Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Pc infected, but nothing is found scanning it

This is a discussion on Pc infected, but nothing is found scanning it within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi all and, first of all, tnx veryone who will help me. I have my pc infectd for sure, i


 
 
Thread Tools Search this Thread
Old 05-04-2013, 06:52 PM   #1
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched


EEK!

Hi all and, first of all, tnx veryone who will help me.


I have my pc infectd for sure, i try to explain you the problem in my bad english:

- my pc is not going slowly or something like that, but "simply" i have every window that i open "flashing" ( i can always see the active window without problems, it stay opened, but i see the menu bar of the active window like flashing, it happens with every kind of window: IE9, Firefox, Crome, Win7 window/folder)

- when i pass the mouse over a program in the win7's program bar, it makes me watch at the iconized programs just for a bit, because of the "flashing issue"... (but i can maximize the iconized program

- when i'm in a folder or just on the desktop and i select one or more files, after a bit it unselect it automatically, always because of the "flashing issue"

I did many scans with Avira free, Kaspersky virus removal tool, mbam, Hijackthis, initially some of them had found something, but then i disinfect all the issues and now they don't find anymore threats, but the issue is still on.

What can i do more?

(i don't have windows install disk)

Down here there is the "checklist" (i have uninstalled daemon tools before running Gmer) :


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by BlascoX at 2:41:24 on 2013-05-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8172.4168 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\LogMeIn Hamachi_old\hamachi-2-ui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Guida per l'accesso a Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\BlascoX\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Clownfish] <no file>
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi_old\hamachi-2-ui.exe" --auto-start
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
TCP: NameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{6842BC7C-A175-409E-B111-7ADB617DA6DA} : DHCPNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{6842BC7C-A175-409E-B111-7ADB617DA6DA}\3473D20303F5A4F696B6573507F647F5738334140343533403144353 : DHCPNameServer = 10.157.50.1 10.157.50.2
TCP: Interfaces\{8B53FAD5-0562-4CA5-B793-F6FE3C071F78} : DHCPNameServer = 7.254.254.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java7\bin\ssv.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java7\bin\jp2ssv.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BlascoX\AppData\Roaming\Mozilla\Firefox\Profiles\e537nbun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - 197.221.184.182
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 197.221.184.182
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 197.221.184.182
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 197.221.184.182
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\BlascoX\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\BlascoX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-04-19 20:57; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-27 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-27 279616]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-13 89600]
R2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-26 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-26 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-27 100712]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-12-21 72216]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-13 1128952]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-3-3 745880]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-13 2656280]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2011-8-19 25632]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2010-11-10 4869024]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-9-13 1360960]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-10-14 31232]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-9-13 131656]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-9-13 399944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-11-12 121416]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-9-13 31152]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-13 471144]
S3 SaiH075C;SaiH075C;C:\Windows\System32\drivers\SaiH075C.sys [2007-5-1 171144]
S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tvnserver;TightVNC Server;C:\Users\BlascoX\AppData\Local\CrossLoop\tvnserver.exe [2011-12-27 814080]
S3 u9usbser;MYWAVEU9 USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\u9usbser.sys [2012-4-13 113664]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-28 1255736]
S4 CrossLoopService;CrossLoop Service;C:\Users\BlascoX\AppData\Local\CrossLoop\CrossLoopService.exe [2011-12-27 569072]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi_old\hamachi-2.exe [2012-12-14 2466304]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-03 22:58:40 -------- d-----w- C:\Users\BlascoX\AppData\Local\Max Secure Software
2013-05-03 22:57:32 -------- d-----w- C:\Users\BlascoX\AppData\Roaming\GetRightToGo
2013-05-02 11:52:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-02 11:52:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 15:57:31 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-21 01:23:52 -------- d-----r- C:\Sandbox
2013-04-21 01:19:46 -------- d-----w- C:\Program Files\Sandboxie
2013-04-14 04:38:37 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-14 04:37:34 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-13 09:39:01 -------- d-----w- C:\Users\BlascoX\AppData\Local\Programs
.
==================== Find3M ====================
.
2013-04-23 21:51:12 499176 ----a-w- C:\Program Files (x86)\update.exe
2013-04-23 21:51:12 13620200 ----a-w- C:\Program Files (x86)\ts3client_win64.exe
2013-04-23 21:51:11 3130880 ----a-w- C:\Program Files (x86)\QtCore4.dll
2013-04-23 21:51:11 248320 ----a-w- C:\Program Files (x86)\QtSql4.dll
2013-04-23 21:51:11 229864 ----a-w- C:\Program Files (x86)\package_inst.exe
2013-04-23 21:51:11 188904 ----a-w- C:\Program Files (x86)\error_report.exe
2013-04-23 21:51:11 1167360 ----a-w- C:\Program Files (x86)\QtNetwork4.dll
2013-04-23 21:51:11 10554880 ----a-w- C:\Program Files (x86)\QtGui4.dll
2013-03-27 20:45:30 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-27 20:45:30 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-10 01:29:09 62 ----a-w- C:\ProgramData\3864887.bat
2013-03-10 01:29:09 153 ----a-w- C:\ProgramData\3864887.reg
2013-03-05 20:45:31 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 20:45:31 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-10 01:04:31 6393120 ----a-w- C:\Windows\System32\nvcpl.dll
2013-02-10 01:04:31 3472672 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-02-10 01:04:29 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-02-10 01:04:29 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-02-10 01:04:29 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-02-10 01:04:29 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-02-09 13:25:36 3035306 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-11-12 21:10:23 126228 ----a-w- C:\Program Files (x86)\Uninstall.exe
2012-10-29 10:08:18 497136 ----a-w- C:\Program Files (x86)\_old_update.exe
2012-10-29 10:08:18 2830848 ----a-w- C:\Program Files (x86)\_old_QtCore4.dll
2012-10-29 10:08:18 110106 ----a-w- C:\Program Files (x86)\createfileassoc.exe
2012-10-29 10:08:18 1100800 ----a-w- C:\Program Files (x86)\_old_QtNetwork4.dll
2012-10-29 10:08:18 10370560 ----a-w- C:\Program Files (x86)\_old_QtGui4.dll
.
============= FINISH: 2:41:53,90 ===============
Attached Files
File Type: zip attach.zip (10.1 KB, 42 views)
Blascogeno is offline  
Sponsored Links
Advertisement
 
Old 05-06-2013, 03:02 AM   #2
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



ESET has found something:

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application

C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application

C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application

C:\Users\BlascoX\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\BlascoX\AppData\Local\Temp\is180804277\232472503_Setup.EXE Win32/OpenCandy application

C:\Users\BlascoX\AppData\Local\Temp\is180804277\MyBabylonTB.exe Win32/Toolbar.Babylon application

C:\Windows\Installer\8e8673.msi a variant of Win32/Aedgency.A application

D:\Download\Giochi\Take.On.Helicopters-RELOADED\rld-tohs.iso a variant of Win32/Packed.VMProtect.AAH trojan

F:\Backup\Giochi\CRACKA_GIOCHI_FLASH_CheatEngine56.exe multiple threats

F:\Backup\service pack\Windows XP Professional Corporate SP2 Bootable ITA SN 7QVT6-T2738-WRKJB-YKRFQ-XVK98 non necessita crack o attivazione (Testato) by BMWPOWER.ISO multiple threats

G:\gtk2116-setup.exe a variant of Win32/1AntiVirus application
Blascogeno is offline  
Old 05-10-2013, 12:47 PM   #3
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



BUMP, please
Blascogeno is offline  
Sponsored Links
Advertisement
 
Old 05-11-2013, 03:20 AM   #4
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



i'm still waiting an answer from u, i had followed all the steps in the forum' rules, but noone still answered to me, but you answered to threads opened after me, i'm still infected.... -.-
Blascogeno is offline  
Old 05-14-2013, 06:06 AM   #5
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



lol what a professional forum ^^
Blascogeno is offline  
Old 05-14-2013, 08:48 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-14-2013, 03:39 PM   #7
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



Ohh finally, thank you

here is the log:

CKScanner 2.2 - Additional Security Risks - These are not necessarily bad
c:\users\blascox\favorites\steam cracked, installiamo insurgency « entula.net – venticello di rete.url
scanner sequence 3.NA.11.NWAPSR
----- EOF -----
Blascogeno is offline  
Old 05-14-2013, 05:52 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you running a cracked version of steam?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-15-2013, 12:18 AM   #9
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



no, i've got the original one

maybe it's a crack for a game? i don't recognize that


p.s. i have some cracked games, but i always pay attention to what i download and run on my pc.
Blascogeno is offline  
Old 05-15-2013, 03:31 AM   #10
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



P.P.S. what i can see is strange in the Eset scan are:

C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\BlascoX\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\BlascoX\AppData\Local\Temp\is180804277\MyBabylonTB.exe Win32/Toolbar.Babylon application

cause i don't have any toolbar installed.
Thanks
Blascogeno is offline  
Old 05-15-2013, 04:03 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
Originally Posted by Blascogeno View Post
p.s. i have some cracked games
You will have to uninstall them before we can proceed.

Quote:
cause i don't have any toolbar installed
We will delete those later.

Please download Temp File Cleaner and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe then choose 'Run as administrator' and click 'Start'.
  • Your desktop will disappear, this is normal, it will return.
  • If prompted, click "Yes" to reboot.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-15-2013, 06:56 AM   #12
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



ok thanks, i did it.

what's now?
Do i need to post any log?
Blascogeno is offline  
Old 05-15-2013, 07:26 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Blascogeno. You're welcome.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
  • Please download WVCheck.exe and Save it to your Desktop.
  • Double-click on WVCheck.exe then click Run and press any key to continue.
  • Please be patient as it may take a while.
  • When the program has finished, a log will pop up and be saved to your desktop.
  • The log will be named WVCheck_time_date.txt
  • Please copy/paste the results in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-15-2013, 08:57 AM   #14
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



hi again Chemist and tnx for the support.

1- yes, i'd got the error message of "illegal operation..." and rebooted
2- during the scan of Combofix i had a lot of errors, i put the screenshot here, where all the same errors.

ComboFix 13-05-14.01 - BlascoX 15/05/2013 17:30:49.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8172.6480 [GMT 2:00]
Eseguito da: c:\users\BlascoX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uninstall.exe
c:\program files (x86)\update.exe
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\NoteTecniche.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\program files (x86)\WinRAR\SorgUnRAR.Txt
c:\programdata\3864887.bat
c:\programdata\3864887.pad
c:\programdata\3864887.reg
c:\users\BlascoX\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\BlascoX\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Creati Da 2013-04-15 al 2013-05-15 )))))))))))))))))))))))))))))))))))
.
.
2013-05-15 15:36 . 2013-05-15 15:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-15 15:36 . 2013-05-15 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 13:12 . 2013-05-14 13:12 -------- d-----w- c:\program files (x86)\ESET
2013-05-13 18:45 . 2013-05-13 18:45 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-03 22:58 . 2013-05-03 22:58 -------- d-----w- c:\users\BlascoX\AppData\Local\Max Secure Software
2013-05-03 22:57 . 2013-05-03 22:58 -------- d-----w- c:\users\BlascoX\AppData\Roaming\GetRightToGo
2013-05-02 11:52 . 2013-05-02 11:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-02 11:52 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-24 15:57 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 01:23 . 2013-04-21 01:23 -------- d-----r- C:\Sandbox
2013-04-21 01:19 . 2013-04-21 01:19 -------- d-----w- c:\program files\Sandboxie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 21:51 . 2012-10-29 10:08 13620200 ----a-w- c:\program files (x86)\ts3client_win64.exe
2013-04-23 21:51 . 2012-10-29 10:08 3130880 ----a-w- c:\program files (x86)\QtCore4.dll
2013-04-23 21:51 . 2012-10-29 10:08 248320 ----a-w- c:\program files (x86)\QtSql4.dll
2013-04-23 21:51 . 2012-10-29 10:08 229864 ----a-w- c:\program files (x86)\package_inst.exe
2013-04-23 21:51 . 2012-10-29 10:08 188904 ----a-w- c:\program files (x86)\error_report.exe
2013-04-23 21:51 . 2012-10-29 10:08 1167360 ----a-w- c:\program files (x86)\QtNetwork4.dll
2013-04-23 21:51 . 2012-10-29 10:08 10554880 ----a-w- c:\program files (x86)\QtGui4.dll
2013-04-14 04:39 . 2011-12-28 16:09 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-27 20:45 . 2013-03-27 20:45 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-27 20:45 . 2013-03-27 20:45 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-27 20:45 . 2013-03-27 20:45 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-14 04:37 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-14 04:37 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-14 04:37 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-14 04:37 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-14 04:37 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-14 04:37 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-12 19:04 . 2013-03-12 19:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-12 19:04 . 2013-03-12 19:04 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-12 19:04 . 2013-03-12 19:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-12 19:04 . 2013-03-12 19:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-12 19:04 . 2013-03-12 19:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-12 19:04 . 2013-03-12 19:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-12 19:04 . 2013-03-12 19:04 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-12 19:04 . 2013-03-12 19:04 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-12 19:04 . 2013-03-12 19:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-12 19:04 . 2013-03-12 19:04 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-12 19:04 . 2013-03-12 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-12 19:04 . 2013-03-12 19:04 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-12 19:04 . 2013-03-12 19:04 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-12 19:04 . 2013-03-12 19:04 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-12 19:04 . 2013-03-12 19:04 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-12 19:04 . 2013-03-12 19:04 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-12 19:04 . 2013-03-12 19:04 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-12 19:04 . 2013-03-12 19:04 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-12 19:04 . 2013-03-12 19:04 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-12 19:04 . 2013-03-12 19:04 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-12 19:04 . 2013-03-12 19:04 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-12 19:04 . 2013-03-12 19:04 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-12 19:04 . 2013-03-12 19:04 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-03-12 19:04 . 2013-03-12 19:04 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-12 19:04 . 2013-03-12 19:04 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-12 19:04 . 2013-03-12 19:04 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-12 19:04 . 2013-03-12 19:04 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-12 19:04 . 2013-03-12 19:04 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-12 19:04 . 2013-03-12 19:04 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-12 19:04 . 2013-03-12 19:04 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-12 19:04 . 2013-03-12 19:04 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-03-12 19:04 . 2013-03-12 19:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-12 19:04 . 2013-03-12 19:04 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-12 19:04 . 2013-03-12 19:04 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-12 19:04 . 2013-03-12 19:04 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-03-12 19:04 . 2013-03-12 19:04 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-12 19:04 . 2013-03-12 19:04 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-05 20:45 . 2012-08-02 22:10 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 20:45 . 2012-08-02 22:10 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-01 03:36 . 2013-04-14 04:37 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-14 04:38 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-14 04:38 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-14 04:38 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-14 04:38 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-14 04:38 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-14 04:38 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-14 04:38 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-14 04:38 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-14 04:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-14 04:38 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-14 04:38 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-14 04:38 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-14 04:38 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-14 04:38 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-14 04:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-14 04:38 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-14 04:38 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-14 04:38 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-14 04:38 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-14 04:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-14 04:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-14 04:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-14 04:37 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-14 04:37 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-14 04:37 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-14 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-14 04:37 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe" [2009-04-04 385024]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi_old\hamachi-2-ui.exe" [2012-12-14 2255360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 EMSUSB2;EMS USB Joypad2;c:\windows\system32\DRIVERS\EMSUSB2.sys [x]
R3 esihdrv;esihdrv;c:\users\BlascoX\AppData\Local\Temp\esihdrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-11-12 121416]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-09-13 31152]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 171144]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TrioLinkerII;TrioLinkerII;c:\windows\system32\Drivers\TLKerII.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tvnserver;TightVNC Server;c:\users\BlascoX\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 u9usbser;MYWAVEU9 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\u9usbser.sys [2008-01-23 113664]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736]
R4 CrossLoopService;CrossLoop Service;c:\users\BlascoX\AppData\Local\CrossLoop\CrossLoopService.exe [2011-09-07 569072]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi_old\hamachi-2.exe [2012-12-14 2466304]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-27 28600]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2013-03-13 745880]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2011-11-20 202592]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2011-08-19 25632]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-04-20 131656]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-04-20 399944]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 23:39]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 23:39]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-271266169-4035466691-1297609863-1000Core.job
- c:\users\BlascoX\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 22:45]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-271266169-4035466691-1297609863-1000UA.job
- c:\users\BlascoX\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 22:45]
.
2013-05-15 c:\windows\Tasks\HPCeeScheduleForBlascoX.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-10 1128448]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\BlascoX\AppData\Roaming\Mozilla\Firefox\Profiles\e537nbun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - 197.221.184.182
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 197.221.184.182
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 197.221.184.182
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 197.221.184.182
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-04-19 20:57; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-Clownfish - (no file)
Wow6432Node-HKLM-Run-BATINDICATOR - c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-UnityWebPlayer - c:\users\BlascoX\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-271266169-4035466691-1297609863-1000\Software\SecuROM\License information*]
"datasecu"=hex:56,2d,09,3d,bd,76,11,7b,36,8f,78,17,a9,5f,f0,14,08,27,ca,5d,2d,
f5,a4,32,77,a0,dd,fc,40,46,89,70,96,ba,68,f7,54,c6,3b,f5,eb,27,08,26,b3,a0,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2013-05-15 17:46:05 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2013-05-15 15:46
.
Pre-Run: 121.294.389.248 byte disponibili
Post-Run: 120.445.988.864 byte disponibili
.
- - End Of File - - ED51544CB81C4929A90056B516B12E75


Down here the Windows check


Windows Validation Check
Version: 1.9.12.5
Log Created On: 1752_15-05-2013
-----------------------
Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2013-05-15 11:21:38
Last Success Time for Update Download: 2013-04-24 15:57:31
Last Success Time for Update Installation: 2013-04-24 15:57:54

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3

-------- End of File, program close at 1752_15-05-2013 --------
Attached Thumbnails
Click image for larger version

Name:	erroreA.JPG
Views:	60
Size:	52.1 KB
ID:	125143   Click image for larger version

Name:	erroreB.JPG
Views:	56
Size:	52.3 KB
ID:	125144  
Attached Files
File Type: txt ComboFix.txt (28.5 KB, 31 views)
Blascogeno is offline  
Old 05-15-2013, 09:11 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Blascogeno. You're welcome. Any improvement in behavior since running ComboFix?

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 2 Runtime Environment, SE v1.4.1
Java(TM) 7 Update 5 (64-bit)


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-15-2013, 05:43 PM   #16
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



Hi Chemist and thanks for all the informations.

After the run of combofix all seems going better, but i still have something strange, for exaple i have the wireless connection that sometimes disconnect itself, i disable and then enable it and all return as normal. Strange thing, the wireless signal is not so bad. (i too can't connect my lan by cable, but this could be because the cable was pulled, i can't check this with another pc right now)

I did the mbam scan without bad results, i'll past the result down here.

I then tried to uninstall the 2 java installations, but it's impossible for Java 2 Runtime Environment, SE v1.4.1 it doesen't do anything.. for now i didn't installed the new version, cause of this problem,

Now i'll start the Eset's scan and i will past the result when it will finish.

Thanks, have a good night.

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download
Versione database: v2013.05.15.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
BlascoX :: BLASCOX-HP [amministratore]
16/05/2013 01:05:59
mbam-log-2013-05-16 (01-05-59).txt
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM | P2P
Opzioni di scansione disattivate: Registro
Elementi esaminati: 259238
Tempo impiegato: 11 minuti, 2 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
(fine)
Blascogeno is offline  
Old 05-15-2013, 06:03 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Good night.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-16-2013, 04:19 AM   #18
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



Hello Chemist,

here is the last step, the Eset scan result (it had taken 8,10 hours to finish it, the last time it had taken "only" 4,30 hours):


C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
C:\Windows\Installer\8e8673.msi a variant of Win32/Aedgency.A application
D:\Download\Giochi\Take.On.Helicopters-RELOADED\rld-tohs.iso a variant of Win32/Packed.VMProtect.AAH trojan
F:\Backup\Giochi\CRACKA_GIOCHI_FLASH_CheatEngine56.exe multiple threats
F:\Backup\service pack\Windows XP Professional Corporate SP2 Bootable ITA SN 7QVT6-T2738-WRKJB-YKRFQ-XVK98 non necessita crack o attivazione (Testato) by BMWPOWER.ISO multiple threats


Have a good day.
Blascogeno is offline  
Old 05-16-2013, 07:24 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Blascogeno.

As far as the wireless connection problem, it doesn't appear to be malware related.

I suggest you seek help for that problem in our Networking Forum

------------------------------------------------------

Quote:
D:\Download\Giochi\Take.On.Helicopters-RELOADED\rld-tohs.iso
Is Take On Helicopters also a cracked game? If so, you will have to uninstall it.

Quote:
F:\Backup\service pack\Windows XP Professional Corporate SP2 Bootable ITA SN 7QVT6-T2738-WRKJB-YKRFQ-XVK98 non necessita crack o attivazione (Testato) by BMWPOWER.ISO
Why would you have a crack for XP Pro on your backup drive?

------------------------------------------------------

Ensure your D:\, F:\, and G:\ drives are connected/inserted.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
"C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
"C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe"
"C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat"
"C:\Windows\Installer\8e8673.msi"
"D:\Download\Giochi\Take.On.Helicopters-RELOADED\rld-tohs.iso"
"F:\Backup\Giochi\CRACKA_GIOCHI_FLASH_CheatEngine56.exe"
"F:\Backup\service pack\Windows XP Professional Corporate SP2 Bootable ITA SN 7QVT6-T2738-WRKJB-YKRFQ-XVK98 non necessita crack o attivazione (Testato) by BMWPOWER.ISO"
"G:\gtk2116-setup.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

As far as Java, see if JavaRa can uninstall Java 2 Runtime Environment, SE v1.4.1:

Please download JavaRa.exe and Save it to your Desktop.
  • From the JavaRa-2.1.zip folder, extract the files to your desktop.
  • Double-click JavaRa.exe, pick the language of your choice, and click 'Select'.
  • Click 'Remove Older Versions'.
  • Accept any prompts.
  • When done, a log will pop up. Please post the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-16-2013, 09:58 AM   #20
Registered Member
 
Join Date: May 2013
Posts: 41
OS: Win7 totally patched



Hi again Chemist, tnx for the hints on the connection problems.

1. i uninstalled the game

2. i've got winxp as backup for my older pc

3. dohhh i have lost the fix.bat log when i closed IE to run JavaRa -,- but it said that all the files where deleted suxcesfully.

4. here is javara report:

JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu May 16 19:00:11 2013
Found and removed: C:\Windows\System32\jpicpl32.cpl
------------------------------------
Finished reporting.

but Java 2 Runtime Environment, SE v1.4.1 is still installed.


Thank you
Blascogeno is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Keyboards Unresponsive
Hi, i was referred to this sub-forum from the 'Microsoft/windows 7 support' forum. Here's a copy an paste of my op; "'I recently installed Bitdeffender and after scanning my computer it found a few malware/viruses. But as it was cleaning/deleting the infected files I got a BSOD. Now ever since...
ScretAgentDan Virus/Trojan/Spyware Help 44 04-22-2013 05:13 AM
Need Help Please, Strange pop Ups, shutting down for no reason
Hello, I need your help please. My computer is shutting down without prompting from me. I get messages about random things that pop up. I'd appreciate any help/. I can't get to the bleeping computer site to download the scan asked to be run. I'm sorry. If you can guide me how to get there? ...
Nala807 Resolved HJT Threads 50 03-05-2013 12:18 PM
[SOLVED] Malware pest
dds and attach as requested I see dds.txt is showing sidekick DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2 Run by norman at 14:12:17 on 2013-02-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3838.2410 . AV:...
norman1 Resolved HJT Threads 20 02-27-2013 02:38 PM
Ads, Ads, EVERYWHERE...
It started a few days ago. New window that opens with ad. Ads on pages I visit. AdChoices Ads over images. ox.srvoverlay.com/www/delivery/etc..... Also, at the same time the ads started, my search engine was redirected to Search . It is currently not doing that now, though. When I click...
DavesMom Resolved HJT Threads 17 12-09-2012 08:16 AM
Please check to be sure virus was completely removed
I'm not sure where I got them from but Webroot showed a virus warning and says it removed it...I ran Super Antispyware and it found two others...I would like someone to look over the scan and see if it was removed completely... Here are the screenshots from the quarantine...and I will attach...
tiggere Virus/Trojan/Spyware Help 13 02-10-2011 05:45 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:25 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts