Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My AV is not working [Closed]


  • This topic is locked This topic is locked

#1
cloud992

cloud992

    New Member

  • Member
  • Pip
  • 3 posts

Hi,  i read other thread and scanned with FRST.

My logs are attached. Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Claudio (administrator) on ALIENC on 01-07-2015 17:54:51
Running from C:\Users\Claudio\Downloads
Loaded Profiles: Claudio (Available Profiles: Claudio & Administrator)
Platform: Windows 8.1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Users\Claudio\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) F:\Steam\Steam.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Spotify Ltd) C:\Users\Claudio\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [392592 2015-03-06] ()
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-29] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Alienware Survey] => c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Alienware, Inc.)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4434224 2013-07-18] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Panda Security URL Filtering] => "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Speedup_umh] => C:\Program Files (x86)\Avira\AviraSpeedup\Speedup_umh.exe [194832 2015-06-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\Run: [GoogleChromeAutoLaunch_27E4D978C00718BF17F03AEDF6AA0A25] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\Run: [Spotify Web Helper] => C:\Users\Claudio\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-25] (Spotify Ltd)
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\Run: [Spotify] => C:\Users\Claudio\AppData\Roaming\Spotify\spotify.exe [7415864 2015-06-25] (Spotify Ltd)
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\mskbqn.exe <===== ATTENTION
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\MountPoints2: {3304ebac-f0c3-11e4-be89-f01faf47090c} - "G:\setup.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-10-12]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-03-30]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{987ACE92-A585-45CF-AE43-0B038780B497}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-05-13]
ShortcutTarget: Curse.lnk -> C:\Users\Claudio\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-31] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-31] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ph/intl/en/
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienware....com/welcome-it
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienware....com/welcome-it
SearchScopes: HKU\S-1-5-21-3735152785-4011115693-2359712052-1002 -> DefaultScope {3581ECEC-20A2-4545-B04A-7713AF13C18E} URL = 
SearchScopes: HKU\S-1-5-21-3735152785-4011115693-2359712052-1002 -> {3581ECEC-20A2-4545-B04A-7713AF13C18E} URL = 
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-05-27] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-05-27] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-05-27] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-05-27] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0D89B044-D043-4223-BB08-F3DD46D906A3}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\1fkScJSV.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)
FF Plugin HKU\S-1-5-21-3735152785-4011115693-2359712052-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Claudio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\1fkScJSV.default\Extensions\[email protected] [2015-07-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-31]
CHR Extension: (Google Docs) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-31]
CHR Extension: (Google Drive) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-03-31]
CHR Extension: (JAM with Chrome) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bggjdpbfjakfkacljidachigalghbnpk [2015-03-31]
CHR Extension: (YouTube) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-31]
CHR Extension: (Google Search) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (Google Sheets) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-31]
CHR Extension: (AdBlock) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-31]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2015-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Google Wallet) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-31]
CHR Extension: (My Chrome Theme) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-03-31]
CHR Extension: (Enhanced Steam) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-03-31]
CHR Extension: (Gmail) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-04-20] (Adobe Systems Incorporated)
U4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
U4 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-06] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-17] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1000688 2015-06-21] (Overwolf LTD)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [291336 2015-05-19] (Visicom Media Inc.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-10-08] (Qualcomm Atheros) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 VSSS; C:\Users\Claudio\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106158784 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-31] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-04-30] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-05] (Disc Soft Ltd)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-05-28] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [91360 2013-04-11] (STMicroelectronics)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-31] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 17:54 - 2015-07-01 17:55 - 00027236 _____ C:\Users\Claudio\Downloads\FRST.txt
2015-07-01 17:54 - 2015-07-01 17:54 - 00000000 ____D C:\FRST
2015-07-01 17:51 - 2015-07-01 17:51 - 02112512 _____ (Farbar) C:\Users\Claudio\Downloads\FRST64.exe
2015-07-01 17:44 - 2015-07-01 17:44 - 00003340 _____ C:\WINDOWS\System32\Tasks\AviraSpeedup
2015-07-01 17:44 - 2015-07-01 17:44 - 00001147 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-07-01 17:44 - 2015-07-01 17:44 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-07-01 17:44 - 2015-07-01 17:44 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Avira
2015-07-01 17:44 - 2015-07-01 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-07-01 17:21 - 2015-07-01 17:21 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Mozilla
2015-07-01 17:20 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-07-01 17:20 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-07-01 17:20 - 2015-06-16 09:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-07-01 17:20 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-07-01 17:04 - 2015-07-01 17:44 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-01 17:04 - 2015-07-01 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-01 17:04 - 2015-07-01 17:20 - 00000000 ____D C:\ProgramData\Avira
2015-07-01 17:04 - 2015-07-01 17:04 - 00001210 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-01 16:59 - 2015-07-01 16:59 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Claudio\Downloads\avira_en_av_559400530a781__ws.exe
2015-07-01 12:41 - 2014-12-06 04:34 - 00000497 _____ C:\Users\Claudio\Desktop\fixfolder.vbs
2015-07-01 12:41 - 2014-12-06 04:33 - 00021995 _____ C:\Users\Claudio\Desktop\Trojorm Removal Tool v1.5.bat
2015-07-01 12:40 - 2015-07-01 12:40 - 00004148 _____ C:\Users\Claudio\Downloads\Fixfolder & Trojorm tool.zip
2015-07-01 12:33 - 2015-07-01 12:33 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2015-07-01 12:32 - 2015-07-01 12:33 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\SCSWGCOG.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\O6ASO44I.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\4O2GYWIW.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 01415680 _____ (wj32) C:\Program Files\YGM2K2E6.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 01415680 _____ (wj32) C:\Program Files\04026K6K.exe
2015-07-01 11:59 - 2015-05-20 16:39 - 01536000 _____ C:\Users\Claudio\Desktop\manifesto-definitivo.indd
2015-06-30 19:37 - 2015-06-30 19:37 - 01877712 _____ C:\Users\Claudio\Desktop\logo3.ai
2015-06-30 19:32 - 2015-06-30 19:32 - 00007934 _____ C:\Users\Claudio\Downloads\noun_52418_cc.svg
2015-06-30 19:06 - 2015-06-30 19:40 - 00000000 ____D C:\Users\Claudio\Desktop\Nuova cartella
2015-06-29 01:46 - 2015-06-29 01:46 - 00000000 ____D C:\Users\Claudio\Documents\EA Games
2015-06-29 01:39 - 2015-06-29 01:39 - 00000000 ____D C:\Users\Claudio\AppData\Local\EA Games
2015-06-29 01:39 - 2015-06-29 01:39 - 00000000 ____D C:\ProgramData\Solidshield
2015-06-25 18:33 - 2015-06-25 19:41 - 01374984 _____ C:\Users\Claudio\Desktop\Prespaziato per vetrine.ai
2015-06-25 16:21 - 2015-06-25 16:21 - 01594273 _____ C:\Users\Claudio\Downloads\Prespaziato per vetrine.ai
2015-06-18 00:03 - 2015-06-18 00:03 - 00000000 ____D C:\Users\Claudio\AppData\Local\CrashRpt
2015-06-17 23:14 - 2015-06-17 23:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-17 22:20 - 2015-06-17 23:14 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Origin
2015-06-17 22:20 - 2015-06-17 23:14 - 00000000 ____D C:\Users\Claudio\AppData\Local\Origin
2015-06-17 22:15 - 2015-06-17 23:19 - 00000000 ____D C:\ProgramData\Origin
2015-06-17 22:15 - 2015-06-17 22:20 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-17 22:15 - 2015-06-17 22:15 - 00000997 _____ C:\Users\Public\Desktop\Origin.lnk
2015-06-17 22:15 - 2015-06-17 22:15 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-16 17:35 - 2015-06-16 17:35 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\com.adobe.dmp.contentviewer
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-06-15 01:36 - 2015-06-15 01:55 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Nidhogg
2015-06-14 21:38 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-14 21:38 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-14 21:38 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-14 21:38 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-14 21:38 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-14 21:38 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-14 21:38 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-14 21:38 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-13 19:16 - 2015-06-13 19:16 - 00366105 _____ C:\Users\Claudio\Downloads\Colori.ai
2015-06-13 12:22 - 2015-06-13 22:04 - 00000000 ____D C:\Users\Claudio\Desktop\file mauro
2015-06-13 00:27 - 2015-06-13 00:27 - 01088664 _____ (Unity Technologies ApS) C:\Users\Claudio\Downloads\UnityWebPlayer (2).exe
2015-06-13 00:25 - 2015-06-13 00:25 - 00000000 ____D C:\Users\Claudio\AppData\Local\Unity
2015-06-13 00:24 - 2015-06-13 00:24 - 01088664 _____ (Unity Technologies ApS) C:\Users\Claudio\Downloads\UnityWebPlayer.exe
2015-06-10 19:46 - 2015-06-30 19:09 - 00000000 ____D C:\Users\Claudio\Desktop\logo japita
2015-06-10 16:17 - 2015-06-10 16:17 - 00434225 _____ C:\Users\Claudio\Documents\ts3_clientui-win64-1407159763-2015-06-10 16_17_27.257932.dmp
2015-06-10 16:14 - 2015-06-10 16:14 - 00445033 _____ C:\Users\Claudio\Documents\ts3_clientui-win64-1407159763-2015-06-10 16_14_13.531955.dmp
2015-06-10 16:13 - 2015-06-10 16:13 - 00446921 _____ C:\Users\Claudio\Documents\ts3_clientui-win64-1407159763-2015-06-10 16_13_46.094556.dmp
2015-06-10 16:09 - 2015-06-10 16:09 - 00021634 _____ C:\Users\Claudio\Desktop\heroes-of-the-storm.svg
2015-06-10 14:07 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 14:07 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 14:07 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 14:07 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 14:07 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 14:07 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 14:07 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 14:07 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 14:07 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 14:07 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 14:07 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 14:07 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 14:07 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 14:07 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 14:07 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 14:07 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 14:06 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 14:06 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 14:06 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 14:06 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 14:06 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 14:06 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 14:06 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 14:06 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 14:06 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 14:06 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 14:06 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 14:06 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 14:06 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 14:06 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 20:56 - 2015-07-01 16:47 - 00000000 ____D C:\ProgramData\panda_url_filtering
2015-06-09 20:27 - 2015-06-09 20:27 - 01630952 _____ C:\Users\Claudio\Downloads\PANDAFREEAV.exe
2015-06-09 20:11 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 20:11 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 20:11 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 20:11 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 20:11 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 20:11 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 20:11 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 20:11 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 20:11 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 20:11 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 20:11 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 20:11 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 20:11 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 20:11 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 20:11 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 20:11 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 20:11 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 20:11 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 20:11 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 20:11 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 20:11 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 20:11 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 20:11 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 20:11 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 20:11 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 20:11 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 20:11 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 20:11 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 20:11 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 20:11 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 20:11 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 20:11 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 20:11 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 20:11 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 20:11 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 20:11 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 20:11 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 20:11 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 20:11 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 20:11 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 20:11 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 20:11 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 20:10 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-02 16:55 - 2015-06-02 16:55 - 00000000 ____D C:\ProgramData\Steam
2015-06-02 16:52 - 2015-06-02 16:52 - 00000711 _____ C:\Users\Public\Desktop\Hatred.lnk
2015-06-02 04:17 - 2015-06-02 04:17 - 00000000 ____D C:\Users\Claudio\AppData\Local\GWX
2015-06-01 16:45 - 2015-06-01 16:45 - 00002155 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-06-01 16:45 - 2015-06-01 16:45 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-06-01 16:45 - 2015-06-01 16:45 - 00000000 ____D C:\WINDOWS\system32\NV
2015-06-01 16:45 - 2015-05-28 05:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-01 16:43 - 2015-05-28 09:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-01 16:43 - 2015-05-28 09:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-06-01 16:43 - 2015-05-28 09:04 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-01 16:43 - 2015-05-28 09:04 - 00031560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-06-01 15:52 - 2015-04-03 15:21 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-01 15:52 - 2015-04-03 15:21 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 17:42 - 2015-04-01 01:37 - 00000000 ____D C:\Users\Claudio\AppData\Local\Spotify
2015-07-01 17:42 - 2015-04-01 01:35 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Spotify
2015-07-01 17:33 - 2015-03-31 00:21 - 00001172 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 17:14 - 2015-03-31 21:58 - 01649287 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 17:04 - 2013-10-12 00:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-01 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-01 16:55 - 2013-10-12 00:59 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2015-07-01 16:50 - 2015-03-31 22:39 - 00000000 ____D C:\Users\Claudio\OneDrive
2015-07-01 16:49 - 2015-03-31 00:21 - 00001168 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 16:47 - 2014-11-20 20:06 - 00021154 _____ C:\WINDOWS\PFRO.log
2015-07-01 16:47 - 2013-10-12 00:45 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-01 16:47 - 2013-08-22 16:46 - 00343192 _____ C:\WINDOWS\setupact.log
2015-07-01 16:47 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-01 16:47 - 2013-08-22 16:44 - 02337400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-01 16:45 - 2015-04-05 19:01 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Panda Security
2015-07-01 16:45 - 2015-04-05 19:01 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-01 16:45 - 2015-04-05 18:57 - 00000000 ____D C:\ProgramData\Panda Security
2015-07-01 16:39 - 2015-04-01 01:37 - 00000000 ____D C:\Users\Claudio\AppData\Local\Battle.net
2015-07-01 14:04 - 2015-04-08 15:57 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4049A371-2298-429E-A889-686C14086CE9}
2015-07-01 13:12 - 2015-03-31 00:29 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3735152785-4011115693-2359712052-1002
2015-07-01 12:48 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-01 12:12 - 2015-03-31 22:10 - 00000000 ____D C:\Users\Claudio
2015-07-01 04:08 - 2015-03-30 22:54 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\TS3Client
2015-07-01 01:28 - 2015-04-01 01:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-30 20:41 - 2015-05-09 20:41 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-06-30 19:09 - 2015-04-18 16:30 - 00000034 _____ C:\Users\Claudio\AppData\Roaming\AdobeWLCMCache.dat
2015-06-30 19:08 - 2015-04-01 13:11 - 00000000 ____D C:\Users\Claudio\AppData\Local\Adobe
2015-06-29 15:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-29 01:45 - 2015-03-30 23:37 - 00000000 ____D C:\Users\Claudio\AppData\Local\NVIDIA Corporation
2015-06-29 01:41 - 2015-03-31 21:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-29 01:41 - 2015-03-30 23:37 - 00001399 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-29 01:39 - 2015-03-31 00:56 - 00046357 _____ C:\WINDOWS\DirectX.log
2015-06-28 14:33 - 2015-03-31 00:45 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-28 14:33 - 2014-11-21 12:57 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-28 14:33 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-28 14:33 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-26 20:11 - 2015-05-17 14:55 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-24 13:36 - 2015-03-30 23:37 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-24 13:36 - 2015-03-30 23:37 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-24 13:36 - 2015-03-30 23:37 - 01320120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-24 13:36 - 2015-03-30 23:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-23 01:34 - 2015-03-31 00:23 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 05:02 - 2014-11-21 13:06 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-11-21 13:06 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-15 22:28 - 2015-05-17 02:07 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-14 23:31 - 2015-03-30 23:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-14 23:26 - 2015-03-30 23:22 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieUserList
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieSiteList
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieBrowserModeList
2015-06-11 19:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 15:05 - 2013-10-12 00:51 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-10 03:54 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-05 22:15 - 2015-05-29 13:57 - 00000000 ____D C:\Users\Claudio\Desktop\Nuova musica
2015-06-03 02:45 - 2015-05-09 20:38 - 00000000 ____D C:\Users\Claudio\AppData\Local\Overwolf
2015-06-02 16:45 - 2015-05-13 23:44 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Curse Client
2015-06-01 16:45 - 2013-10-12 01:00 - 00000000 ____D C:\Temp
2015-06-01 15:52 - 2015-03-30 22:50 - 00000000 ____D C:\ProgramData\boost_interprocess
 
==================== Files in the root of some directories =======
 
2015-07-01 12:13 - 2015-07-01 12:13 - 1415680 _____ (wj32) C:\Program Files\04026K6K.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\4O2GYWIW.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\O6ASO44I.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\SCSWGCOG.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 1415680 _____ (wj32) C:\Program Files\YGM2K2E6.exe
2015-04-18 16:30 - 2015-06-30 19:09 - 0000034 _____ () C:\Users\Claudio\AppData\Roaming\AdobeWLCMCache.dat
2015-05-12 03:39 - 2015-05-18 19:21 - 0001456 _____ () C:\Users\Claudio\AppData\Local\Adobe Salva per Web e dispositivi 13.0 Prefs
2015-03-30 22:10 - 2015-03-30 22:10 - 0000000 _____ () C:\Users\Claudio\AppData\Local\Driver_LOM_8161Present.flag
2013-10-12 00:40 - 2013-10-12 00:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-21 05:49 - 2014-11-21 05:49 - 81772544 ___SH () C:\ProgramData\mskbqn.exe
2013-10-12 00:58 - 2013-10-12 00:59 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-12 00:54 - 2013-10-12 00:55 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-12 00:55 - 2013-10-12 00:56 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-12 00:53 - 2013-10-12 00:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-12 00:57 - 2013-10-12 00:58 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Files to move or delete:
====================
C:\ProgramData\mskbqn.exe
 
 
Some files in TEMP:
====================
C:\Users\Claudio\AppData\Local\Temp\cdo1558200711.dll
C:\Users\Claudio\AppData\Local\Temp\cdo3395756794.dll
C:\Users\Claudio\AppData\Local\Temp\cdo4007834513.dll
C:\Users\Claudio\AppData\Local\Temp\cdo4035747192.dll
C:\Users\Claudio\AppData\Local\Temp\cdo4158180666.dll
C:\Users\Claudio\AppData\Local\Temp\cdo759320936.dll
C:\Users\Claudio\AppData\Local\Temp\FreemakeYouTubeToMP3BoomFull.exe
C:\Users\Claudio\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Claudio\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Claudio\AppData\Local\Temp\nvStInst.exe
C:\Users\Claudio\AppData\Local\Temp\utils.dll
C:\Users\Claudio\AppData\Local\Temp\wusetup.exe
C:\Users\Claudio\AppData\Local\Temp\{1EBBFB56-E9A8-48AF-A7A0-47DC08D2EAC9}.exe
C:\Users\Claudio\AppData\Local\Temp\{66DD6310-21C2-48E9-BCB2-9F6937CFF762}.exe
C:\Users\Claudio\AppData\Local\Temp\{8378F1AF-39CE-48BC-9BCF-6404AB5117DD}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-25 22:32
 
==================== End of log ============================

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, there is a possibility that when this fix runs the malware may cause a blue screen, if this occurs then run the fix from safe mode

On reboot try your antivirus and let me know of any problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\mskbqn.exe <===== ATTENTION
R2 VSSS; C:\Users\Claudio\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106158784 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\SCSWGCOG.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\O6ASO44I.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\4O2GYWIW.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 01415680 _____ (wj32) C:\Program Files\YGM2K2E6.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 01415680 _____ (wj32) C:\Program Files\04026K6K.exe
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieUserList
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieSiteList
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieBrowserModeList
2015-07-01 12:13 - 2015-07-01 12:13 - 1415680 _____ (wj32) C:\Program Files\04026K6K.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\4O2GYWIW.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\O6ASO44I.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\SCSWGCOG.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 1415680 _____ (wj32) C:\Program Files\YGM2K2E6.exe
Task: {93E71CCC-5708-4695-B23D-254A551C1FA7} - \SystemToolsDailyTest No Task File <==== ATTENTION
C:\Users\Claudio\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\ProgramData\mskbqn.exe
C:\Program Files\kprocesshacker.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
cloud992

cloud992

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Sorry for the late asnwer. Here is the log. However my AV still not working.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Claudio at 2015-07-03 16:33:01 Run:1
Running from C:\Users\Claudio\Downloads
Loaded Profiles: Claudio (Available Profiles: Claudio & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\mskbqn.exe <===== ATTENTION
R2 VSSS; C:\Users\Claudio\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106158784 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\SCSWGCOG.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\O6ASO44I.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 01415680 _____ (wj32) C:\Program Files\4O2GYWIW.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 01415680 _____ (wj32) C:\Program Files\YGM2K2E6.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 01415680 _____ (wj32) C:\Program Files\04026K6K.exe
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieUserList
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieSiteList
2015-06-13 00:37 - 2015-04-08 15:57 - 00000000 __SHD C:\Users\Claudio\AppData\Local\EmieBrowserModeList
2015-07-01 12:13 - 2015-07-01 12:13 - 1415680 _____ (wj32) C:\Program Files\04026K6K.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\4O2GYWIW.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\O6ASO44I.exe
2015-07-01 12:14 - 2015-07-01 12:14 - 1415680 _____ (wj32) C:\Program Files\SCSWGCOG.exe
2015-07-01 12:13 - 2015-07-01 12:13 - 1415680 _____ (wj32) C:\Program Files\YGM2K2E6.exe
Task: {93E71CCC-5708-4695-B23D-254A551C1FA7} - \SystemToolsDailyTest No Task File <==== ATTENTION
C:\Users\Claudio\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\ProgramData\mskbqn.exe
C:\Program Files\kprocesshacker.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value restored successfully
VSSS => Unable to stop service.
VSSS => Service removed successfully
KProcessHacker2 => Unable to stop service.
KProcessHacker2 => Service removed successfully
C:\Program Files\SCSWGCOG.exe => moved successfully.
C:\Program Files\O6ASO44I.exe => moved successfully.
C:\Program Files\4O2GYWIW.exe => moved successfully.
C:\Program Files\YGM2K2E6.exe => moved successfully.
C:\Program Files\04026K6K.exe => moved successfully.
C:\Users\Claudio\AppData\Local\EmieUserList => moved successfully.
C:\Users\Claudio\AppData\Local\EmieSiteList => moved successfully.
C:\Users\Claudio\AppData\Local\EmieBrowserModeList => moved successfully.
"C:\Program Files\04026K6K.exe" => File/Folder not found.
"C:\Program Files\4O2GYWIW.exe" => File/Folder not found.
"C:\Program Files\O6ASO44I.exe" => File/Folder not found.
"C:\Program Files\SCSWGCOG.exe" => File/Folder not found.
"C:\Program Files\YGM2K2E6.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93E71CCC-5708-4695-B23D-254A551C1FA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E71CCC-5708-4695-B23D-254A551C1FA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
C:\Users\Claudio\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
Could not move "C:\ProgramData\mskbqn.exe" => Scheduled to move on reboot.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
Operazione completata.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
Operazione completata.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3735152785-4011115693-2359712052-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 70.5 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-03 16:40:39)<=
 
C:\ProgramData\mskbqn.exe => Is moved successfully
 
==== End of Fixlog 16:40:39 ====

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now repair Avira https://www.avira.co...etail/kbid/1755

How is the computer behaving otherwise
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP