2ff-8c74-11e4-be7f-240a645605e0}" => Key deleted successfully.
HKCR\CLSID\{6039a2ff-8c74-11e4-be7f-240a645605e0} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qyat9uma.default\Extensions\[email protected] => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
StartMenuReviverService => Service not found.
C:\WINDOWS\System32\Tasks\AutoKMS => Moved successfully.
C:\Windows\AutoKMS\AutoKMS.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C2F3712-FB05-4969-B057-2C65CFB38EF0} => Key not found.
C:\Windows\System32\Tasks\AutoKMS not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
"C:\ProgramData\uninstall2758021.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4803A3A1-3C3C-4865-9597-B75B57D99871} => Key not found.
C:\Windows\System32\Tasks\ReviverSoft Start Menu Run once task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReviverSoft Start Menu Run once task => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
C:\ProgramData\McAfee => Moved successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
"C:\ProgramData\uninstall2758021.exe" => File/Directory not found.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

Errore: Impossibile trovare la chiave del Registro di sistema o il valore specificato.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

Operazione completata.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Operazione completata.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Operazione completata.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {42846BBA-9FC8-4307-A302-5B9A6CF70637}.
{4EAC15AD-1F35-47C0-871F-DD5721208D81} canceled.
{4C24D428-3A3F-4768-A15B-B1861EE0DC4F} canceled.
{626149DA-87DA-46D2-B91F-C8CAF15A0B86} canceled.
{B4F0E928-EF89-453B-874A-0B783DC50619} canceled.
{C3AD7597-E269-475D-B69D-3625E2557200} canceled.
5 out of 6 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 81.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:23:23 ====

 

Kind regards,

Alex


Edited by alex.tower, 05 February 2015 - 12:40 PM.

  • 0

Advertisements


#11
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, alex.tower.

There's no need to wait, we can move forward. Just tell me if the problem reappears. Please, perform the following instructions:


Step #1
Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click p2tBmrU.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S0].txt log content

  • 0

#12
alex.tower

alex.tower

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Nevan!
 

No traces of the bubbles today, good news!

Here below anyway, the log you demanded.

 

Kind regards,

Alex

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Daniela on 06/02/2015 at 18.34.41,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVER_SETUP_QCT.EXE-7B6B4310.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/02/2015 at 18.37.48,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 18:42:40
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Daniela - ARCHIMEDE
# Running from : C:\Users\Daniela\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 it)


*************************

AdwCleaner[R0].txt - [2439 bytes] - [07/01/2015 19:34:39]
AdwCleaner[R10].txt - [1769 bytes] - [01/02/2015 20:31:20]
AdwCleaner[R11].txt - [1830 bytes] - [02/02/2015 18:38:23]
AdwCleaner[R12].txt - [1951 bytes] - [02/02/2015 18:57:01]
AdwCleaner[R13].txt - [2072 bytes] - [03/02/2015 21:13:46]
AdwCleaner[R14].txt - [2193 bytes] - [05/02/2015 14:04:13]
AdwCleaner[R15].txt - [2275 bytes] - [06/02/2015 18:39:38]
AdwCleaner[R1].txt - [868 bytes] - [07/01/2015 19:47:23]
AdwCleaner[R2].txt - [927 bytes] - [07/01/2015 20:22:58]
AdwCleaner[R3].txt - [1132 bytes] - [12/01/2015 14:16:42]
AdwCleaner[R4].txt - [1105 bytes] - [21/01/2015 17:54:51]
AdwCleaner[R5].txt - [1227 bytes] - [28/01/2015 14:25:43]
AdwCleaner[R6].txt - [1347 bytes] - [28/01/2015 14:35:13]
AdwCleaner[R7].txt - [1468 bytes] - [28/01/2015 16:46:02]
AdwCleaner[R8].txt - [1589 bytes] - [01/02/2015 11:54:28]
AdwCleaner[R9].txt - [1649 bytes] - [01/02/2015 12:03:13]
AdwCleaner[S0].txt - [2096 bytes] - [07/01/2015 19:42:46]
AdwCleaner[S10].txt - [2253 bytes] - [05/02/2015 14:07:59]
AdwCleaner[S11].txt - [1671 bytes] - [06/02/2015 18:42:40]
AdwCleaner[S1].txt - [1193 bytes] - [12/01/2015 14:22:21]
AdwCleaner[S2].txt - [1164 bytes] - [21/01/2015 18:08:54]
AdwCleaner[S3].txt - [1286 bytes] - [28/01/2015 14:31:13]
AdwCleaner[S4].txt - [1406 bytes] - [28/01/2015 14:37:22]
AdwCleaner[S5].txt - [1526 bytes] - [28/01/2015 16:49:31]
AdwCleaner[S6].txt - [1707 bytes] - [01/02/2015 12:07:12]
AdwCleaner[S7].txt - [1888 bytes] - [02/02/2015 18:48:28]
AdwCleaner[S8].txt - [2009 bytes] - [02/02/2015 19:01:35]
AdwCleaner[S9].txt - [2130 bytes] - [03/02/2015 21:20:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2262  bytes] ##########


 


  • 0

#13
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, alex.tower.

I'm glad to hear that everything's been fine so far.

Let's move on with the checks.

Step #1
Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click the 4uwHOgV.png button. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
  • Click the HVS7vK4.png button.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • Checkup.txt log content

  • 0

#14
alex.tower

alex.tower

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Nevan.

 

Malicious bubbles still seem to be disappeared. Only once the system calendar opened by itself but without continuously taking control of the mouse cursor as before. It just opened once all alone, that's it.

 

Here below the logs you requested.

 

1) Malwarebytes anti-malware.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/02/2015
Scan Time: 11.11.12
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.08.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Daniela

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340840
Time Elapsed: 25 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

 

2) ESET Online Scanner

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v2.02.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir    a variant of Win32/ELEX.BH potentially unwanted application
D:\Documenti\classeterza\2013-2014\INFORMATICA\PIVOT\setup.exe    Win32/OpenCandy potentially unsafe application
 

 

3)   Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
 Mozilla Thunderbird (31.4.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Privatefirewall 6.1 pfsvc.exe  
 Privacyware Privatefirewall 7.0 PFGUI.exe  
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


Edited by alex.tower, 08 February 2015 - 06:39 AM.

  • 0

#15
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, alex.tower.

I apologise for the delay.

Let's do a final check and update Java.

Your Java version is too old. Keeping Java updated is very important as well.
  • WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
    Read this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Large icons view on the upper right of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
 
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Please tell me if you have succesfully updated Java

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP