Jump to content


Photo

PC slow - hardware (memoty low or full hard disk) or Malware?


  • This topic is locked This topic is locked
36 replies to this topic

#1 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 19 April 2014 - 12:00 PM

hi guys, I discovered your forum surfing on the net while searching for info about a malware i discovered recently.

I have my pc that is slow since months and now I decided to fix it or change it. It's 4 year old and my doubt is if it's an hardware problem or malware.

The biggest problem is when I switch it on .. when desktop appear and softwares are loaded, I can have CPU working at 16% but memory jumping to 99% when i open a browser. After 15-20 minutes it begins to work better, but sometimes it freezes for 30-60 seconds. I normally use firefox or Chrome to surf the web and don't use complicated games the "eat lot of memory"

Don't know if it's a problem of hardware getting old or low memory or hard disk too full (15GB empty out of 150approximately)

 

The Pc is a Dell Inspiron 530

Memory 2Gb

Intel Pentium Dual CPU E2200 2.20 GH

Window Vista 32 bit

 

 

I regurarly use Antivirus (AVG, Panda and Eset ) and antimalware (Antimalware bytes, Spybot)

 

I'm going to post the info you required in the instructions.

Keep your time that is Easter

Greetings to all.

 

 

 



#2 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 19 April 2014 - 12:01 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2014.04.19.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mirko :: PC-MIRKO [amministratore]

19/04/2014 10.29.32
mbam-log-2014-04-19 (10-29-32).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 461914
Tempo impiegato: 3 ore, 29 minuti, 14 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
 



#3 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 19 April 2014 - 12:02 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.55.2
Run by Mirko at 12:00:43 on 2014-04-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.39.1040.18.2036.383 [GMT 2:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Atlantis Land\Adsl\DslStat.exe
C:\Program Files\Atlantis Land\Adsl\dslagent.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\AVG Nation toolbar\vprot.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uWindow Title = Internet Explorer fornito da Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=4090108
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Nation toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg nation toolbar\17.3.0.49\AVG Nation toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: AVG Nation toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg nation toolbar\17.3.0.49\AVG Nation toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LaCie Backup] c:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [DSLSTATEXE] c:\program files\atlantis land\adsl\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\atlantis land\adsl\dslagent.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg nation toolbar\vprot.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
StartupFolder: c:\users\mirko\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Apri con PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: ///
Trusted Zone: factset.com
Trusted Zone: lionshares.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3B6D56A0-92D3-46A3-9E61-D633306C5BD2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8E2F5F7E-E421-4781-91F4-30278B49EA9F} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8E2F5F7E-E421-4781-91F4-30278B49EA9F} : DHCPNameServer = 192.168.1.1
Handler: fdstp2 - {EDA30510-6AD8-11d2-A1A4-00805F0F0690} - c:\program files\factset\fdstp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~3\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mirko\appdata\roaming\mozilla\firefox\profiles\4vtprre0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072013&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\users\mirko\appdata\roaming\mozilla\firefox\profiles\4vtprre0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\mirko\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2013-10-6 21728]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-11-1 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-28 37664]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-29 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-29 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-29 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-29 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-29 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-29 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-29 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-29 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-29 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-29 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-29 93928]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 175848]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-2-23 3782672]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-6-14 337872]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-3 140768]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 105704]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 114920]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 127720]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2013-10-6 1074944]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-11-22 245760]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-4-19 40776]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-4-3 47632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 PCloudCleanerService;Panda Security CloudCLeaner Service;c:\windows\system32\PCloudCleanerService.EXE [2014-2-15 112936]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-8 30192]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2013-10-6 50704]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97512]
S4 NNSPIHSW;NNSPihsw;c:\windows\system32\drivers\NNSPihsw.sys [2013-5-29 61672]
.
=============== Created Last 30 ================
.
2014-04-19 08:26:30    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-19 06:45:56    687544    ----a-w-    c:\windows\system32\deployJava1.dll
2014-04-19 06:45:55    772544    ----a-w-    c:\windows\system32\npDeployJava1.dll
2014-04-17 16:10:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-04-03 17:03:32    47632    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
2014-03-27 18:21:31    --------    d-----w-    c:\users\mirko\appdata\local\Skype
2014-03-27 18:20:38    --------    d-----r-    c:\program files\Skype
2014-03-23 17:35:50    2297552    ----a-w-    c:\windows\system32\d3dx9_26.dll
2014-03-23 17:31:41    --------    d--h--w-    c:\windows\msdownld.tmp
2014-03-23 17:31:39    --------    d-----w-    c:\windows\system32\directx
.
==================== Find3M  ====================
.
2014-04-13 14:32:06    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-13 14:32:06    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-07 23:12:00    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-07 23:02:19    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-03-07 22:57:17    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-03-07 22:52:04    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-07 10:38:44    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-02-03 10:37:54    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-01-30 07:46:58    876032    ----a-w-    c:\windows\system32\wer.dll
2014-01-22 17:20:20    112936    ----a-w-    c:\windows\system32\PCloudCleanerService.EXE
2014-01-19 20:46:54    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-10-09 19:25:15    50053120    ----a-w-    c:\program files\GUTC6F7.tmp
.
============= FINISH: 12.03.15,95 ===============
 



#4 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 19 April 2014 - 12:02 PM

 Results of screen317's Security Check version 0.99.82  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
Panda Cloud Antivirus             
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 CCleaner     
 Java 7 Update 55  
 Adobe Flash Player     13.0.0.182  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````



#5 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 19 April 2014 - 12:54 PM

I also had Mozilla crushing recently

this is what I received as detailes.

That's all for today :)

 

AdapterDeviceID: 0x29c2
AdapterVendorID: 0x8086
Add-ons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119,%7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
AvailablePageFile: 655392768
AvailablePhysicalMemory: 529948672
AvailableVirtualMemory: 275836928
BIOS_Manufacturer: Dell Inc.
BlockedDllList:
BreakpadReserveAddress: 39845888
BreakpadReserveSize: 37748736
BuildID: 20140314220517
CrashTime: 1397932889
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1396170890
Notes: AdapterVendorID: 0x8086, AdapterDeviceID: 0x29c2, AdapterSubsysID: 020d1028, AdapterDriverVersion: 7.14.10.1437
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- xpcom_runtime_abort([Parent 5540] ###!!! ABORT: file c:/builds/moz2_slave/rel-m-rel-w32_bld-000000000000/build/ipc/chromium/src/base/pickle.cc, line 136)
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 4215
StartupTime: 1397928943
SystemMemoryUsePercentage: 75
Theme: classic/1.0
Throttleable: 1
TotalVirtualMemory: 2147352576
URL: http://www.email.it/mail.php
User32BeforeBlocklist: 1
Vendor: Mozilla
Version: 28.0
Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 :  
 MSAFD Tcpip [UDP/IP] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD Tcpip [RAW/IP] : 2 : 3 :  
 MSAFD Tcpip [TCP/IPv6] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
 MSAFD Tcpip [UDP/IPv6] : 2 : 2 :  
 MSAFD Tcpip [RAW/IPv6] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
 Provider di servizi TCPv6 RSVP : 2 : 1 :  
 Provider di servizi TCP RSVP : 2 : 1 : %SystemRoot%\system32\mswsock.dll
 Provider di servizi UDPv6 RSVP : 2 : 2 :  
 Provider di servizi UDP RSVP : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{8E2F5F7E-E421-4781-91F4-30278B49EA9F}] SEQPACKET 4 : 2 : 5 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{8E2F5F7E-E421-4781-91F4-30278B49EA9F}] DATAGRAM 4 : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B6D56A0-92D3-46A3-9E61-D633306C5BD2}] SEQPACKET 2 : 2 : 5 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B6D56A0-92D3-46A3-9E61-D633306C5BD2}] DATAGRAM 2 : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A7085553-5E0A-41DE-9C10-D1057C3E8FCC}] SEQPACKET 6 : 2 : 5 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A7085553-5E0A-41DE-9C10-D1057C3E8FCC}] DATAGRAM 6 : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8E2F5F7E-E421-4781-91F4-30278B49EA9F}] SEQPACKET 5 : 2 : 5 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8E2F5F7E-E421-4781-91F4-30278B49EA9F}] DATAGRAM 5 : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{821168A2-DDD7-4780-B305-36D4537E97EB}] SEQPACKET 0 : 2 : 5 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{821168A2-DDD7-4780-B305-36D4537E97EB}] DATAGRAM 0 : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3B6D56A0-92D3-46A3-9E61-D633306C5BD2}] SEQPACKET 3 : 2 : 5 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3B6D56A0-92D3-46A3-9E61-D633306C5BD2}] DATAGRAM 3 : 2 : 2 : %SystemRoot%\system32\mswsock.dll
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A013017B-485D-4D1C-90D2-D3FD737D490B}] SEQPACKET 1 : 2 : 5 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A013017B-485D-4D1C-90D2-D3FD737D490B}] DATAGRAM 1 : 2 : 2 : %SystemRoot%\system32\mswsock.dll
useragent_locale: it

Questa segnalazione contiene anche informazioni relative allo stato dell’applicazione al momento del blocco.


Edited by tesorodifirenze, 19 April 2014 - 12:56 PM.


#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 20 April 2014 - 06:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

Add-ons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119,%7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0


The extension reported e001c731-5e37-4538-a5cb-8168736a2360 belongs to Bitdefender.
Disable it it in chrome and firefox if present.

If Bitdefender was removed from this computer download and run their uninstaller.
You will find the link to the tool here.
http://answers.micro...88-0aa4c25a1f91
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 21 April 2014 - 01:52 AM

Hi I made the scan. Here the results.

PC looks faster, but need more time to see if actually it can last. I'll try surfing later on the web

 

# AdwCleaner v3.101 - Report created 21/04/2014 at 09:01:59
# Updated 20/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Mirko - PC-MIRKO
# Running from : C:\Users\Mirko\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Nation toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files\AVG Nation toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Mirko\AppData\Local\apn
Folder Deleted : C:\Users\Mirko\AppData\Local\AVG Nation toolbar
Folder Deleted : C:\Users\Mirko\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mirko\AppData\LocalLow\AVG Nation toolbar
Folder Deleted : C:\Users\Mirko\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\4vtprre0.default\Conduit
File Deleted : C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\4vtprre0.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\4vtprre0.default\searchplugins\bingp.xml
File Deleted : C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\4vtprre0.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6E8FC04-8B05-48B1-9399-848229502A06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Nation toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Toolbar Cleaner
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v28.0 (it)

[ File : C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\4vtprre0.default\prefs.js ]

Line Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2405280.CTID", "CT2405280");
Line Deleted : user_pref("CT2405280.CurrentServerDate", "21-10-2010");
Line Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2405280.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Thu Oct 21 2010 13:41:26 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedLastCount1783261708582779529", 1373);
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815234", "Thu Oct 21 2010 13:41:27 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815240", "Thu Oct 21 2010 13:41:27 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815246", "Thu Oct 21 2010 13:41:27 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815252", "Thu Oct 21 2010 13:41:27 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815258", "Thu Oct 21 2010 13:41:27 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815264", "Thu Oct 21 2010 13:41:27 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815270", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815276", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815282", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815288", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815294", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815300", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815306", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466815312", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971568", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971574", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971580", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971586", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971592", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971598", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971604", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971610", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971616", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971622", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971628", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971634", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971640", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971646", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971652", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971658", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971664", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971670", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971676", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971682", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971688", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971694", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971700", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394466971706", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467127962", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467127968", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467127974", "Thu Oct 21 2010 13:41:30 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467127980", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467127986", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467127992", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467127998", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467128004", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467128010", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467128016", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467128022", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467128028", "Thu Oct 21 2010 13:41:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467128034", "Thu Oct 21 2010 13:41:32 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedPollDate129212394467128040", "Thu Oct 21 2010 13:41:32 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.FeedTTL129212394466815246", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466815258", 60);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466815312", 60);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971568", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971574", 2);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971580", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971592", 2);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971598", 5);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971604", 5);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971616", 5);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971628", 30);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971634", 30);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971658", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971670", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971676", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971682", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129212394466971700", 1440);
Line Deleted : user_pref("CT2405280.FeedTTL129212394467127980", 10);
Line Deleted : user_pref("CT2405280.FeedTTL129212394467127998", 5);
Line Deleted : user_pref("CT2405280.FirstServerDate", "17-7-2010");
Line Deleted : user_pref("CT2405280.FirstTime", true);
Line Deleted : user_pref("CT2405280.FirstTimeFF3", true);
Line Deleted : user_pref("CT2405280.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2405280.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2405280.Initialize", true);
Line Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2405280.InstallationAndCookieDataSentCount", 2);
Line Deleted : user_pref("CT2405280.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2405280.InstalledDate", "Sat Jul 17 2010 13:23:31 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.InvalidateCache", false);
Line Deleted : user_pref("CT2405280.IsGrouping", false);
Line Deleted : user_pref("CT2405280.IsMulticommunity", false);
Line Deleted : user_pref("CT2405280.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Thu Oct 21 2010 13:41:29 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2405280.LastLogin_2.7.1.3", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT2405280.Locale", "en-us");
Line Deleted : user_pref("CT2405280.LoginCache", 4);
Line Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2405280.RadioIsPodcast", false);
Line Deleted : user_pref("CT2405280.RadioLastCheckTime", "Thu Oct 21 2010 13:41:27 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Line Deleted : user_pref("CT2405280.RadioMediaID", "20503713");
Line Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
Line Deleted : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Line Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Line Deleted : user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2405280&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=");
Line Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Thu Oct 21 2010 13:41:26 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2405280.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Thu Oct 21 2010 13:41:26 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.SettingsLastUpdate", "1279117606");
Line Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Thu Oct 21 2010 13:41:26 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1279117606");
Line Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2405280.Uninstall", true);
Line Deleted : user_pref("CT2405280.UserID", "UN64237440770717450");
Line Deleted : user_pref("CT2405280.WeatherNetwork", "");
Line Deleted : user_pref("CT2405280.WeatherPollDate", "Thu Oct 21 2010 13:41:28 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2405280.WeatherUnit", "C");
Line Deleted : user_pref("CT2405280.alertChannelId", "799768");
Line Deleted : user_pref("CT2405280.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2405280.myStuffEnabled", true);
Line Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2405280");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Oct 21 2010 13:41:26 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [29480 octets] - [21/04/2014 08:59:19]
AdwCleaner[S0].txt - [30028 octets] - [21/04/2014 09:01:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30089 octets] ##########
 



#8 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 21 April 2014 - 01:55 AM

I had problem with Farbar. First Panda Antivirus saw it as a virus. On the second I tried to disactivate Panda for 10 minutes, launched Farbar 32bit but after few seconds it crashed.

I tried 3-4 times but it always crashed after search in Chrome plugins. I attach the log of the crash

 

irma problema:
  Nome evento problema:    APPCRASH
  Nome applicazione:    FRST.exe
  Versione applicazione:    3.3.10.2
  Timestamp applicazione:    535424b4
  Nome modulo con errori:    FRST.exe
  Versione modulo con errori:    3.3.10.2
  Timestamp modulo con errori:    535424b4
  Codice eccezione:    c00000fd
  Offset eccezione:    00009469
  Versione SO:    6.0.6002.2.2.0.768.3
  ID impostazioni locali:    1040
  Informazioni aggiuntive 1:    669d
  Ulteriori informazioni 2:    0339fffb89e995cd1277c92acde190c7
  Ulteriori informazioni 3:    f6fd
  Ulteriori informazioni 4:    756d71a75ceb05f0a5403f27c136f07d

Leggere l'informativa sulla privacy:
  http://go.microsoft....63&clcid=0x0410


Edited by tesorodifirenze, 21 April 2014 - 02:02 AM.


#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 21 April 2014 - 05:53 AM

This tool should run.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 21 April 2014 - 10:54 AM

PC continues to go slow with browsers. I post the txt.

 

 

OTL Extras logfile created on: 21/04/2014 17.56.59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mirko\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,82% Memory free
4,38 Gb Paging File | 2,45 Gb Available in Paging File | 55,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,95 Gb Total Space | 69,61 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,85 Gb Free Space | 48,50% Space Free | Partition Type: NTFS
 
Computer Name: PC-MIRKO | User Name: Mirko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\.DEFAULT]
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-18]
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-19]
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-20]
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-753316083-1099532342-3845148089-1000]
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-753316083-1099532342-3845148089-1004]
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Morningstar\Direct\MStarAWD.exe" = C:\Program Files\Morningstar\Direct\MStarAWD.exe:*:Enabled:MStarAWD Application -- ()
"C:\Program Files\Morningstar\Direct\AWDImport.exe" = C:\Program Files\Morningstar\Direct\AWDImport.exe:*:Enabled:AWDImport Application -- ()
"C:\Program Files\Morningstar\Direct\MSUpdate.exe" = C:\Program Files\Morningstar\Direct\MSUpdate.exe:*:Enabled:MSUpdate Application
"C:\Program Files\Morningstar\Direct\MSUpdateVista.exe" = C:\Program Files\Morningstar\Direct\MSUpdateVista.exe:*:Enabled:MSUpdateVista Application
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Morningstar\Direct\MStarAWD.exe" = C:\Program Files\Morningstar\Direct\MStarAWD.exe:*:Enabled:MStarAWD Application -- ()
"C:\Program Files\Morningstar\Direct\AWDImport.exe" = C:\Program Files\Morningstar\Direct\AWDImport.exe:*:Enabled:AWDImport Application -- ()
"C:\Program Files\Morningstar\Direct\MSUpdate.exe" = C:\Program Files\Morningstar\Direct\MSUpdate.exe:*:Enabled:MSUpdate Application
"C:\Program Files\Morningstar\Direct\MSUpdateVista.exe" = C:\Program Files\Morningstar\Direct\MSUpdateVista.exe:*:Enabled:MSUpdateVista Application
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2925D33F-CA60-47C1-BD07-343C98C5F0E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3DF44C42-A5FB-48E0-B58D-3FD5A0650CDF}" = lport=445 | protocol=6 | dir=in | app=system |
"{5C996AC3-E7E5-474B-8D4E-ACD6A8CBCA88}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60DD24F5-4A4E-4628-BE70-055422517C96}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7A8C6F77-B4DD-4C27-99E0-E4B32E1A3EB7}" = lport=5432 | protocol=6 | dir=in | name=postgres |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0147B174-04B8-4458-9C0D-23908784D8A6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{0235886E-0F64-463F-839F-1D5A2AE695F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07B03B68-B097-4BB4-92DC-0486FA6E2CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{084A5ACD-85BF-4FF3-A4E0-2223DDD5829F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{08551F13-4685-48CB-B22A-9C36FBF2C905}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{0A7582A1-C28B-474A-99FD-015EF2689FCE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0FA2FA20-48E1-4475-9979-32B127C20248}" = protocol=17 | dir=in | app=c:\program files\incrediblecharts\incrediblecharts.exe |
"{12784F43-42FF-4D27-9B95-737475E50AE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{140DA068-0B94-40D6-B728-127C363FB878}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{1B225EED-984E-41DE-ACF1-EE4D14048616}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D9E7A1E-1AC9-42AA-BDFD-150036C8C757}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1DF10B40-2ADC-4D2E-BC61-0A47F495901B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2470A520-A0BA-43FF-8009-171C331185DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24ED0186-817D-4479-90BF-3636945A925B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28C4B061-A032-4277-AD99-E2C47699C861}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4494E829-B2A2-493E-92F7-00D65FE0BCC0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{4D04940B-AA31-4719-995A-DFD64324962D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F710545-0422-436E-83E3-3D40E08EEADD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F832492-CE84-46FA-8F47-23C655E5D6E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FCAC265-78EC-4356-AF06-D8EFE2FC785E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50103034-75AB-4396-826C-2782D4690A74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52BCB8B1-04F8-4EA4-9E1A-957CA12A918C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{56CCE92B-E4B1-4E8A-ABB1-71F4E9FAABA6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C1937D0-61C1-4DA8-BD6D-18CE76D20AAC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{5C6CE9A8-EDB2-49FE-8FF4-3642929CE2E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6109E237-5DD9-42A7-B906-AD8AA1565914}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6116B85A-3472-4B91-A9D0-947F7E80CF29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63F54C7D-B811-4E6B-A76C-1E97ED8B4E90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659BD7C1-4265-4164-8917-843CB7B02095}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65DB0CDD-670F-4687-8652-29431AFA7916}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66CAA590-FB67-412B-A295-9BB645EE9C54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68081238-4D2E-4285-BC14-DDBB6918EB62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{681AB72E-15E2-4A4A-9174-C9E0D719E54C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68EB42C6-186E-46D3-B891-8A3C81312CF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69E28ACA-8ABA-4FE6-B470-399852EC051A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AB1A8C7-582E-4317-8DD4-2632ABDC9093}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E9573AF-C04F-4DE9-92AC-029572D88127}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{749C1051-9EA9-449E-ACA4-086A90504000}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78B13B21-08ED-4CE0-951D-19C2233C3DB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78EDA4A1-7F56-4F79-8020-4AFA2BFD4581}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BD97894-9E6B-463B-BB25-1CF3EF3C9140}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81AED1F8-FEBF-43E7-A1BA-934E5D267281}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81FE8C76-1B9E-46F7-B3FA-7DBC186054A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{825C7F21-1384-474F-AC04-6FE294921956}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{934E143A-7324-4854-A5CD-68041932E483}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95144ECA-D048-4A6F-89EF-3212E8A0CC3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9ADC655C-877A-4AD8-8012-6DC6662365DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C9EB3FC-3264-4311-BDE5-B44442EF6B4F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{9CAD3F30-A7C0-4DD4-9912-E7440C16C1A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1101001-45DD-4AAB-8C90-0D7AF6C143F0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{A47E8FD9-9AF7-493D-B23D-FC374751BA6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5C7150A-2409-445C-912B-59C78BE6FBEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5D23986-BBF2-49D9-8A66-C27657F2BD74}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{A64D8F65-F1DC-4C40-87C4-9AF4C59D842D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A6BED043-9623-49FC-8901-8E51F938F0FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A78CA409-D334-4D8F-941A-06FE6E2030BB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{A808B511-318B-4A5B-8E5D-488F70FA39EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9D3776B-3909-46EC-9A6F-49A102F634A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACA6291B-A5B7-4EB1-AAC8-6DC78BD19213}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD12FEAF-5C3E-4E94-94C6-17F9A383E2EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3781048-712C-4D22-982B-004B38A62160}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B60C6EBA-C11E-4361-BCDA-6A783D5E9A1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9263494-4B17-462C-AF64-D8FBAB3CF66E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA04AFD4-C68E-47A8-9C51-B6E77CA41273}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BAFA9687-7354-44E9-97E2-55892D8CF8A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{BB609656-8A19-47A2-A07C-0835F09909B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC807EF5-0626-4FD7-8498-F8D72D27085A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF92CBE5-0637-4C36-AC1F-70D759636058}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C06153C4-4A13-4890-8158-BDC84CF10F81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0F9AD40-254F-4E4D-AF5B-B6B14921E4C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C18C259E-0B07-423E-8080-15A9A28A78FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C68C408F-EC8D-4A96-86F4-52249B65A5A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C72F9925-95CD-4705-995E-FAD26E3C1B0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9E2982E-8545-43C2-AE31-EFA650023945}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD5F5066-E890-43DF-B9CA-EA6FC4B31A55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD84342E-601D-4E0E-8B4D-8CB0D9853F2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEB186A4-BDF8-43B6-883D-CA66BBF4C525}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2276C28-A644-468C-9D1A-982E9DA2B2B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D69AFF7B-DBE9-4E76-AA83-D16FDDEF1708}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB1D3DCA-6AE3-441E-A1CE-F94FF228690F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB63559F-4E7A-4EF4-B7AC-3EA82F89F75B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBCF00B1-0C23-425E-BB75-B9FA795F97C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBEF7B2B-802B-4FA2-8C4E-4A8B2BAABA92}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{DBFC49BA-7503-48AC-A85F-1564DD1622BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCB1CCEC-A9AD-4A1B-9F94-B5D64C231DBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFB88C51-C73C-40A9-842D-DD19043A7B45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1CE5135-5221-412F-8FB6-C3816CFBFF65}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{E505B36D-85DF-43E7-A6B7-3AD367849998}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{F2962BAE-A89A-49A0-8724-B5A368580945}" = protocol=6 | dir=in | app=c:\program files\incrediblecharts\incrediblecharts.exe |
"{F411CEC8-C0CA-40B3-9DD5-EAA181264550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F48FBB3F-B796-40D6-8A1B-E1EA6ACB2AA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F81CACEF-507B-46EC-B194-CAB0093C17DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F85E21FD-5FC0-45D5-995F-3B10F61DFB6D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{FCE209FE-9ABB-4046-8E37-B24BF37CE82F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0A525EB0-8CC5-46FC-A474-3E6CD1A0D5B2}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{1745C7C3-165C-4335-A847-0DD6C37D4753}C:\program files\factset\fdsrealtime.exe" = protocol=6 | dir=in | app=c:\program files\factset\fdsrealtime.exe |
"TCP Query User{3EFD020A-F4AD-469A-85A1-5097E58528CB}C:\program files\factset\marquee.exe" = protocol=6 | dir=in | app=c:\program files\factset\marquee.exe |
"TCP Query User{43096FFF-820C-4744-A9B4-A9FADDA1D643}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"TCP Query User{4CB03998-DE8F-489E-B59F-B39205948C80}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{5EC7B8BA-D3ED-461D-90E7-C15B8431DD37}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{76E0E49E-FCB3-4CDD-8EC9-148CBEB1D982}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7B760078-80C2-48F8-A84D-871B27F923AE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7FEA0144-9D20-4C46-84D8-703B09B75B23}F:\software ripristino dati\ghost11 x dos\ghostsrv.exe" = protocol=6 | dir=in | app=f:\software ripristino dati\ghost11 x dos\ghostsrv.exe |
"TCP Query User{91CCC3DE-D386-412B-96FC-6601FCB4C728}C:\vtrader\vt.exe" = protocol=6 | dir=in | app=c:\vtrader\vt.exe |
"TCP Query User{DDA49C36-C775-4EFA-90A4-16CD08DAFB8B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F053675A-6275-4BB0-98E3-5CE68F63A533}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{0168943D-AA0C-470A-859C-801407D9002A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{15C2EAA1-D265-4A17-B834-DCF6E2C73325}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{43D23E0D-66B8-4341-95EB-4FFA6655617D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6239C533-C136-41EF-98B2-A823596B83B1}F:\software ripristino dati\ghost11 x dos\ghostsrv.exe" = protocol=17 | dir=in | app=f:\software ripristino dati\ghost11 x dos\ghostsrv.exe |
"UDP Query User{7836F203-4C0F-4148-9A61-56B7B942F629}C:\program files\factset\marquee.exe" = protocol=17 | dir=in | app=c:\program files\factset\marquee.exe |
"UDP Query User{8ABCA974-5130-4545-AB46-F119AA9E6381}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{983202E2-C1E5-4416-A873-F6BBCF378DB7}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{A55D5083-6241-4FD4-BA97-C3D9D33437A4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DAA5CA85-4829-45D4-9A49-054986FF6165}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E11FB613-E35F-4172-B2B9-E01D61C8D216}C:\vtrader\vt.exe" = protocol=17 | dir=in | app=c:\vtrader\vt.exe |
"UDP Query User{EC4FCBAB-7E53-4B64-AA3B-4FB2431F9E17}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{EFD46543-E4BD-4CA8-B353-4FD9BD83D73E}C:\program files\factset\fdsrealtime.exe" = protocol=17 | dir=in | app=c:\program files\factset\fdsrealtime.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C96E247-970D-48F9-947A-1060A67BECC6}" = AVG 2014
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{134959C1-E63F-11D5-87EF-444553540000}_is1" = IncredibleCharts Pro
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}" = OptionsOracle
"{2C682D4F-D308-40C1-80F2-B6D283CD1FE5}" = FactSet
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7057
"{3F92E335-E229-4BFB-B46F-0D9620F0C6A3}" = Morningstar Direct Prerequisite 3.14
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}" = LaCie Backup Software v1.7.2893
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6317BB68-0331-355B-864F-A92A26952B22}" = Microsoft .NET Framework 4.5.1 (ITA)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69833D2A-A3A1-449B-ADF7-5FEBFE48FC55}" = Panda Cloud Antivirus
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7468ACCE-6FA8-4794-90B9-C28BD9CC79DD}" = Citrix Receiver Updater
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROPLUS_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROPLUS_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROPLUS_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROPLUS_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROPLUS_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROPLUS_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_PROPLUS_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROPLUS_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040" = Microsoft .NET Framework 4.5.1 (Italiano)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Chiavetta Internet
"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A94F139F-DC3B-4F81-9E06-2A0996932308}" = Morningstar Direct
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Italiano
"{AD0BF9C0-E5E6-4FF4-8C6A-68CC42B0797D}" = AVG 2014
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Software di supporto)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F367B304-A928-4A5F-AA9F-8E59FE81DA7A}" = OGA Notifier 1.7.0105.0
"2841-5017-1617-4151" = Snapform Viewer 1.7.32
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AVG" = AVG 2014
"Clipper ADSL USB Modem" = Clipper ADSL USB Modem
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"FXCM Trading Station" = FXCM Trading Station
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"Indeo® software" = Indeo® software
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 28.0 (x86 it)" = Mozilla Firefox 28.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"PartyPokerIt" = PartyPoker.it
"PokerStars.it" = PokerStars.it
"PostgreSQL 8.4" = PostgreSQL 8.4
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"SitNGoWizard" = SitNGo Wizard
"SopCast" = SopCast 3.5.0
"SpeedOptimizer" = SpeedOptimizer
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"netbet.it" = netbet.it
"Titanpoker.it" = Titanbet.it Poker
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"netbet.it" = netbet.it
"Titanpoker.it" = Titanbet.it Poker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21/04/2014 3.14.59 | Computer Name = PC-Mirko | Source = PostgreSQL | ID = 0
Description = 2014-04-21 09:14:59 CESTFATAL:  the database system is starting up

 
Error - 21/04/2014 3.15.00 | Computer Name = PC-Mirko | Source = PostgreSQL | ID = 0
Description = 2014-04-21 09:15:00 CESTFATAL:  the database system is starting up

 
Error - 21/04/2014 3.15.16 | Computer Name = PC-Mirko | Source = WinMgmt | ID = 10
Description =
 
Error - 21/04/2014 3.28.03 | Computer Name = PC-Mirko | Source = PostgreSQL | ID = 0
Description = 2014-04-21 09:28:03 CESTFATAL:  the database system is starting up

 
Error - 21/04/2014 3.28.04 | Computer Name = PC-Mirko | Source = WinMgmt | ID = 10
Description =
 
Error - 21/04/2014 3.39.22 | Computer Name = PC-Mirko | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, modulo che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, codice eccezione 0xc00000fd, offset errore 0x00009469,  ID
processo 0x102c, data e ora di avvio dell'applicazione 0x01cf5d34bac7a007.
 
Error - 21/04/2014 3.41.07 | Computer Name = PC-Mirko | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, modulo che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, codice eccezione 0xc00000fd, offset errore 0x00009469,  ID
processo 0xc2c, data e ora di avvio dell'applicazione 0x01cf5d3503085447.
 
Error - 21/04/2014 3.47.12 | Computer Name = PC-Mirko | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, modulo che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, codice eccezione 0xc00000fd, offset errore 0x00009469,  ID
processo 0xc20, data e ora di avvio dell'applicazione 0x01cf5d35d8325627.
 
Error - 21/04/2014 3.47.45 | Computer Name = PC-Mirko | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, modulo che ha generato l'errore FRST.exe, versione 3.3.10.2,
 timestamp 0x535424b4, codice eccezione 0xc00000fd, offset errore 0x00009469,  ID
processo 0x1648, data e ora di avvio dell'applicazione 0x01cf5d35f2ca2307.
 
Error - 21/04/2014 11.07.18 | Computer Name = PC-Mirko | Source = PostgreSQL | ID = 0
Description = 2014-04-21 17:07:17 CESTFATAL:  the database system is starting up

 
Error - 21/04/2014 11.07.20 | Computer Name = PC-Mirko | Source = WinMgmt | ID = 10
Description =
 
[ Dell Events ]
Error - 09/12/2012 11.21.52 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 09/02/2013 6.11.24 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 09/02/2013 6.11.24 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 21/05/2013 5.11.47 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 21/05/2013 5.11.47 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 09/02/2014 6.51.29 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 09/02/2014 6.51.29 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 09/02/2014 7.36.20 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 09/02/2014 7.36.20 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
Error - 19/04/2014 13.38.23 | Computer Name = PC-Mirko | Source = DataSafe | ID = 17
Description = Il processo è stato interrotto prima del suo completamento.
 
[ OSession Events ]
Error - 18/01/2014 14.02.12 | Computer Name = PC-Mirko | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12043
 seconds with 6900 seconds of active time.  This session ended with a crash.
 
[ SitNGoWizard Events ]
Error - 20/09/2010 15.58.51 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description =    in System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)     in System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)     in System.Windows.Forms.Control.Invoke(Delegate method)

   in SitNGoWizard.MainForm.onPokerSiteTimerTick(Object sender, EventArgs e)     in
 System.Windows.Forms.Timer.OnTick(EventArgs e)     in System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)     in System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 25/09/2010 12.51.07 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description = Impossibile chiamare Invoke o BeginInvoke su un controllo finché non
 viene creato un handle di finestra.
 
Error - 25/09/2010 12.51.07 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description =    in System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)     in System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)     in System.Windows.Forms.Control.Invoke(Delegate method)

   in SitNGoWizard.MainForm.onPokerSiteTimerTick(Object sender, EventArgs e)     in
 System.Windows.Forms.Timer.OnTick(EventArgs e)     in System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)     in System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 02/10/2010 12.00.30 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description = Impossibile chiamare Invoke o BeginInvoke su un controllo finché non
 viene creato un handle di finestra.
 
Error - 02/10/2010 12.00.30 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description =    in System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)     in System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)     in System.Windows.Forms.Control.Invoke(Delegate method)

   in SitNGoWizard.MainForm.onPokerSiteTimerTick(Object sender, EventArgs e)     in
 System.Windows.Forms.Timer.OnTick(EventArgs e)     in System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)     in System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 16/01/2011 15.25.59 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description = Impossibile chiamare Invoke o BeginInvoke su un controllo finché non
 viene creato un handle di finestra.
 
Error - 16/01/2011 15.26.00 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description =    in System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)     in System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)     in System.Windows.Forms.Control.Invoke(Delegate method)

   in SitNGoWizard.MainForm.onPokerSiteTimerTick(Object sender, EventArgs e)     in
 System.Windows.Forms.Timer.OnTick(EventArgs e)     in System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)     in System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 24/03/2012 7.17.11 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description = Impossibile chiamare Invoke o BeginInvoke su un controllo finché non
 viene creato un handle di finestra.
 
Error - 24/03/2012 7.17.11 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description =    in System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)     in System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)     in System.Windows.Forms.Control.Invoke(Delegate method)

   in SitNGoWizard.MainForm.onPokerSiteTimerTick(Object sender, EventArgs e)     in
 System.Windows.Forms.Timer.OnTick(EventArgs e)     in System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)     in System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 24/03/2012 7.17.20 | Computer Name = PC-Mirko | Source = SitNGoWizard | ID = 1
Description = Impossibile chiamare Invoke o BeginInvoke su un controllo finché non
 viene creato un handle di finestra.
 
[ System Events ]
Error - 21/04/2014 3.15.17 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21/04/2014 3.15.42 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21/04/2014 3.18.39 | Computer Name = PC-Mirko | Source = DCOM | ID = 10000
Description =
 
Error - 21/04/2014 3.26.27 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7043
Description =
 
Error - 21/04/2014 3.28.04 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21/04/2014 3.28.28 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21/04/2014 3.29.50 | Computer Name = PC-Mirko | Source = DCOM | ID = 10000
Description =
 
Error - 21/04/2014 4.12.23 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7031
Description =
 
Error - 21/04/2014 11.07.20 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21/04/2014 11.07.39 | Computer Name = PC-Mirko | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
 


Edited by tesorodifirenze, 21 April 2014 - 10:55 AM.


#11 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 21 April 2014 - 10:55 AM

OTL logfile created on: 21/04/2014 17.56.59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mirko\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,82% Memory free
4,38 Gb Paging File | 2,45 Gb Available in Paging File | 55,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,95 Gb Total Space | 69,61 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,85 Gb Free Space | 48,50% Space Free | Partition Type: NTFS
 
Computer Name: PC-MIRKO | User Name: Mirko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/21 17.55.11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirko\Downloads\OTL.exe
PRC - [2014/04/17 18.09.59 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Programmi\Java\jre7\bin\javaw.exe
PRC - [2014/03/19 22.17.52 | 004,971,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2014\avgui.exe
PRC - [2014/03/15 10.40.20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2014/02/23 22.22.30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2014\avgidsagent.exe
PRC - [2013/12/18 20.42.32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/05 13.48.12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2014\avgemcx.exe
PRC - [2013/11/25 23.03.56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/25 23.00.24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2014\avgnsx.exe
PRC - [2013/11/22 19.34.46 | 008,266,456 | ---- | M] () -- C:\Programmi\NETGEAR\WNA3100\WNA3100.exe
PRC - [2013/11/13 23.03.10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2014\avgrsx.exe
PRC - [2013/11/11 15.10.40 | 000,307,928 | ---- | M] () -- C:\Programmi\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2013/10/19 07.19.35 | 000,037,344 | ---- | M] (Panda Security, S.L.) -- C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2013/10/19 07.19.34 | 000,032,736 | ---- | M] (Panda Security, S.L.) -- C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2013/10/03 08.13.48 | 000,140,768 | ---- | M] (Panda Security, S.L.) -- C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2013/09/24 02.33.08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2014\avgwdsvc.exe
PRC - [2011/04/27 15.37.02 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Programmi\PC Tools Security\BDT\FGuard.exe
PRC - [2011/04/27 15.37.00 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Programmi\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/08/20 16.53.08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Programmi\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/20 23.36.02 | 000,783,680 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/06/10 14.42.44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programmi\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/20 16.27.24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/03/09 01.42.02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programmi\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 01.40.36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programmi\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 21.11.30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Programmi\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 09.22.56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programmi\Browny02\BrYNSvc.exe
PRC - [2009/09/08 09.48.55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 09.47.07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/04/11 08.27.45 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009/04/11 08.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08.27.28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/05 16.07.20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15.31.10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programmi\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/04 15.58.04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programmi\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 15.58.02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programmi\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/21 04.25.33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 04.25.33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnscfg.exe
PRC - [2007/11/29 13.46.02 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Programmi\Microsoft Works\WkCalRem.exe
PRC - [2007/05/11 15.26.44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/18 18.05.26 | 000,376,832 | ---- | M] (Conexant Systems, Inc.) -- C:\Programmi\Atlantis Land\Adsl\DslStat.exe
PRC - [2006/12/18 17.50.30 | 000,090,112 | ---- | M] () -- C:\Programmi\Atlantis Land\Adsl\dslagent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/15 10.40.38 | 003,642,480 | ---- | M] () -- C:\Programmi\Mozilla Firefox\mozjs.dll
MOD - [2014/02/15 11.46.07 | 001,536,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\3e071a36ead55a5e50a200d99059539b\MMCEx.ni.dll
MOD - [2014/02/15 11.43.41 | 006,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\ff66439cc8e8d52cc6b8c5da18cde87e\MIGUIControls.ni.dll
MOD - [2014/02/15 11.43.34 | 000,285,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\e523ba232470880c646be3a0587857cb\MMCFxCommon.ni.dll
MOD - [2014/02/15 11.43.31 | 000,558,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\c53cea3f3d8a38db8df9916446e1da12\Microsoft.ManagementConsole.ni.dll
MOD - [2014/02/15 11.43.28 | 000,543,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\e0c651a7440c0f9b846a455fc219c012\EventViewer.ni.dll
MOD - [2014/02/15 11.40.57 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\73726634ae4a00a21279a6a66b081301\System.ServiceProcess.ni.dll
MOD - [2014/02/15 11.40.44 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2183861863b3c98036f0d75f303d2a65\System.Web.ni.dll
MOD - [2014/02/15 11.39.46 | 002,518,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4f2a809fa5d7579211760479e66e7b3a\System.Data.SqlXml.ni.dll
MOD - [2014/02/15 11.39.40 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/15 10.00.47 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/15 10.00.19 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/15 10.00.06 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/15 09.55.56 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/15 09.54.43 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2013/11/22 19.34.46 | 008,266,456 | ---- | M] () -- C:\Programmi\NETGEAR\WNA3100\WNA3100.exe
MOD - [2013/11/01 17.31.02 | 000,278,528 | ---- | M] () -- C:\Programmi\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2010/07/20 23.36.02 | 000,783,680 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/20 23.34.20 | 000,079,168 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/20 23.34.00 | 000,075,072 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/20 23.33.58 | 000,111,936 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/20 23.33.52 | 000,121,152 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/20 23.33.50 | 000,128,320 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/20 23.33.46 | 000,234,816 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/20 23.33.22 | 001,123,648 | ---- | M] () -- C:\Programmi\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/03/15 11.28.22 | 000,141,824 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll
MOD - [2009/03/31 20.04.04 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/02/27 17.38.20 | 000,139,264 | R--- | M] () -- C:\Programmi\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/01/21 08.23.49 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\EventViewer.resources\6.0.0.0_it_31bf3856ad364e35\EventViewer.resources.dll
MOD - [2008/01/21 08.23.09 | 001,499,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MIGUIControls.resources\1.0.0.0_it_31bf3856ad364e35\MIGUIControls.resources.dll
MOD - [2008/01/21 08.19.17 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MMCEx.resources\3.0.0.0_it_31bf3856ad364e35\MMCEx.resources.dll
MOD - [2006/12/18 18.05.44 | 000,331,776 | ---- | M] () -- C:\Programmi\Atlantis Land\Adsl\DbgMode.dll
MOD - [2006/12/18 17.50.30 | 000,090,112 | ---- | M] () -- C:\Programmi\Atlantis Land\Adsl\dslagent.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/04/20 09.41.39 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/15 10.40.31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/23 22.22.30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/01/22 19.20.20 | 000,112,936 | ---- | M] (Panda Security S.L.) [Auto | Stopped] -- C:\Windows\System32\PCloudCleanerService.EXE -- (PCloudCleanerService)
SRV - [2013/12/18 20.42.32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/11 15.10.40 | 000,307,928 | ---- | M] () [Auto | Running] -- C:\Programmi\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2013/10/23 09.15.08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/19 07.19.35 | 000,037,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2013/10/03 08.13.48 | 000,140,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2013/09/24 02.33.08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 06.18.24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/29 12.38.23 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/04/27 15.37.00 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programmi\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/20 16.53.08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Programmi\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 16.27.24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/09 01.40.36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programmi\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 09.22.56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programmi\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/08 09.48.55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/01/08 11.54.21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 15.58.04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/21 04.25.33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmi\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/21 04.23.32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Active Shield 5\ActiveShield.sys -- (DriverAS)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\DasBootF.SYS -- (DasBootF)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\DasBoot.SYS -- (DasBoot)
DRV - [2014/01/19 22.46.54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 22.56.22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 22.56.22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 22.49.18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/01 00.00.28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 23.30.08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/17 21.31.30 | 000,145,640 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2013/10/11 11.46.25 | 000,097,512 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSINReg.sys -- (PSINReg)
DRV - [2013/10/11 11.45.28 | 000,127,720 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2013/10/11 11.45.28 | 000,114,920 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2013/10/11 11.45.27 | 000,175,848 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2013/10/11 11.45.27 | 000,105,704 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2013/10/04 21.23.18 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/10/01 01.49.38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 01.43.20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16.08.52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/05/29 05.55.11 | 000,230,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2013/05/29 05.55.11 | 000,108,904 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2013/05/29 05.55.11 | 000,093,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2013/05/29 05.55.10 | 000,287,336 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2013/05/29 05.55.10 | 000,161,384 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2013/05/29 05.55.10 | 000,106,344 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2013/05/29 05.55.09 | 000,124,648 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2013/05/29 05.55.09 | 000,095,464 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2013/05/29 05.55.09 | 000,061,672 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2013/05/29 05.55.08 | 000,126,184 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2013/05/29 05.55.08 | 000,107,752 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV - [2013/05/29 05.55.08 | 000,084,200 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2013/04/29 09.17.34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2011/12/12 17.37.00 | 001,074,944 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2010/05/20 16.27.24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/02/03 11.21.56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/01/12 09.12.56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/01/04 17.29.50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2007/04/29 10.42.24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/01/19 18.20.54 | 000,021,728 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2006/11/02 09.36.43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 19.50.00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/09/22 17.31.32 | 000,158,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gwausb.sys -- (wanusb)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it...=it&ibd=4090108
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programmi\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\SearchScopes\{8341375F-631F-4D7B-8B83-2856C5DA266C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\SearchScopes\{97537D37-6573-4571-87BA-9D137FD9FF93}: "URL" = http://websearch.ask...9D-2DD1AE9BDAB9
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\SearchScopes\{A200D0C3-D2CE-4035-B70F-58829AE16647}: "URL" = http://it.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it...=it&ibd=4090108
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programmi\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{8341375F-631F-4D7B-8B83-2856C5DA266C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/sta...q={searchTerms}
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://avg.nation.co...search/web?cid={58D5E1B8-57FE-41C0-B3C7-356467E5544E}&mid=f7e109fa21d647d6999bd16836ee7dfe-93272e53cad5c2b1ecd8ee01f6070f5a44561c89&lang=it&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 22:13:26&v=17.0.1.7&pid=nation&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{97537D37-6573-4571-87BA-9D137FD9FF93}: "URL" = http://websearch.ask...9D-2DD1AE9BDAB9
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{A200D0C3-D2CE-4035-B70F-58829AE16647}: "URL" = http://it.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.80
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/...7&dt=072013&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/06/14 21.56.10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/30 09.46.48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/30 09.46.56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2009/01/20 20.53.32 | 000,000,000 | ---D | M]
 
[2009/01/15 21.32.58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Extensions
[2014/04/21 18.02.04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirko\AppData\Roaming\mozilla\Firefox\Profiles\4vtprre0.default\extensions
[2011/07/28 11.38.53 | 000,002,023 | ---- | M] () -- C:\Users\Mirko\AppData\Roaming\mozilla\firefox\profiles\4vtprre0.default\searchplugins\badoo.xml
[2014/03/30 09.46.46 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2014/04/20 09.30.04 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/18 20.28.56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://it.msn.com/?p...97DHP&dt=072013
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Mirko\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Google Wallet = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_2\
CHR - Extension: Google Wallet = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_3\
CHR - Extension: Google Wallet = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_4\
CHR - Extension: Gmail = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: AVG PrivacyFix = C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\5.0.8_0\
 
O1 HOSTS File: ([2006/09/18 23.41.30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programmi\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Programmi\Atlantis Land\Adsl\dslagent.exe ()
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\Atlantis Land\Adsl\dslstat.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Programmi\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programmi\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programmi\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\LaCieBackup.exe (LaCie SA)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe (Badoo)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\LaCieBackup.exe (LaCie SA)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Programmi\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programmi\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm ()
O8 - Extra context menu item: Apri con PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: incrediblecharts.com ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..Trusted Domains: /// ([]fdstp2 in Siti attendibili)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..Trusted Domains: factset.com ([]https in Siti attendibili)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..Trusted Domains: incrediblecharts.com ([*] * in Siti attendibili)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..Trusted Domains: lionshares.com ([]http in Siti attendibili)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..Trusted Domains: incrediblecharts.com ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B6D56A0-92D3-46A3-9E61-D633306C5BD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2F5F7E-E421-4781-91F4-30278B49EA9F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2F5F7E-E421-4781-91F4-30278B49EA9F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\fdstp2 {EDA30510-6AD8-11d2-A1A4-00805F0F0690} - C:\Programmi\FactSet\fdstp.dll (FactSet Research Systems, Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programmi\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mirko\Documents\lupo.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mirko\Documents\lupo.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18.01.00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{392911b5-bb28-11de-8590-0021700a940d}\Shell\AutoRun\command - "" = F:\2sm66r.exe
O33 - MountPoints2\{392911b5-bb28-11de-8590-0021700a940d}\Shell\open\Command - "" = F:\2sm66r.exe
O34 - HKLM BootExecute: (PCloudBroom.exe \systemroot\system32\BroomData.bit)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()
NetSvcs: spread.com/", 3.2962989125217765 ] ], [ "http://cdn.turn.com/", [ "http://cm.g.doubleclick.net/", 1.337640963022784, "http://d.turn.com/", 2.084686339270529, "http://ibeu2.mookie1.com/", 2.084686339270529, "http://tacoda.at.atwola.com/", 2.084686339270529 ] ], [ "http://chess.com/", [ "http://www.chess.com/", 1.7371285392759315 ] ], [ "http://ct1.addthis.com/", [ "http://m.addthisedge.com/", 1.1412822383847379 ] ], [ "http://d2js -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/21 17.07.32 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2014/04/21 09.38.55 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/21 08.59.06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/20 09.30.06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/04/19 18.21.14 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Users\Mirko\Desktop\startuplite-setup-1.07.exe
[2014/04/19 17.35.12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/19 15.04.34 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/19 15.04.11 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\mbar
[2014/04/19 10.25.20 | 000,000,000 | ---D | C] -- C:\Users\Mirko\Desktop\Dettagli x forum virus
[2014/04/19 08.45.56 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2014/04/19 08.45.55 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2014/04/17 18.12.06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/04/17 18.11.55 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/17 18.10.45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/17 18.10.41 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/17 18.10.40 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/17 18.10.37 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/10 21.06.21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/10 21.06.19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/04/10 21.06.19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/04/10 21.06.17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/04/10 21.06.16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/04/10 21.06.13 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/04/10 21.06.13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/04/10 21.06.09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/04/07 18.25.01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/30 09.46.44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/27 20.21.31 | 000,000,000 | ---D | C] -- C:\Users\Mirko\AppData\Local\Skype
[2014/03/27 20.20.44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/27 20.20.40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/03/27 20.20.38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/03/23 19.36.43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2014/03/23 19.36.42 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2014/03/23 19.36.42 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2014/03/23 19.36.41 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2014/03/23 19.36.41 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2014/03/23 19.36.40 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2014/03/23 19.36.40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2014/03/23 19.36.39 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2014/03/23 19.36.38 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2014/03/23 19.36.37 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2014/03/23 19.36.37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2014/03/23 19.36.37 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2014/03/23 19.36.36 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2014/03/23 19.36.35 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2014/03/23 19.36.35 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2014/03/23 19.36.34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2014/03/23 19.36.34 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2014/03/23 19.36.33 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2014/03/23 19.36.31 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2014/03/23 19.36.31 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2014/03/23 19.36.30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2014/03/23 19.36.30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2014/03/23 19.36.30 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2014/03/23 19.36.30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2014/03/23 19.36.29 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2014/03/23 19.36.28 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2014/03/23 19.36.28 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2014/03/23 19.36.28 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2014/03/23 19.36.27 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2014/03/23 19.36.27 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2014/03/23 19.36.26 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2014/03/23 19.36.26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2014/03/23 19.36.26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2014/03/23 19.36.25 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2014/03/23 19.36.25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2014/03/23 19.36.24 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2014/03/23 19.36.24 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2014/03/23 19.36.23 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2014/03/23 19.36.23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2014/03/23 19.36.23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2014/03/23 19.36.23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2014/03/23 19.36.22 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2014/03/23 19.36.21 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2014/03/23 19.36.21 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2014/03/23 19.36.20 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2014/03/23 19.36.20 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2014/03/23 19.36.20 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2014/03/23 19.36.19 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2014/03/23 19.36.19 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2014/03/23 19.36.18 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2014/03/23 19.36.18 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2014/03/23 19.36.17 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2014/03/23 19.36.16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2014/03/23 19.36.16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2014/03/23 19.36.16 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2014/03/23 19.36.15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2014/03/23 19.36.14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2014/03/23 19.36.14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2014/03/23 19.36.14 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2014/03/23 19.36.14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2014/03/23 19.36.13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2014/03/23 19.36.13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2014/03/23 19.36.12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2014/03/23 19.36.12 | 000,261,480 | ---- | C] (Microsoft Corpora


#12 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 21 April 2014 - 11:01 AM

continue...

 

2014/03/23 19.36.12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2014/03/23 19.36.12 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2014/03/23 19.36.11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2014/03/23 19.36.11 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2014/03/23 19.36.09 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2014/03/23 19.36.09 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2014/03/23 19.36.08 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2014/03/23 19.36.08 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2014/03/23 19.36.07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2014/03/23 19.36.07 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2014/03/23 19.36.07 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2014/03/23 19.36.06 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2014/03/23 19.36.06 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2014/03/23 19.36.03 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2014/03/23 19.36.03 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2014/03/23 19.36.02 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2014/03/23 19.35.53 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2014/03/23 19.35.52 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2014/03/23 19.35.52 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2014/03/23 19.35.51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2014/03/23 19.35.51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2014/03/23 19.35.50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2014/03/23 19.35.50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2014/03/23 19.35.49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2014/03/23 19.35.49 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2014/03/23 19.31.39 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2 C:\Users\Mirko\Documents\*.tmp files -> C:\Users\Mirko\Documents\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/21 18.04.36 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/21 17.40.00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/21 17.07.12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 17.07.11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 17.07.10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/04/21 17.07.09 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/21 17.06.58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/20 09.41.39 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/20 09.41.39 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/20 09.30.16 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/19 19.39.22 | 000,744,674 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2014/04/19 19.39.22 | 000,660,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/19 19.39.22 | 000,156,932 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2014/04/19 19.39.22 | 000,130,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/19 18.21.15 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\Mirko\Desktop\startuplite-setup-1.07.exe
[2014/04/19 17.34.37 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/17 18.10.06 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/17 18.09.59 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/17 18.09.59 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/17 18.09.59 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/13 17.09.07 | 000,771,172 | ---- | M] () -- C:\Users\Mirko\Desktop\mirkoporciatti.pdf
[2014/04/10 19.49.51 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/07 18.25.01 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/05 08.02.52 | 000,000,926 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2014/04/05 08.02.52 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
[2014/03/27 20.20.44 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Users\Mirko\Documents\*.tmp files -> C:\Users\Mirko\Documents\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/20 09.30.16 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/20 09.30.16 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/13 17.08.54 | 000,771,172 | ---- | C] () -- C:\Users\Mirko\Desktop\mirkoporciatti.pdf
[2014/03/27 20.20.44 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/01 13.07.04 | 000,000,008 | RH-- | C] () -- C:\Users\Mirko\hwid
[2014/02/15 11.26.05 | 000,031,848 | ---- | C] () -- C:\Windows\System32\drivers\DasPtct.SYS
[2013/11/22 18.16.04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013/11/22 18.15.58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013/11/22 18.15.56 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2013/10/06 18.23.32 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/10/27 13.31.47 | 000,278,327 | ---- | C] () -- C:\Users\Mirko\AppData\Local\census.cache
[2012/10/27 13.31.09 | 000,187,702 | ---- | C] () -- C:\Users\Mirko\AppData\Local\ars.cache
[2012/10/27 12.57.34 | 000,000,036 | ---- | C] () -- C:\Users\Mirko\AppData\Local\housecall.guid.cache
[2012/08/04 08.48.01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 08.48.01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 08.48.01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 08.48.01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 08.48.01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/03 22.02.30 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/06/16 12.57.01 | 000,017,920 | ---- | C] () -- C:\Users\Mirko\eurodollaro_serie BCE tasse.wps
[2012/06/16 12.48.11 | 000,009,690 | ---- | C] () -- C:\Users\Mirko\trading trasferimenti Optionxpress.htm
[2012/06/14 21.51.20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/11/12 17.05.27 | 001,519,374 | ---- | C] () -- C:\Users\Mirko\4c5f73fdac37326c71be82566705d20eaa0357a5.1519374.bfr
[2011/09/16 21.36.22 | 000,830,780 | ---- | C] () -- C:\Users\Mirko\4c5f73fdac37326c71be82566705d20eaa0357a5.830780.bfr
[2011/09/16 21.36.01 | 000,903,138 | ---- | C] () -- C:\Users\Mirko\137dcec497195320762b123526ca6d15eba54c75.903138.bfr
[2011/06/30 17.37.27 | 000,072,080 | ---- | C] () -- C:\Users\Mirko\g2mdlhlpx.exe
[2010/02/20 17.40.52 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/01 01.10.57 | 000,000,000 | ---- | C] () -- C:\Users\Mirko\AppData\Local\prvlcl.dat
[2009/12/01 00.57.06 | 000,000,680 | ---- | C] () -- C:\Users\Mirko\AppData\Local\d3d9caps.dat
[2009/09/19 12.49.19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/28 19.52.43 | 000,008,602 | ---- | C] () -- C:\Users\Mirko\AppData\Roaming\wklnhst.dat
[2009/01/25 16.49.39 | 000,000,093 | ---- | C] () -- C:\Users\Mirko\AppData\Local\fusioncache.dat
[2009/01/17 13.14.08 | 000,032,256 | ---- | C] () -- C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 14.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/10/15 19.40.07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/15 19.40.07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/05/21 10.09.31 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Ad-Aware Antivirus
[2013/10/26 19.54.01 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\AVG2014
[2013/02/28 08.04.26 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\cef-cache
[2013/11/30 12.10.00 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ControlCenter4
[2011/02/13 00.10.28 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\f-secure
[2011/02/24 20.16.45 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\FXTS2
[2012/06/15 09.51.55 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\go
[2011/09/12 09.01.10 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\HEM Data
[2013/01/07 22.15.11 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\ICAClient
[2009/01/25 16.49.42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\LaCie
[2013/11/27 20.54.50 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Nuance
[2010/11/28 13.47.14 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\OptionsOracle
[2014/03/22 11.21.33 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Panda Security
[2012/09/07 20.28.42 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PartyItalia
[2011/12/04 18.32.20 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\PCToolsFirewallPlus
[2013/08/04 20.48.18 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\People's Poker by IgameLab.it
[2014/04/16 21.08.06 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\QuickScan
[2009/01/28 19.52.50 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Template
[2012/09/21 19.47.00 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\TuneUp Software
[2013/11/27 20.55.12 | 000,000,000 | ---D | M] -- C:\Users\Mirko\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 11.46.02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 04.24.17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 04.24.14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 08.28.23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 08.28.18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 16.12.25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 08.28.19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 04.24.36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 06.16.55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 08.28.24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 08.28.18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 17.44.27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 04.25.01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 08.28.19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 04.24.09 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 08.28.20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 08.28.24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 04.24.54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 04.24.11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 04.24.23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 04.23.44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 04.24.47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 08.28.25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 16.11.37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 16.12.25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 08.28.19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 04.24.19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 08.28.24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 08.28.24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 04.24.35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 16.12.25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 08.28.26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 18.20.29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 13.47.42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 08.27.49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 20.55.12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 08.28.24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 13.47.42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 08.28.23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 08.28.10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 08.28.18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 08.28.18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 04.23.27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 04.23.32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 08.28.25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 08.28.20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 08.28.25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 08.27.45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 08.28.25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 00.19.17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 08.28.18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 21.01.42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 13.42.23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 08.20.29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08.29.41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05.59.17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04.15.02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04.24.24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: SERVICES  >
[2006/09/18 23.41.30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 23.41.30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.ASFX  >
[2013/12/18 20.42.50 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX15  >
[2011/06/06 13.55.32 | 000,000,614 | R--- | M] () MD5=DCAF5E14A41328B2A5976377D7DDD969 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\services.asfx15
 
< MD5 for: SERVICES.CFG  >
[2013/12/18 20.42.40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13.55.30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2008/01/21 04.24.48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 08.27.59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 08.27.59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2008/01/21 08.20.00 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=22C896B19E30F10290ECD64EC36D5CD8 -- C:\Windows\System32\it-IT\services.exe.mui
[2008/01/21 08.20.00 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=22C896B19E30F10290ECD64EC36D5CD8 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_it-it_f4714e44f3350a72\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2008/01/21 04.42.58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 04.42.58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2013/07/21 19.33.09 | 000,000,427 | ---- | M] () MD5=88F002DF04327B5535B74A9494791675 -- C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\48NGX3U9\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 23.46.11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 23.46.11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 23.46.11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2008/01/21 08.19.15 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\System32\it-IT\services.msc
[2008/01/21 08.19.15 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_it-it_2eb31e30c99ea465\services.msc
[2006/09/18 23.29.40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/09/18 23.29.40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: SERVICES.PDF_IMG  >
[2013/09/06 00.29.50 | 000,001,597 | ---- | M] () MD5=B7CC42303C144749CB04D11A7846B9CF -- C:\Program Files\Morningstar\Direct\WWWRoot\ReportImages\services.pdf_img
 
< MD5 for: SERVICES.SBS  >
[2013/07/16 13.21.30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: SVCHOST.EXE  >
[2008/01/21 04.23.43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04.23.43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14.50.32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/01/21 04.24.49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04.24.49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 08.28.13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08.28.13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14.50.32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 04.24.49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2006/11/02 09.10.22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 09.10.22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 09.10.22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >
 



#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 22 April 2014 - 07:41 AM

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
  • Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

    Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1000\..\SearchScopes\{97537D37-6573-4571-87BA-9D137FD9FF93}: "URL" = http://websearch.ask...9D-2DD1AE9BDAB9
    IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found
    IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://avg.nation.co...search/web?cid={58D5E1B8-57FE-41C0-B3C7-356467E5544E}&mid=f7e109fa21d647d6999bd16836ee7dfe-93272e53cad5c2b1ecd8ee01f6070f5a44561c89&lang=it&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-28 22:13:26&v=17.0.1.7&pid=nation&sg=0&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\SearchScopes\{97537D37-6573-4571-87BA-9D137FD9FF93}: "URL" = http://websearch.ask...9D-2DD1AE9BDAB9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - user.js - File not found
    O3 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-753316083-1099532342-3845148089-1004\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O33 - MountPoints2\{392911b5-bb28-11de-8590-0021700a940d}\Shell\AutoRun\command - "" = F:\2sm66r.exe
    O33 - MountPoints2\{392911b5-bb28-11de-8590-0021700a940d}\Shell\open\Command - "" = F:\2sm66r.exe
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9662AE0
    
    
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    Restart the computer normally.

    Let me know if the problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 22 April 2014 - 11:05 AM

Hi, i had problems installing flash disinfector.

The first time it told me the a file "nicmcdr" (don't remember well the name) wasn't installed correctly, then a message appeared saying that "the program could not be installed properly" and I have to decide to reinstall or hold it.

I tried to reinstall, but even if I launch it, the window doesnt' appear.

I don't find it in the program panel, how can i remove it completely and try to reinstall again?



#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 22 April 2014 - 02:47 PM

run the OTL fix and let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 23 April 2014 - 11:48 AM

Unfortunately it continues to go slow. If i open just 1 browser window, max 2 it works, but if i try 3-4 pages togheter it freezes. I'm starting to believe that maybe 2GB ram is too low and I should add extra 2 GB extensions.

 

I copy the OTL log

 

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{97537D37-6573-4571-87BA-9D137FD9FF93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97537D37-6573-4571-87BA-9D137FD9FF93}\ not found.
Registry value HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.
Registry key HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1004\Software\Microsoft\Internet Explorer\SearchScopes\{97537D37-6573-4571-87BA-9D137FD9FF93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97537D37-6573-4571-87BA-9D137FD9FF93}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry value HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-753316083-1099532342-3845148089-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{392911b5-bb28-11de-8590-0021700a940d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{392911b5-bb28-11de-8590-0021700a940d}\ not found.
File F:\2sm66r.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{392911b5-bb28-11de-8590-0021700a940d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{392911b5-bb28-11de-8590-0021700a940d}\ not found.
File F:\2sm66r.exe not found.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A9662AE0 deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 04232014_185055
 



#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 24 April 2014 - 06:13 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 25 April 2014 - 04:29 AM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Mirko (administrator) on 25-04-2014 at 12:26:27
Running from "C:\Users\Mirko\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Connessione alla rete locale (LAN) (Media disconnected)


# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# Fine configurazione IPv4



Configurazione IP di Windows

   Nome host . . . . . . . . . . . . . . : PC-Mirko
   Suffisso DNS primario . . . . . . . . :
   Tipo nodo . . . . . . . . . . . . . . : Sconosciuto
   Routing IP abilitato. . . . . . . . . : No
   Proxy WINS abilitato . . . . . . . .  : No

Scheda LAN wireless Connessione rete wireless:

   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : NETGEAR WNA3100 N300 Wireless USB Adapter
   Indirizzo fisico. . . . . . . . . . . : 9C-D3-6D-FD-37-1F
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::742c:fd46:e83c:a660%25(Preferenziale)
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.2(Preferenziale)
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Lease ottenuto. . . . . . . . . . . . : venerd 25 aprile 2014 12.17.24
   Scadenza lease . . . . . . . . . . .  : sabato 26 aprile 2014 12.17.23
   Gateway predefinito . . . . . . . . . : 192.168.1.1
   Server DHCP . . . . . . . . . . . . . : 192.168.1.1
   IAID DHCPv6 . . . . . . . . . . . : 496817005
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-10-F7-80-1F-00-21-70-0A-94-0D
   Server DNS . . . . . . . . . . . . .  : 8.8.8.8
                                           8.8.4.4
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Ethernet Connessione alla rete locale (LAN):

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
   Indirizzo fisico. . . . . . . . . . . : 00-21-70-0A-94-0D
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S

Scheda Tunnel Connessione alla rete locale (LAN)*:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S

Scheda Tunnel Connessione alla rete locale (LAN)* 6:

   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Indirizzo fisico. . . . . . . . . . . : 02-00-54-55-4E-01
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:9d38:6abd:8c7:2081:3f57:fefd(Preferenziale)
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::8c7:2081:3f57:fefd%10(Preferenziale)
   Gateway predefinito . . . . . . . . . : ::
   NetBIOS su TCP/IP . . . . . . . . . . : Disattivato

Scheda Tunnel Connessione alla rete locale (LAN)* 21:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : isatap.{3B6D56A0-92D3-46A3-9E61-D633306C5BD2}
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S

Scheda Tunnel Connessione alla rete locale (LAN)* 11:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : 6TO4 Adapter
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S

Scheda Tunnel Connessione alla rete locale (LAN)* 12:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Scheda Microsoft 6to4 #2
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S

Scheda Tunnel Connessione alla rete locale (LAN)* 7:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : isatap.{8E2F5F7E-E421-4781-91F4-30278B49EA9F}
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Nome:    google.com
Addresses:  2a00:1450:4002:800::1006
      173.194.116.9
      173.194.116.1
      173.194.116.3
      173.194.116.5
      173.194.116.2
      173.194.116.14
      173.194.116.7
      173.194.116.0
      173.194.116.8
      173.194.116.4
      173.194.116.6



Esecuzione di Ping google.com [173.194.116.9] con 32 byte di dati:

Risposta da 173.194.116.9: byte=32 durata=19ms TTL=55

Risposta da 173.194.116.9: byte=32 durata=25ms TTL=55



Statistiche Ping per 173.194.116.9:

    Pacchetti: Trasmessi = 2, Ricevuti = 2,

    Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

    Minimo = 19ms, Massimo =  25ms, Medio =  22ms

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Nome:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45



Esecuzione di Ping yahoo.com [206.190.36.45] con 32 byte di dati:

Risposta da 206.190.36.45: byte=32 durata=207ms TTL=47

Risposta da 206.190.36.45: byte=32 durata=238ms TTL=46



Statistiche Ping per 206.190.36.45:

    Pacchetti: Trasmessi = 2, Ricevuti = 2,

    Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

    Minimo = 207ms, Massimo =  238ms, Medio =  222ms



Esecuzione di Ping 127.0.0.1 con 32 byte di dati:

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128



Statistiche Ping per 127.0.0.1:

    Pacchetti: Trasmessi = 2, Ricevuti = 2,

    Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

    Minimo = 0ms, Massimo =  0ms, Medio =  0ms

===========================================================================
Elenco interfacce
 25 ...9c d3 6d fd 37 1f ...... NETGEAR WNA3100 N300 Wireless USB Adapter
 11 ...00 21 70 0a 94 0d ...... Intel® 82562V-2 10/100 Network Connection
  1 ........................... Software Loopback Interface 1
 23 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #3
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 24 ...00 00 00 00 00 00 00 e0  isatap.{3B6D56A0-92D3-46A3-9E61-D633306C5BD2}
 20 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 22 ...00 00 00 00 00 00 00 e0  Scheda Microsoft 6to4 #2
 26 ...00 00 00 00 00 00 00 e0  isatap.{8E2F5F7E-E421-4781-91F4-30278B49EA9F}
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Route permanenti:
  Nessuna

IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
 10     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 10     18 2001::/32                On-link
 10    266 2001:0:9d38:6abd:8c7:2081:3f57:fefd/128
                                    On-link
 25    281 fe80::/64                On-link
 10    266 fe80::/64                On-link
 10    266 fe80::8c7:2081:3f57:fefd/128
                                    On-link
 25    281 fe80::742c:fd46:e83c:a660/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
 25    281 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/25/2014 00:17:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 00:17:29 PM) (Source: PostgreSQL) (User: )
Description: 2014-04-25 12:17:29 CESTFATAL:  the database system is starting up

Error: (04/23/2014 07:54:47 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore firefox.exe, versione 28.0.0.5186, timestamp 0x53240e37, modulo che ha generato l'errore xul.dll, versione 28.0.0.5186, timestamp 0x53240e04, codice eccezione 0xc0000005, offset errore 0x00184729,
ID processo 0x10a0, data e ora di avvio dell'applicazione 0xfirefox.exe0.

Error: (04/23/2014 07:28:47 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore plugin-container.exe, versione 28.0.0.5186, timestamp 0x53240e5d, modulo che ha generato l'errore mozalloc.dll, versione 28.0.0.5186, timestamp 0x5323e5ef, codice eccezione 0x80000003, offset errore 0x0000119c,
ID processo 0x1f64, data e ora di avvio dell'applicazione 0xplugin-container.exe0.

Error: (04/23/2014 06:58:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:58:31 PM) (Source: PostgreSQL) (User: )
Description: 2014-04-23 18:58:31 CESTFATAL:  the database system is starting up

Error: (04/23/2014 06:58:29 PM) (Source: PostgreSQL) (User: )
Description: 2014-04-23 18:58:29 CESTFATAL:  the database system is starting up

Error: (04/23/2014 06:35:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:35:24 PM) (Source: PostgreSQL) (User: )
Description: 2014-04-23 18:35:24 CESTFATAL:  the database system is starting up

Error: (04/22/2014 06:52:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/25/2014 00:17:54 PM) (Source: Service Control Manager) (User: )
Description: DasBoot
DasBootF
Lbd
PRSBDRVR

Error: (04/25/2014 00:17:32 PM) (Source: Service Control Manager) (User: )
Description: Active Shield Kernel Part%%2

Error: (04/23/2014 07:56:47 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent

Error: (04/23/2014 07:56:13 PM) (Source: Service Control Manager) (User: )
Description: 30000avgwd

Error: (04/23/2014 06:58:59 PM) (Source: Service Control Manager) (User: )
Description: DasBoot
DasBootF
Lbd
PRSBDRVR

Error: (04/23/2014 06:58:43 PM) (Source: Service Control Manager) (User: )
Description: Active Shield Kernel Part%%2

Error: (04/23/2014 06:35:46 PM) (Source: Service Control Manager) (User: )
Description: DasBoot
DasBootF
Lbd
PRSBDRVR

Error: (04/23/2014 06:35:25 PM) (Source: Service Control Manager) (User: )
Description: Active Shield Kernel Part%%2

Error: (04/22/2014 07:13:34 PM) (Source: Service Control Manager) (User: )
Description: Panda Cloud Antivirus Service101Riavvia il servizio

Error: (04/22/2014 06:53:00 PM) (Source: Service Control Manager) (User: )
Description: DasBoot
DasBootF
Lbd
PRSBDRVR


Microsoft Office Sessions:
=========================
Error: (01/18/2014 08:02:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12043 seconds with 6900 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-04-21 18:35:44.181
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:43.485
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:42.851
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:42.228
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:41.386
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:40.593
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:39.945
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:39.257
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:38.384
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-04-21 18:35:37.768
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


**** End of log ****



#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 25 April 2014 - 06:16 AM

The included Regfixes will reset the NetSvcs key to default values. Windows Vista only.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Vista and Seven - http://www.howtogeek...system-restore/


; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste all the text in the code box into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
  63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,\
  00,72,00,74,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,43,00,65,00,\
  72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,\
  00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,\
  6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,\
  00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,\
  64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,\
  00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,\
  6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,\
  00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,\
  61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
  00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
  4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
  00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
  00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
  00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
  61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,\
  00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,\
  57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,\
  00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
  77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,\
  00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,\
  63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,\
  00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,\
  68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,\
  00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,\
  63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,\
  00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,\
  69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,50,00,72,00,6f,00,66,00,53,\
  00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,77,00,\
  69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
  00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
  76,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,68,00,6b,00,6d,\
  00,73,00,76,00,63,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,\
  00,00
; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Restart the computer normally.

Delete the Fix.reg file when done.

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 26 April 2014 - 01:01 AM

Hi it's not perfect but improving.

Basically if I open just one tab or two in IE or Chrome now it works.

firefox continues to give problems except with 1 only tab open, because ofter freezes and crash with 2.

Dont know why because I knew that Mozilla was lighter than IE for example, but in my pc seems heavier. I also tried to disinstall & re-install all browser, but continues to give problems.

By the way, at least now it seems I can surf quite ok (still slow with many tabs open, but maybe is a low memory problem) with Chrome and IE.

Thanks. :good:

I'll try for few days to see if it continues

 

ahhh I forget, I also disintalled AVG and run only Panda Anticloud as antivirus. Maybe they were doing conflict? w/out AVF pc seems faster.



#21 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 26 April 2014 - 05:34 AM

Please try to run the Farbar Recovery Scan Tool (post No. 6) and post a log if you can.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#22 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 26 April 2014 - 08:20 AM

Hi Farbar wasn't able to end scan and crashed again. I post you the file txt it produced

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 03
Ran by Mirko (administrator) on PC-MIRKO on 26-04-2014 16:10:55
Running from C:\Users\Mirko\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Italian Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(SoftThinks SAS) C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools Security\BDT\FGuard.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-02] (Google)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PCTools FGuard] => C:\Program Files\PC Tools Security\BDT\FGuard.exe [247760 2011-04-27] (Threat Expert Ltd.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Launcher] - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-07-20] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3134976 2009-01-20] (Speedbit Ltd.)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe [983552 2010-10-29] (Badoo)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\MountPoints2: {392911b5-bb28-11de-8590-0021700a940d} - F:\2sm66r.exe
HKU\S-1-5-21-753316083-1099532342-3845148089-1004\...\MountPoints2: {e60f2aef-e32a-11dd-949c-0021700a940d} - 2sm66r.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it...=it&ibd=4090108
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A200D0C3-D2CE-4035-B70F-58829AE16647} URL = http://it.search.yah...p={searchTerms}
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Handler: fdstp2 - {EDA30510-6AD8-11d2-A1A4-00805F0F0690} - C:\Program Files\FactSet\fdstp.dll (FactSet Research Systems, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8E2F5F7E-E421-4781-91F4-30278B49EA9F}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\4vtprre0.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072013&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mirko\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\4vtprre0.default\searchplugins\badoo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools Security\BDT\Firefox\
FF Extension: Browser Defender Toolbar - C:\Program Files\PC Tools Security\BDT\Firefox\ []
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus Integration - C:\Program Files\DAP\DAPFireFox [2009-01-20]

Chrome:
=======
CHR HomePage: hxxp://it.msn.com/?pc=UP97&ocid=UP97DHP&dt=072013
CHR StartupUrls: "hxxp://chess.com/", "hxxp://finviz.com/", "hxxp://www.macroaxis.com/?pitch=login", "hxxp://stockcharts.com/", "hxxp://stockbee.blogspot.it/", "hxxp://www.bloomberg.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Mirko\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Panda ActiveScan 2.0) - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (YouTube) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Ricerca Google) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
 



#23 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 26 April 2014 - 09:53 AM

I suspect some RAM problems.

Check it out.

Download Memtest86 extract the ISO file memtest.iso to your hard disc, and using your CD writing software, burn the ISO file to a CD as an image (for instance, if you are using Nero, you would select "Burn Image" from the menu). You don't need to do anything else to it to try to create a bootable disc.

After you have burned the ISO file to disc, you should have one folder on the disc containing two files:
BOOT <-- folder
BOOT.CAT <-- file
MEMTEST.IMG <-- file

Just boot from the CD, and the memory test should begin automatically.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#24 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 26 April 2014 - 10:31 AM

yes could be some ram problem.

This time I'll take more time to try it because I haven't a CD at home. Need to buy in next monday. Could it works with a USB key instead of CD?

I don't know if I'll be able to boot from CD or USB, never done before



#25 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 27 April 2014 - 06:10 AM


You can create a bootable USB flash drive
http://technet.micro...y/jj200124.aspx
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#26 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 28 April 2014 - 01:28 AM

Hi I made the memory test and there weren't errors.

Program didn't give me a log, therefore I can't post it.

 

I've also used pc in the last 2 days and had an interesting discovering: if I use Chrome and IE without never opening firefox, everything is ok. PC works quite well.

 

If I use Firefox alone, it can works with 1 tab (but also doesn't depending by the website), but it start freezing with 2 tabs or more.

 

therefore, after all this tests, I could say that the problem is Firefox. I tried to uninstall, reinstall, but it doesn't improve. I also noted that if I use the diagnostic test (alt-ctrl-canc) I noticed that Firefox can use up to 900.000 kb with 2-3 tabs.

I surfed Mozilla website for tips to solve the problem, tried something but didn't work therefore maybe the best thing is to give up Firefox



#27 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 28 April 2014 - 05:31 AM

Run this tool to remove Firefox.

Totally uninstall [Firefox], using the Revo Uninstaller.

Download and run the free version of Revo Uninstaller.

Select [Firefox] and click Uninstall.

Set it to 'Advanced' and click Scan.

Revo will do this:

Step 1. Create restore point.

Step 2. Run the official [Firefox] uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).

Reboot if asked.

p.s.
You can save your bookmarks before removingFirefox.
Restore bookmarks from backup or move them to another computer
https://support.mozi...up-or-move-them
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#28 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 30 April 2014 - 09:44 AM

Hi, I followed your advice and "so far" Firefox seems ok.

I haven't been crashing in the last 24h!

Crossing fingers!

thanks for your help :good:

I think I'll open a new post soon about skype because is not working in my girlfriend's pc.

ciao



#29 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 30 April 2014 - 11:59 AM

Refer to post No 22.
Can you now post a complete FRST log?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#30 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 30 April 2014 - 12:05 PM

no, it stops at the same previous time



#31 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 01 May 2014 - 02:58 AM

Update. I uninstalled Chrome as well, and reinstalled it. Launched the program and now everything is fine. I can post the log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Mirko (administrator) on PC-MIRKO on 01-05-2014 10:53:21
Running from C:\Users\Mirko\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Italian Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(SoftThinks SAS) C:\Program Files\Dell DataSafe Local Backup\SftService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools Security\BDT\FGuard.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-02] (Google)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PCTools FGuard] => C:\Program Files\PC Tools Security\BDT\FGuard.exe [247760 2011-04-27] (Threat Expert Ltd.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Launcher] - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-07-20] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it...=it&ibd=4090108
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A200D0C3-D2CE-4035-B70F-58829AE16647} URL = http://it.search.yah...p={searchTerms}
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab
Handler: fdstp2 - {EDA30510-6AD8-11d2-A1A4-00805F0F0690} - C:\Program Files\FactSet\fdstp.dll (FactSet Research Systems, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8E2F5F7E-E421-4781-91F4-30278B49EA9F}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\mmfm5aqv.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mirko\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools Security\BDT\Firefox\
FF Extension: Browser Defender Toolbar - C:\Program Files\PC Tools Security\BDT\Firefox\ []
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus Integration - C:\Program Files\DAP\DAPFireFox [2009-01-20]

Chrome:
=======
CHR StartupUrls: "hxxp://chess.com/"
CHR Extension: (Documenti Google) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-01]
CHR Extension: (Google Drive) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (YouTube) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Ricerca Google) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Gmail) - C:\Users\Mirko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Browser Defender Update Service; C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe [337872 2011-04-27] (Threat Expert Ltd.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
U2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-29] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-02] (Google)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
S2 PCloudCleanerService; C:\Windows\system32\PCloudCleanerService.EXE [112936 2014-01-22] (Panda Security S.L.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [689472 2010-08-20] (SoftThinks SAS)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-04] (AVG Technologies)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-10-11] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S0 DasBoot; \SystemRoot\system32\drivers\DasBoot.SYS [X]
S0 DasBootF; \SystemRoot\system32\drivers\DasBootF.SYS [X]
S2 DriverAS; \??\C:\Program Files\Active Shield 5\ActiveShield.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 PRSBDRVR; \SystemRoot\system32\drivers\PRSBDRVR.SYS [X]
U0 SR;
U2 SRService;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-01 10:50 - 2014-05-01 10:50 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-01 10:50 - 2014-05-01 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-01 10:45 - 2014-05-01 10:47 - 00033430 _____ () C:\Users\Mirko\Downloads\Addition.txt
2014-05-01 10:40 - 2014-05-01 10:53 - 00018000 _____ () C:\Users\Mirko\Downloads\FRST.txt
2014-05-01 10:39 - 2014-05-01 10:39 - 01050624 _____ (Farbar) C:\Users\Mirko\Downloads\FRST.exe
2014-05-01 10:33 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-05-01 10:29 - 2014-05-01 10:29 - 00000020 ___SH () C:\Users\TEMP.PC-Mirko\ntuser.ini
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Risorse di stampa
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Risorse di rete
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Modelli
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Menu Avvio
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Impostazioni locali
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documents\Video
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documents\Musica
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documents\Immagini
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documenti
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Dati applicazioni
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\AppData\Local\Dati applicazioni
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\AppData\Local\Cronologia
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 ____D () C:\Users\TEMP.PC-Mirko
2014-05-01 10:29 - 2012-11-29 23:07 - 00000000 ____D () C:\Users\TEMP.PC-Mirko\AppData\Local\Microsoft Help
2014-05-01 10:29 - 2012-10-15 19:40 - 00000000 ____D () C:\Users\TEMP.PC-Mirko\AppData\Roaming\TuneUp Software
2014-05-01 10:29 - 2010-12-29 21:33 - 00000000 ____D () C:\Users\TEMP.PC-Mirko\AppData\Local\SoftThinks
2014-05-01 10:29 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\TEMP.PC-Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-01 10:29 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\TEMP.PC-Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-01 10:13 - 2014-05-01 10:13 - 00009167 _____ () C:\Users\Mirko\Documents\cral scontrini maggio-aprile 2014.xlsx
2014-05-01 08:51 - 2014-05-01 08:51 - 01359303 _____ () C:\Users\Mirko\Desktop\Copia di Review_GA.xlsm
2014-05-01 08:50 - 2014-05-01 08:50 - 01354031 _____ () C:\Users\Mirko\Downloads\Copia di Review_GA.xlsm
2014-04-30 20:05 - 2014-04-30 20:05 - 00017004 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-04-30 18:17 - 2014-05-01 09:21 - 01362593 _____ () C:\Users\Mirko\Desktop\Review_GB.xlsm
2014-04-30 17:26 - 2014-04-30 17:26 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-30 17:26 - 2014-04-30 17:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-30 17:26 - 2014-04-30 17:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 17:24 - 2014-04-30 17:24 - 00283208 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 29.0.exe
2014-04-28 18:01 - 2014-04-28 18:01 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0 (3).exe
2014-04-28 17:47 - 2014-04-28 17:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mirko\Downloads\revosetup.exe
2014-04-28 17:47 - 2014-04-28 17:47 - 00001059 _____ () C:\Users\Mirko\Desktop\Revo Uninstaller.lnk
2014-04-28 17:47 - 2014-04-28 17:47 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-28 17:45 - 2014-04-28 17:45 - 00108726 _____ () C:\Users\Mirko\Desktop\bookmarks-2014-04-28_firefox mirko
2014-04-28 16:28 - 2014-04-28 16:28 - 00001529 _____ () C:\Users\Mirko\Downloads\latest.jnlp
2014-04-28 13:03 - 2014-04-28 13:03 - 05484256 _____ (Speedchecker Limited ) C:\Users\Mirko\Downloads\pcspeedupIT_a750ba6d4deb48148ec56ad290b17495_.exe
2014-04-28 08:30 - 2014-04-28 08:31 - 03280985 _____ () C:\Users\Mirko\Downloads\memtest86-usb (1).zip
2014-04-28 08:30 - 2014-04-28 08:30 - 03280985 _____ () C:\Users\Mirko\Downloads\memtest86-usb.zip
2014-04-28 08:28 - 2014-04-28 08:28 - 00000000 ____D () C:\Users\Mirko\Desktop\Pennina Silvia
2014-04-28 08:23 - 2014-04-28 08:23 - 01842676 _____ () C:\Users\Mirko\Downloads\memtest86-iso.zip
2014-04-28 08:20 - 2014-04-28 08:21 - 00000000 ____D () C:\Users\Mirko\Desktop\PENNINA USB
2014-04-26 18:09 - 2009-02-26 11:05 - 00398336 _____ (Intel® Corporation) C:\Windows\system32\TVWizudlg.exe
2014-04-26 18:09 - 2009-02-26 11:04 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2014-04-26 18:09 - 2009-02-26 11:02 - 00121232 _____ () C:\Windows\system32\IScrNB.bmp
2014-04-26 17:59 - 2014-04-26 18:09 - 00000000 ____D () C:\Windows\system32\Lang
2014-04-26 17:58 - 2014-04-26 17:58 - 21877880 _____ (Intel Corporation) C:\Users\Mirko\Downloads\winvista_15124.exe
2014-04-26 17:53 - 2014-04-26 17:53 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-04-26 17:32 - 2014-04-26 17:32 - 00000000 ____D () C:\Users\Mirko\Desktop\Dati precedenti di Firefox
2014-04-26 07:26 - 2014-04-26 07:26 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0 (2).exe
2014-04-25 19:50 - 2014-04-25 19:50 - 00000000 ____D () C:\Users\Mirko\AppData\Local\Avg2014
2014-04-25 13:45 - 2014-04-25 13:45 - 00028247 _____ () C:\Windows\ZTEInstallInfo.log
2014-04-25 12:59 - 2014-04-25 13:00 - 00347816 _____ (Microsoft Corporation) C:\Users\Mirko\Downloads\MicrosoftFixit.Performance.FISC.11132185437453626.1.1.Run.exe
2014-04-23 19:44 - 2014-04-23 19:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Mirko\Downloads\MicrosoftFixit.Performance.FISC.34321705188235060.1.2.Run.exe
2014-04-23 19:42 - 2014-04-23 19:42 - 00000883 _____ () C:\Windows\wwdslcfg.log
2014-04-23 19:42 - 2014-04-23 19:42 - 00000152 _____ () C:\Windows\GsiSetup.log
2014-04-23 19:33 - 2014-04-23 19:33 - 00347816 _____ (Microsoft Corporation) C:\Users\Mirko\Downloads\MicrosoftFixit.Performance.FISC.34321705188235060.1.1.Run.exe
2014-04-23 18:50 - 2014-04-23 18:50 - 00000000 ____D () C:\_OTL
2014-04-22 19:02 - 2014-04-22 19:09 - 00132597 _____ () C:\Users\Mirko\Downloads\Flash_Disinfector.exe
2014-04-21 18:51 - 2014-04-21 18:51 - 00086800 _____ () C:\Users\Mirko\Downloads\Extras.Txt
2014-04-21 18:48 - 2014-04-21 18:48 - 00179434 _____ () C:\Users\Mirko\Downloads\OTL.Txt
2014-04-21 18:29 - 2014-04-28 08:38 - 00000780 _____ () C:\Windows\setupact.log
2014-04-21 18:29 - 2014-04-21 18:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-21 09:38 - 2014-05-01 10:53 - 00000000 ____D () C:\FRST
2014-04-21 08:59 - 2014-04-21 09:25 - 00000000 ____D () C:\AdwCleaner
2014-04-20 19:08 - 2014-04-30 17:19 - 00024070 _____ () C:\Windows\PFRO.log
2014-04-20 09:29 - 2014-04-20 09:29 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-20 09:27 - 2014-04-20 09:27 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0.exe
2014-04-20 09:25 - 2014-04-20 09:25 - 00236939 _____ () C:\Users\Mirko\Downloads\realtest.rm
2014-04-20 09:23 - 2014-04-20 09:23 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Mirko\Downloads\Shockwave_Installer_Slim.exe
2014-04-19 17:35 - 2014-04-19 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-19 15:04 - 2014-04-19 17:34 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 10:25 - 2014-05-01 10:48 - 00000000 ____D () C:\Users\Mirko\Desktop\Dettagli x forum virus
2014-04-19 08:45 - 2012-07-05 22:06 - 00772544 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-04-19 08:45 - 2012-07-05 22:06 - 00687544 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-04-17 18:12 - 2014-04-17 18:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-17 18:11 - 2014-04-17 18:09 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-17 18:10 - 2014-04-17 18:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-17 18:10 - 2014-04-17 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 18:10 - 2014-04-17 18:09 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-17 18:10 - 2014-04-17 18:09 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-16 21:27 - 2014-04-16 21:27 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-10 21:06 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 21:06 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 21:06 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 21:06 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 21:06 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 21:06 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 21:06 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 21:06 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 21:06 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 21:06 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 21:06 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 21:06 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 21:06 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 21:06 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 21:06 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 21:06 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 19:29 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-07 18:25 - 2014-04-07 18:25 - 00000852 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

==================== One Month Modified Files and Folders =======

2014-05-01 10:54 - 2014-05-01 10:40 - 00018000 _____ () C:\Users\Mirko\Downloads\FRST.txt
2014-05-01 10:53 - 2014-04-21 09:38 - 00000000 ____D () C:\FRST
2014-05-01 10:50 - 2014-05-01 10:50 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-01 10:50 - 2014-05-01 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-01 10:50 - 2009-01-14 15:48 - 00000000 ____D () C:\Users\Mirko\AppData\Local\Google
2014-05-01 10:49 - 2009-01-08 11:46 - 00000000 ____D () C:\Program Files\Google
2014-05-01 10:48 - 2014-04-19 10:25 - 00000000 ____D () C:\Users\Mirko\Desktop\Dettagli x forum virus
2014-05-01 10:47 - 2014-05-01 10:45 - 00033430 _____ () C:\Users\Mirko\Downloads\Addition.txt
2014-05-01 10:43 - 2009-01-08 11:31 - 01343202 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 10:40 - 2012-04-18 20:50 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 10:39 - 2014-05-01 10:39 - 01050624 _____ (Farbar) C:\Users\Mirko\Downloads\FRST.exe
2014-05-01 10:35 - 2010-12-29 21:33 - 00000000 ____D () C:\Users\Mirko\AppData\Local\SoftThinks
2014-05-01 10:33 - 2009-10-18 12:38 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 10:33 - 2009-01-15 23:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-01 10:33 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 10:33 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-01 10:33 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-01 10:32 - 2006-11-02 15:01 - 00032472 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 10:29 - 2014-05-01 10:29 - 00000020 ___SH () C:\Users\TEMP.PC-Mirko\ntuser.ini
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Risorse di stampa
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Risorse di rete
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Modelli
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Menu Avvio
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Impostazioni locali
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documents\Video
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documents\Musica
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documents\Immagini
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Documenti
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\Dati applicazioni
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\AppData\Local\Dati applicazioni
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 _SHDL () C:\Users\TEMP.PC-Mirko\AppData\Local\Cronologia
2014-05-01 10:29 - 2014-05-01 10:29 - 00000000 ____D () C:\Users\TEMP.PC-Mirko
2014-05-01 10:13 - 2014-05-01 10:13 - 00009167 _____ () C:\Users\Mirko\Documents\cral scontrini maggio-aprile 2014.xlsx
2014-05-01 10:04 - 2009-10-18 12:38 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 09:21 - 2014-04-30 18:17 - 01362593 _____ () C:\Users\Mirko\Desktop\Review_GB.xlsm
2014-05-01 08:51 - 2014-05-01 08:51 - 01359303 _____ () C:\Users\Mirko\Desktop\Copia di Review_GA.xlsm
2014-05-01 08:50 - 2014-05-01 08:50 - 01354031 _____ () C:\Users\Mirko\Downloads\Copia di Review_GA.xlsm
2014-04-30 20:05 - 2014-04-30 20:05 - 00017004 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-04-30 18:40 - 2012-04-18 20:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 18:40 - 2011-06-02 08:05 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 17:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2014-04-30 17:27 - 2009-01-15 21:32 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Mozilla
2014-04-30 17:26 - 2014-04-30 17:26 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-30 17:26 - 2014-04-30 17:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-30 17:26 - 2014-04-30 17:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 17:26 - 2014-03-30 09:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 17:24 - 2014-04-30 17:24 - 00283208 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 29.0.exe
2014-04-30 17:19 - 2014-04-20 19:08 - 00024070 _____ () C:\Windows\PFRO.log
2014-04-28 18:26 - 2010-11-14 10:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-28 18:01 - 2014-04-28 18:01 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0 (3).exe
2014-04-28 17:47 - 2014-04-28 17:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mirko\Downloads\revosetup.exe
2014-04-28 17:47 - 2014-04-28 17:47 - 00001059 _____ () C:\Users\Mirko\Desktop\Revo Uninstaller.lnk
2014-04-28 17:47 - 2014-04-28 17:47 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-28 17:45 - 2014-04-28 17:45 - 00108726 _____ () C:\Users\Mirko\Desktop\bookmarks-2014-04-28_firefox mirko
2014-04-28 17:36 - 2014-03-15 13:23 - 00121192 _____ () C:\Users\Mirko\Desktop\template opzioni strategie.xlsx
2014-04-28 16:32 - 2014-03-01 13:07 - 00000000 ____D () C:\Jts
2014-04-28 16:28 - 2014-04-28 16:28 - 00001529 _____ () C:\Users\Mirko\Downloads\latest.jnlp
2014-04-28 13:03 - 2014-04-28 13:03 - 05484256 _____ (Speedchecker Limited ) C:\Users\Mirko\Downloads\pcspeedupIT_a750ba6d4deb48148ec56ad290b17495_.exe
2014-04-28 08:38 - 2014-04-21 18:29 - 00000780 _____ () C:\Windows\setupact.log
2014-04-28 08:31 - 2014-04-28 08:30 - 03280985 _____ () C:\Users\Mirko\Downloads\memtest86-usb (1).zip
2014-04-28 08:30 - 2014-04-28 08:30 - 03280985 _____ () C:\Users\Mirko\Downloads\memtest86-usb.zip
2014-04-28 08:29 - 2008-01-21 08:31 - 01689308 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 08:29 - 2008-01-21 08:30 - 00744674 _____ () C:\Windows\system32\perfh010.dat
2014-04-28 08:29 - 2008-01-21 08:30 - 00156932 _____ () C:\Windows\system32\perfc010.dat
2014-04-28 08:28 - 2014-04-28 08:28 - 00000000 ____D () C:\Users\Mirko\Desktop\Pennina Silvia
2014-04-28 08:26 - 2009-01-17 17:47 - 00000000 ____D () C:\ProgramData\Roxio
2014-04-28 08:23 - 2014-04-28 08:23 - 01842676 _____ () C:\Users\Mirko\Downloads\memtest86-iso.zip
2014-04-28 08:21 - 2014-04-28 08:20 - 00000000 ____D () C:\Users\Mirko\Desktop\PENNINA USB
2014-04-28 08:13 - 2009-01-17 13:14 - 00032256 _____ () C:\Users\Mirko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 20:37 - 2009-09-19 12:48 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype
2014-04-26 18:09 - 2014-04-26 17:59 - 00000000 ____D () C:\Windows\system32\Lang
2014-04-26 18:09 - 2009-01-08 11:44 - 00000000 ____D () C:\Program Files\Intel
2014-04-26 18:00 - 2009-01-14 15:44 - 00000000 ____D () C:\Users\Mirko
2014-04-26 17:59 - 2009-01-14 15:48 - 00000000 ____D () C:\Intel
2014-04-26 17:58 - 2014-04-26 17:58 - 21877880 _____ (Intel Corporation) C:\Users\Mirko\Downloads\winvista_15124.exe
2014-04-26 17:53 - 2014-04-26 17:53 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-04-26 17:32 - 2014-04-26 17:32 - 00000000 ____D () C:\Users\Mirko\Desktop\Dati precedenti di Firefox
2014-04-26 16:32 - 2013-11-09 09:22 - 00000000 ____D () C:\Users\Mirko\Desktop\Porciatti consulting
2014-04-26 16:27 - 2012-12-29 14:26 - 00000000 ____D () C:\Windows\pss
2014-04-26 08:42 - 2013-06-09 10:46 - 00045909 _____ () C:\Users\Mirko\Documents\WebPasswords.xlsx
2014-04-26 07:26 - 2014-04-26 07:26 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0 (2).exe
2014-04-25 19:50 - 2014-04-25 19:50 - 00000000 ____D () C:\Users\Mirko\AppData\Local\Avg2014
2014-04-25 19:44 - 2009-12-01 00:57 - 00001356 _____ () C:\Users\Mirko\AppData\Local\d3d9caps.dat
2014-04-25 13:47 - 2009-09-16 09:18 - 00000000 ____D () C:\Windows\system32\SupportAppXL
2014-04-25 13:45 - 2014-04-25 13:45 - 00028247 _____ () C:\Windows\ZTEInstallInfo.log
2014-04-25 13:45 - 2009-01-08 11:43 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-25 13:38 - 2009-01-08 11:46 - 00000000 ____D () C:\ProgramData\Google
2014-04-25 13:00 - 2014-04-25 12:59 - 00347816 _____ (Microsoft Corporation) C:\Users\Mirko\Downloads\MicrosoftFixit.Performance.FISC.11132185437453626.1.1.Run.exe
2014-04-23 19:44 - 2014-04-23 19:44 - 00347816 _____ (Microsoft Corporation) C:\Users\Mirko\Downloads\MicrosoftFixit.Performance.FISC.34321705188235060.1.2.Run.exe
2014-04-23 19:42 - 2014-04-23 19:42 - 00000883 _____ () C:\Windows\wwdslcfg.log
2014-04-23 19:42 - 2014-04-23 19:42 - 00000152 _____ () C:\Windows\GsiSetup.log
2014-04-23 19:33 - 2014-04-23 19:33 - 00347816 _____ (Microsoft Corporation) C:\Users\Mirko\Downloads\MicrosoftFixit.Performance.FISC.34321705188235060.1.1.Run.exe
2014-04-23 18:50 - 2014-04-23 18:50 - 00000000 ____D () C:\_OTL
2014-04-22 19:09 - 2014-04-22 19:02 - 00132597 _____ () C:\Users\Mirko\Downloads\Flash_Disinfector.exe
2014-04-21 18:51 - 2014-04-21 18:51 - 00086800 _____ () C:\Users\Mirko\Downloads\Extras.Txt
2014-04-21 18:48 - 2014-04-21 18:48 - 00179434 _____ () C:\Users\Mirko\Downloads\OTL.Txt
2014-04-21 18:29 - 2014-04-21 18:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-21 09:25 - 2014-04-21 08:59 - 00000000 ____D () C:\AdwCleaner
2014-04-20 09:42 - 2009-01-14 15:55 - 00000000 ____D () C:\Users\Mirko\AppData\Local\Adobe
2014-04-20 09:41 - 2009-01-08 11:52 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-20 09:29 - 2014-04-20 09:29 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0 (1).exe
2014-04-20 09:27 - 2014-04-20 09:27 - 00283120 _____ (Mozilla) C:\Users\Mirko\Downloads\Firefox Setup Stub 28.0.exe
2014-04-20 09:25 - 2014-04-20 09:25 - 00236939 _____ () C:\Users\Mirko\Downloads\realtest.rm
2014-04-20 09:25 - 2009-01-08 11:42 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-20 09:24 - 2009-12-02 23:04 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-20 09:23 - 2014-04-20 09:23 - 04994480 _____ (Adobe Systems Inc.) C:\Users\Mirko\Downloads\Shockwave_Installer_Slim.exe
2014-04-19 20:35 - 2012-05-28 19:22 - 00000000 ____D () C:\Users\Mirko\Desktop\gennaro
2014-04-19 19:38 - 2010-12-29 21:20 - 00000000 ____D () C:\Program Files\Dell DataSafe Local Backup
2014-04-19 18:19 - 2014-04-19 17:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-19 17:34 - 2014-04-19 15:04 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 19:12 - 2009-01-23 20:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-17 18:12 - 2014-04-17 18:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-17 18:10 - 2014-04-17 18:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-17 18:10 - 2014-04-17 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 18:09 - 2014-04-17 18:11 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-17 18:09 - 2014-04-17 18:10 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-17 18:09 - 2014-04-17 18:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-16 21:27 - 2014-04-16 21:27 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 21:27 - 2013-03-09 09:34 - 00000000 ____D () C:\Program Files\Java
2014-04-16 21:08 - 2010-02-01 19:38 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\QuickScan
2014-04-10 21:08 - 2012-11-29 20:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 21:04 - 2013-07-17 20:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 20:59 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-08 07:48 - 2014-01-02 16:16 - 00000000 ____D () C:\Users\Mirko\Desktop\Per Corso Guida
2014-04-07 18:25 - 2014-04-07 18:25 - 00000852 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-05 08:02 - 2013-10-06 18:23 - 00000908 _____ () C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk

Files to move or delete:
====================
C:\ProgramData\ras_0oed.pad


Some content of TEMP:
====================
C:\Users\Mirko\AppData\Local\Temp\nircmd.exe
C:\Users\Mirko\AppData\Local\Temp\pv.exe
C:\Users\Mirko\AppData\Local\Temp\Quarantine.exe
C:\Users\Mirko\AppData\Local\Temp\vfind.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-01 10:43

==================== End Of Log ============================



#32 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 01 May 2014 - 05:14 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
S0 DasBootF; \SystemRoot\system32\drivers\DasBootF.SYS [X]
S2 DriverAS; \??\C:\Program Files\Active Shield 5\ActiveShield.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 PRSBDRVR; \SystemRoot\system32\drivers\PRSBDRVR.SYS [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
C:\ProgramData\ras_0oed.pad
C:\Users\Mirko\AppData\Local\Temp\nircmd.exe
C:\Users\Mirko\AppData\Local\Temp\pv.exe
C:\Users\Mirko\AppData\Local\Temp\vfind.exe

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#33 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 01 May 2014 - 11:21 AM

Content of fixlist:
*****************
start

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
S0 DasBootF; \SystemRoot\system32\drivers\DasBootF.SYS [X]
S2 DriverAS; \??\C:\Program Files\Active Shield 5\ActiveShield.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 PRSBDRVR; \SystemRoot\system32\drivers\PRSBDRVR.SYS [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
C:\ProgramData\ras_0oed.pad
C:\Users\Mirko\AppData\Local\Temp\nircmd.exe
C:\Users\Mirko\AppData\Local\Temp\pv.exe
C:\Users\Mirko\AppData\Local\Temp\vfind.exe

End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.
DasBootF => Service deleted successfully.
DriverAS => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
PRSBDRVR => Service deleted successfully.
ZTEusbmdm6k => Service deleted successfully.
ZTEusbnmea => Service deleted successfully.
C:\ProgramData\ras_0oed.pad => Moved successfully.
C:\Users\Mirko\AppData\Local\Temp\nircmd.exe => Moved successfully.
C:\Users\Mirko\AppData\Local\Temp\pv.exe => Moved successfully.
C:\Users\Mirko\AppData\Local\Temp\vfind.exe => Moved successfully.

==== End of Fixlog ====



#34 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 01 May 2014 - 11:22 AM

 Results of screen317's Security Check version 0.99.82  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
Panda Cloud Antivirus   
AVG update module       
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 7 Update 55  
 Adobe Flash Player     13.0.0.206  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (29.0)
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAService.exe  
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#35 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 02 May 2014 - 05:03 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#36 tesorodifirenze

tesorodifirenze

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 03 May 2014 - 03:17 AM

Thank you very much for your help :good:

I've never installed a firewall, I'll do it

 

Now I'm fighting wth my pc's girlfriend about skype. If I'm not able to fix it soon, I'll open a new thread.

Have a nice day



#37 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 03 May 2014 - 05:27 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button