Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Yamdex.net and mail.ru are infecting from my chrome omnibox

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Yamdex.net and mail.ru are infecting from my chrome omnibox

Unread postby megatonante » June 29th, 2015, 7:05 am

EDIT: sorry, typo on the title. that "from" shouldn't be there

Hello. As I wrote in the title, whenever I use my omnibox, it gets redirected at first in "yamdex.net" and then to "mail.ru", a russian search engine.

It's almost the same exact problem of this user on the internet: http://malwaretips.com/threads/yamdex-n ... ome.46044/

As him, I have the predefined research tool in my ominbox locked by "an administrator" and I can't change it. (and that tool is, obviously, yamdex.net. It's also called ">")

I tried using an administrator account, I ran malwarebites, AVG, YAC, and superantispyware. I have windows 7 64 bit and the sole symptom is the inability to use google from my Chrome omnibox.

The expert user on that thread, writes a patch to remove some particular files. I tried to read the txt patch and find those files myself with regedit or among folders, but they are not there in my system. I mean, at least they do not have the same exact name. Being a computer illetterate, I stopped there.
I also tried to delete all the content of the "extensions" folder in the chrome diretory, but that research tool is still there.

Please let me know what you need to know, I don't want to format my computer for such a thing.


EDIT: I'm posting those two scan files. I ran dds.scr in the same hard drive where chrome and the OS are installed.


DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.45.2
Run by lorenzo at 13:42:39 on 2015-06-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.8067.5425 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
I:\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
I:\GalaxyClient\GalaxyClient.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
I:\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = about:blank
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
uURLSearchHooks: {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [GalaxyClient] I:\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
uRun: [Google Update] "C:\Users\lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{16FCD8C0-3A17-480D-83DC-348D8288DF36} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{80E3E5D7-31BE-4B1C-93C0-0E8264DFC3BD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{80E3E5D7-31BE-4B1C-93C0-0E8264DFC3BD}\14C6963656D24343937303731383 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-5-12 224224]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-4-11 645480]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-4-11 28008]
R0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2014-11-26 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-5-19 287200]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-4-15 256992]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-11-28 283064]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-6-16 3461072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-6-16 312816]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-28 1152656]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2015-3-30 2490216]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-10-3 329104]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-3-30 417552]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 124568]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-27 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-11-27 23007376]
R2 SBSDWSCService;SBSD Security Center Service;I:\Spybot - Search & Destroy\SDWinSec.exe [2015-6-6 1153368]
R3 IntcDAud;Audio Intel(R) per schermi;C:\Windows\System32\drivers\IntcDAud.sys [2014-11-26 450520]
R3 iusb3hub;Driver hub Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2014-11-26 370672]
R3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2014-11-26 791024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-6-7 25816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-11-27 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-6-23 46768]
R3 RTL8167;Driver Realtek 8167 NT;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-6-6 2585376]
S2 MBAMService;MBAMService;I:\Malwarebytes Anti-Malware\mbamservice.exe [2015-6-7 1080120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2015-1-17 31920]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2015-4-16 21656]
S3 GalaxyClientService;GalaxyClientService;I:\GalaxyClient\GalaxyClientService.exe [2015-5-19 1751096]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2015-5-19 6677048]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-9 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-6-7 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-11 20992]
S3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTWlanU.sys [2014-11-26 1528976]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-6-23 410768]
S3 TSSKX64;TSSKX64;C:\Windows\System32\drivers\TSSKX64.sys [2015-6-6 38200]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-27 59392]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-29 1255736]
.
=============== Created Last 30 ================
.
2015-06-29 05:05:09 -------- d-----w- C:\ProgramData\Avg_Update_0215pi
2015-06-28 15:49:22 -------- d-----w- C:\Users\lorenzo\AppData\Roaming\AVG2015
2015-06-28 15:48:56 -------- d-----w- C:\Program Files\Common Files\AV
2015-06-28 15:48:52 -------- d-----w- C:\Users\lorenzo\AppData\Roaming\TuneUp Software
2015-06-28 15:48:41 -------- d--h--w- C:\$AVG
2015-06-28 15:48:41 -------- d-----w- C:\ProgramData\AVG2015
2015-06-28 15:48:30 -------- d-----w- C:\Program Files (x86)\AVG
2015-06-28 15:45:34 -------- d--h--w- C:\ProgramData\Common Files
2015-06-28 15:45:34 -------- d-----w- C:\Users\lorenzo\AppData\Local\MFAData
2015-06-28 15:45:34 -------- d-----w- C:\Users\lorenzo\AppData\Local\Avg2015
2015-06-28 15:45:34 -------- d-----w- C:\ProgramData\MFAData
2015-06-28 15:25:17 118 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-28 09:47:50 -------- d-----w- C:\FRST
2015-06-28 09:27:43 -------- d-----w- C:\Windows\System32\log
2015-06-28 05:31:58 12221144 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D89D7450-F050-4DEA-AEAF-C8019A99A18E}\mpengine.dll
2015-06-27 05:20:26 12221144 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-23 19:10:19 571024 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-06-23 18:48:01 61616 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2015-06-23 18:48:01 57520 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2015-06-23 18:48:01 46768 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-06-23 14:35:14 -------- d-----w- C:\Users\lorenzo\AppData\Local\Google
2015-06-23 14:35:07 -------- d-----w- C:\Users\lorenzo\AppData\Local\Apps
2015-06-17 06:32:46 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5295C5E-ED2B-42B5-AC2A-AB8B200A706F}\gapaengine.dll
2015-06-16 18:24:37 -------- d-----w- C:\Users\lorenzo\AppData\Local\LumaEmu_SteamCloud
2015-06-07 14:52:43 -------- d-----w- C:\AdwCleaner
2015-06-07 14:51:07 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-07 14:50:54 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-07 14:50:54 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-06-07 14:50:54 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-07 14:50:54 -------- d-----w- C:\ProgramData\Malwarebytes
2015-06-06 14:10:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-06-06 13:42:41 -------- d-----w- C:\Users\lorenzo\AppData\Roaming\ProductData
2015-06-06 13:42:39 -------- d-----w- C:\ProgramData\IObit
2015-06-06 13:42:36 -------- d-----w- C:\ProgramData\ProductData
2015-06-06 13:42:31 -------- d-----w- C:\Program Files (x86)\IObit
2015-06-06 13:42:25 -------- d-----w- C:\Users\lorenzo\AppData\Roaming\IObit
2015-06-05 22:07:01 38200 ----a-w- C:\Windows\System32\drivers\TSSKX64.sys
2015-06-05 22:06:56 87864 ----a-w- C:\Windows\System32\drivers\TFsFltX64.sys
2015-06-05 22:03:36 815304 ---h--w- C:\i??pl?r?.b?t.exe
2015-06-05 22:03:36 109 ---h--w- C:\iexplore.bat
2015-06-01 12:28:24 -------- d-----w- C:\Users\lorenzo\AppData\Local\GWX
2015-06-01 07:13:49 2997544 ----a-w- C:\Windows\SysWow64\nvapi.dll
2015-06-01 07:13:49 1898312 ----a-w- C:\Windows\System32\nvdispco6435306.dll
2015-06-01 07:13:49 1557832 ----a-w- C:\Windows\System32\nvdispgenco6435306.dll
2015-06-01 06:59:34 -------- d-----w- C:\ProgramData\boost_interprocess
.
==================== Find3M ====================
.
2015-06-17 06:48:17 937616 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-06-17 06:48:16 62792 ----a-w- C:\Windows\System32\nvshext.dll
2015-06-17 06:48:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2015-06-17 06:48:16 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-06-17 06:48:15 6873232 ----a-w- C:\Windows\System32\nvcpl.dll
2015-06-17 06:48:15 3492168 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-06-03 21:04:55 1320304 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-06-03 21:04:55 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-06-03 21:04:45 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-06-03 21:04:45 1571696 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-06-02 14:11:26 4421614 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-19 07:52:58 287200 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-05-12 12:39:14 281568 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2015-05-12 12:36:54 253408 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2015-05-12 12:36:52 224224 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-05-12 06:27:22 1898312 ----a-w- C:\Windows\System32\nvdispco6435286.dll
2015-05-12 06:27:22 1557648 ----a-w- C:\Windows\System32\nvdispgenco6435286.dll
2015-05-09 13:40:34 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-07 11:50:22 378336 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2015-05-01 13:17:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 13:42:52,40 ===============


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25/11/2014 20:14:36
System Uptime: 29/06/2015 07:01:16 (6 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H97-HD3
Processor: Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz | SOCKET 0 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 40,335 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 466 GiB total, 289,643 GiB free.
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda Microsoft Teredo Tunneling
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP147: 27/06/2015 07:20:22 - Windows Update
RP148: 28/06/2015 17:48:24 - Installed AVG 2015
RP149: 28/06/2015 17:48:33 - Installed AVG 2015
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.11) - Italiano
Adobe Refresh Manager
Aggiornamenti NVIDIA 2.4.5.44
Alternative Look for Triss
Alternative Look for Yennefer
AVG 2015
Ballad Heroes - Neutral Gwent Card Set
Beard and Hairstyle Set
Castle Crashers
CCleaner
CDBurnerXP
CPUID HWMonitor 1.25
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB3054883) 32-Bit Edition
Elite Crossbow Set
GOG Galaxy
Google Chrome
Google Chrome Canary
Google Update Helper
High-Definition Video Playback 10
Intel(R) Chipset Device Software
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
IObit Uninstaller
Java 8 Update 45
Java Auto Updater
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware versione 2.1.6.1022
Microsoft .NET Framework 4.5.1 (ITA)
Microsoft .NET Framework 4.5.1 (Italiano)
Microsoft .NET Framework 4.5.2
Microsoft ASP.NET MVC 4 Runtime
Microsoft Office Access MUI (Italian) 2010
Microsoft Office Excel MUI (Italian) 2010
Microsoft Office Groove MUI (Italian) 2010
Microsoft Office InfoPath MUI (Italian) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Italian) 2010
Microsoft Office Outlook MUI (Italian) 2010
Microsoft Office PowerPoint MUI (Italian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (Italian) 2010
Microsoft Office Publisher MUI (Italian) 2010
Microsoft Office Shared 64-bit MUI (Italian) 2010
Microsoft Office Shared MUI (Italian) 2010
Microsoft Office Word MUI (Italian) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA
MSI Afterburner 4.0.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
New Quest - Contract - Skellige's Most Wanted
New Quest - Contract Missing Miners
New Quest - Fool's Gold
New Quest - Scavenger Hunt - Wolf School Gear
Nilfgaardian Armor Set
NVIDIA Driver 3D Vision 353.30
NVIDIA Driver audio HD 1.3.34.3
NVIDIA Driver del controller 3D Vision 352.65
NVIDIA Driver grafico 353.30
NVIDIA GeForce Experience 2.4.5.44
NVIDIA GeForce Experience Service
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 16.13.42
NVIDIA PhysX System Software 9.15.0428
NVIDIA ShadowPlay 2.4.5.44
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.28
osu!
Pannello di controllo NVIDIA 353.30
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recuva
RivaTuner Statistics Server 6.2.0
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft Excel 2010 (KB3054845) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2863817) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054834) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3054835) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3054842) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
SHIELD Wireless Controller Driver
Skellige Armor Set
Skype™ 7.0
Software per periferiche con chipset Intel®
Spotify
Spybot - Search & Destroy
Steam
TeamSpeak 3 Client
Temerian Armor Set
The Witcher 2 - Assassins of Kings Enhanced Edition
The Witcher 3 - Wild Hunt
Titan Souls
TP-LINK TL-WN725N_TL-WN723N Driver
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965291) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965296) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054875) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3054881) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2965292) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
WinRAR 5.11 (64-bit)
.
==== End Of File ===========================
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am
Advertisement
Register to Remove

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby Cypher » June 29th, 2015, 10:40 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs installed:
    AVG 2015
    Microsoft Security Essentials
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Please remove one of them then reboot your computer.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby megatonante » June 29th, 2015, 11:10 am

Hello Cypher, thank you for helping me. I will post the logs you requested.

I remembered that I actually ran ADWcleaner some days ago, that's why the log has [2] in the file name, I think:

# AdwCleaner v4.207 - Creato file registro eventi 29/06/2015 in 17:03:05
# Aggiornato 21/06/2015 da Xplode
# Database : 2015-06-23.1 [Server]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x64)
# Nome utente : lorenzo - LORENZO-PC
# In esecuzione da : I:\Lorenzo\Downloads\adwcleaner_4.207.exe
# Opzione : Pulizia

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

File Eliminato : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Attività pianificate ] *****


***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Eliminato : HKLM\SOFTWARE\Avg Secure Update
Chiave Eliminato : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.130

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://yamdex.net/?searchid=1&l10n=ru&f ... f1e1&text={searchTerms}&search=1&type=7
[C:\Users\Utente2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://yamdex.net/?searchid=1&l10n=ru&f ... f1e1&text={searchTerms}&search=1&type=7
[C:\Users\Utente2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Homepage] :
[C:\Users\Utente2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Startup_URLs] : E0ABF2DFFFAA8F470D5C90F8C6B77A7316B49D042B5329C38E8F23C7A4588F6A"},"software_reporter":{"prompt_reason":"F2246A22C05852098648392084614C1E62E3FEEA9A99DD48BF528418F9456AF6","prompt_seed":"C11CCF51CF118D9845EE9EEEE43BB796C8D5D61269986341DD15F29A3D0FB72C","prompt_version":"52A424B6010C14D940255E6D680E7C3F98310E89D2B3D363FA0E5CB1CACDAAD1"},"sync":{"remaining_rollback_tries":"4B85504F2D396C41D611DBD24269DB073DE6B03F5A493A3AFD7699D7BBC1455E"}},"super_mac":"4264725D76BE6800BE37D52DC05E0280DB875645C7973662E09ACB92528F20A3"},"session":{"restore_on_startup":1,"startup_urls":["hxxps://www.google.it/","hxxp://www.sweet-page.com/?type=hp&ts=1419101302&from=cor&uid=SamsungXSSDX840XSeries_S14ENEACB30221X

-\\ Chrome Canary v45.0.2443.0

[C:\Users\lorenzo\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://yamdex.net/?searchid=1&l10n=ru&f ... f1e1&text={searchTerms}&search=1&type=7

*************************

AdwCleaner[R0].txt - [29249 byte] - [07/06/2015 16:52:46]
AdwCleaner[R1].txt - [1490 byte] - [23/06/2015 16:02:38]
AdwCleaner[R2].txt - [7225 byte] - [29/06/2015 17:00:23]
AdwCleaner[S0].txt - [4468 byte] - [07/06/2015 17:01:29]
AdwCleaner[S1].txt - [1515 byte] - [23/06/2015 16:03:53]
AdwCleaner[S2].txt - [2775 byte] - [29/06/2015 17:03:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2833 byte] ##########


I just found out that the file is in Italian. Let me know if you need it in english, I will change language.
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby megatonante » June 29th, 2015, 11:11 am

FRST:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by lorenzo (administrator) on LORENZO-PC on 29-06-2015 17:07:31
Running from C:\Users\lorenzo\Downloads
Loaded Profiles: lorenzo (Available Profiles: lorenzo & Utente2 & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer Networking Ltd.) I:\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GOG.com) I:\GalaxyClient\GalaxyClient.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(GOG.com) I:\GalaxyClient\GalaxyClient Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\Run: [GalaxyClient] => I:\GalaxyClient\GalaxyClient.exe [7457336 2015-05-29] (GOG.com)
HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\Run: [Google Update] => C:\Users\lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-23] (Google Inc.)
HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\MountPoints2: {f331b4c7-74d3-11e4-b42e-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-27] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3605605216-2172490748-286441502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
URLSearchHook: [S-1-5-21-3605605216-2172490748-286441502-1000] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3605605216-2172490748-286441502-1000 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605605216-2172490748-286441502-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605605216-2172490748-286441502-1000 -> {816B9CC1-0198-4B55-B57A-AE03B41B7AC8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3605605216-2172490748-286441502-1000 -> {D82AF163-7234-4F5C-B8E4-A506945F71A7} URL = http://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-06-06] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16FCD8C0-3A17-480D-83DC-348D8288DF36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{80E3E5D7-31BE-4B1C-93C0-0E8264DFC3BD}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3605605216-2172490748-286441502-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-3605605216-2172490748-286441502-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\lorenzo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (AdBlock) - C:\Users\lorenzo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GalaxyClientService; I:\GalaxyClient\GalaxyClientService.exe [1751096 2015-05-29] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6677048 2015-06-17] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-06-06] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMService; I:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
R2 SBSDWSCService; I:\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2014-11-29] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-28] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-04-16] (Echobit, LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-11-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-06] (电脑管家)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 17:05 - 2015-06-29 17:07 - 00015879 _____ C:\Users\lorenzo\Downloads\FRST.txt
2015-06-29 17:01 - 2015-06-29 17:01 - 02112512 _____ (Farbar) C:\Users\lorenzo\Downloads\FRST64.exe
2015-06-29 16:50 - 2015-06-29 16:50 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LORENZO-PC-Windows-7-Ultimate-(64-bit).dat
2015-06-29 16:49 - 2015-06-29 16:49 - 00002235 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-29 16:49 - 2015-06-29 16:49 - 00000000 ____D C:\RegBackup
2015-06-29 16:49 - 2015-06-29 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-29 16:49 - 2015-06-29 16:49 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-29 13:42 - 2015-06-29 13:42 - 00025689 _____ C:\Users\lorenzo\Desktop\dds.txt
2015-06-29 13:42 - 2015-06-29 13:42 - 00009739 _____ C:\Users\lorenzo\Desktop\attach.txt
2015-06-29 07:05 - 2015-06-29 07:05 - 00000000 ____D C:\ProgramData\Avg_Update_0215pi
2015-06-29 07:05 - 2015-06-28 10:37 - 117290174 _____ C:\Users\lorenzo\Desktop\Bird York - The Velvet Hour.rar
2015-06-28 17:48 - 2015-06-29 16:57 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-28 17:48 - 2015-06-28 17:48 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\TuneUp Software
2015-06-28 17:45 - 2015-06-29 16:58 - 00000000 ____D C:\ProgramData\MFAData
2015-06-28 17:45 - 2015-06-28 17:45 - 00000000 ____D C:\Users\lorenzo\AppData\Local\MFAData
2015-06-28 17:32 - 2015-06-29 13:35 - 00002912 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_lorenzo
2015-06-28 17:25 - 2015-06-28 17:25 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-28 11:47 - 2015-06-29 17:07 - 00000000 ____D C:\FRST
2015-06-28 11:27 - 2015-06-29 17:03 - 00000000 ____D C:\Windows\system32\log
2015-06-28 11:26 - 2015-06-28 11:26 - 00867736 _____ () C:\Users\lorenzo\Downloads\yet_another_cleaner_bhr_297.exe
2015-06-28 11:09 - 2015-06-28 11:09 - 00001468 _____ C:\Windows\IE11_main.log
2015-06-28 11:05 - 2015-06-28 11:05 - 02077392 _____ (Microsoft Corporation) C:\Users\lorenzo\Downloads\IE11-Windows6.1.exe
2015-06-24 08:10 - 2015-06-24 08:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2015-06-24 08:09 - 2015-06-24 08:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2015-06-24 07:54 - 2015-06-29 16:58 - 00010004 _____ C:\Windows\PFRO.log
2015-06-23 21:10 - 2015-06-17 08:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-23 21:08 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-23 21:08 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-23 21:08 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-23 21:08 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-23 20:48 - 2015-06-29 17:03 - 00002502 _____ C:\Windows\setupact.log
2015-06-23 20:48 - 2015-06-23 20:48 - 00000000 _____ C:\Windows\setuperr.log
2015-06-23 20:48 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-23 20:48 - 2015-05-19 05:14 - 00061616 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-06-23 20:48 - 2015-05-19 05:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-23 20:44 - 2015-06-27 12:49 - 00002440 _____ C:\Users\lorenzo\Desktop\Google Chrome Canary.lnk
2015-06-23 20:44 - 2015-06-23 20:44 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2015-06-23 20:42 - 2015-06-29 16:47 - 00001168 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000UA.job
2015-06-23 20:42 - 2015-06-28 20:47 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000Core.job
2015-06-23 20:42 - 2015-06-23 20:42 - 00931408 _____ (Google Inc.) C:\Users\lorenzo\Downloads\ChromeSetup.exe
2015-06-23 20:42 - 2015-06-23 20:42 - 00004142 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000UA
2015-06-23 20:42 - 2015-06-23 20:42 - 00003746 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000Core
2015-06-23 16:36 - 2015-06-23 16:36 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-23 16:36 - 2015-06-23 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-23 16:35 - 2015-06-29 17:03 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-23 16:35 - 2015-06-29 16:45 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-23 16:35 - 2015-06-23 20:43 - 00000000 ____D C:\Users\lorenzo\AppData\Local\Google
2015-06-23 16:35 - 2015-06-23 16:40 - 00004146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-23 16:35 - 2015-06-23 16:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-23 16:35 - 2015-06-23 16:35 - 00000000 ____D C:\Users\lorenzo\AppData\Local\Apps\2.0
2015-06-22 07:38 - 2015-06-22 07:39 - 00000000 ____D C:\Users\lorenzo\Desktop\sun kil moon april
2015-06-16 20:24 - 2015-06-16 20:24 - 00000000 ___SH C:\Users\lorenzo\AppData\Local\LumaEmu
2015-06-16 20:24 - 2015-06-16 20:24 - 00000000 ____D C:\Users\lorenzo\AppData\Local\LumaEmu_SteamCloud
2015-06-14 18:35 - 2015-06-26 19:50 - 00000000 ____D C:\Users\lorenzo\Desktop\Tesina
2015-06-14 11:21 - 2015-06-14 11:21 - 00000000 ____D C:\Users\Utente2\AppData\Roaming\ProductData
2015-06-14 11:21 - 2015-06-14 11:21 - 00000000 ____D C:\Users\Utente2\AppData\Roaming\IObit
2015-06-11 21:09 - 2015-06-11 21:09 - 00000000 ____D C:\Users\Utente2\AppData\Local\GWX
2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ProductData
2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IObit
2015-06-10 07:39 - 2015-06-10 07:39 - 00000000 ____D C:\Users\Administrator\Downloads\eMule
2015-06-10 07:39 - 2015-06-10 07:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\eMule
2015-06-09 21:41 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 21:41 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 21:41 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 21:41 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 21:41 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-09 21:41 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-09 21:41 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-09 21:41 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-09 21:41 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-09 21:41 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-09 21:41 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-09 21:41 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-09 21:41 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-09 21:41 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-09 21:41 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-09 21:41 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-09 21:41 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-09 21:41 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-09 21:41 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 21:41 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-09 21:41 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-09 21:41 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-09 21:41 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-09 21:41 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-09 21:41 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-09 21:41 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-09 21:41 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 21:41 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 21:41 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-09 21:41 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-09 21:41 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-09 21:41 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 21:41 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 21:41 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-09 21:41 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-09 21:41 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 21:41 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 21:41 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 21:41 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 21:41 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-09 21:41 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-09 21:41 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 21:41 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-09 21:41 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 21:41 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 21:41 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-09 21:41 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 21:41 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 21:41 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 21:41 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 21:41 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 21:41 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-09 21:41 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-09 21:41 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 21:41 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 21:41 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 21:41 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 21:41 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 21:41 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-09 21:41 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 21:41 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 21:41 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 21:41 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 21:41 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 21:41 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-09 21:41 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-09 21:41 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 21:41 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 21:41 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 21:41 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-09 21:41 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-09 21:41 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 21:41 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 21:41 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-09 21:41 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 21:41 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 21:41 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 21:41 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 21:41 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-09 21:41 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-09 21:41 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 21:41 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-09 21:41 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-09 21:41 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 21:41 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 21:41 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 21:41 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 21:41 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 21:41 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 21:41 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 21:41 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 21:41 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 21:41 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-09 21:41 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 21:41 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 21:41 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-09 21:41 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 21:41 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 21:41 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 21:41 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 21:41 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 21:41 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 21:41 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 21:41 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 21:41 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 21:41 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 21:41 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 21:41 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 21:41 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 21:41 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 21:41 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 21:41 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 21:41 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 21:41 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 18:54 - 2015-06-07 18:54 - 00000270 __RSH C:\Users\Utente2\ntuser.pol
2015-06-07 16:52 - 2015-06-29 17:03 - 00000000 ____D C:\AdwCleaner
2015-06-07 16:51 - 2015-06-23 16:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 16:50 - 2015-06-07 16:50 - 00000613 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-07 16:50 - 2015-06-07 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-07 16:50 - 2015-06-07 16:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-07 16:50 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-07 16:50 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-07 16:50 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-07 16:47 - 2015-06-07 16:47 - 00046592 ___SH C:\Users\lorenzo\Documents\Thumbs.db
2015-06-07 07:32 - 2015-06-07 07:32 - 00000000 ____D C:\Users\lorenzo\Desktop\sl mp3
2015-06-07 07:27 - 2013-03-04 20:12 - 50483328 ____N C:\Users\lorenzo\Downloads\FFSetup3.0.1.1.exe
2015-06-07 07:26 - 2015-06-07 07:26 - 50427733 _____ C:\Users\lorenzo\Downloads\format-factory.zip
2015-06-06 16:10 - 2015-06-23 20:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-06 16:10 - 2015-06-06 16:10 - 00000761 _____ C:\Users\lorenzo\Desktop\Spybot - Search & Destroy.lnk
2015-06-06 16:10 - 2015-06-06 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-06-06 15:51 - 2015-06-24 08:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2015-06-06 15:50 - 2015-06-10 07:39 - 00000000 ____D C:\Users\Administrator
2015-06-06 15:50 - 2015-06-06 15:50 - 00109688 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-06 15:50 - 2015-06-06 15:50 - 00001393 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-06 15:50 - 2015-06-06 15:50 - 00000270 __RSH C:\Users\Administrator\ntuser.pol
2015-06-06 15:50 - 2015-06-06 15:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Risorse di stampa
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Risorse di rete
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Recenti
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Modelli
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Menu Avvio
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Impostazioni locali
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Documents\Video
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Documents\Musica
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Documents\Immagini
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Documenti
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\Dati applicazioni
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Dati applicazioni
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Cronologia
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Nero
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-06 15:50 - 2015-06-06 15:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-06-06 15:50 - 2014-11-29 00:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2015-06-06 15:50 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-06 15:50 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-06 15:42 - 2015-06-29 16:59 - 00000000 ____D C:\ProgramData\ProductData
2015-06-06 15:42 - 2015-06-06 15:42 - 00001252 _____ C:\Users\lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-06-06 15:42 - 2015-06-06 15:42 - 00001228 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\ProductData
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\IObit
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\ProgramData\IObit
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-06 15:39 - 2015-06-06 15:40 - 15889184 _____ (IObit) C:\Users\lorenzo\Downloads\iobituninstaller.exe
2015-06-06 01:58 - 2015-06-06 01:58 - 00000000 _____ C:\Windows\SysWOW64\track
2015-06-06 00:07 - 2015-06-06 00:06 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-06 00:06 - 2015-06-06 00:06 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-06 00:03 - 2015-06-06 15:40 - 00001304 __RSH C:\ProgramData\ntuser.pol
2015-06-06 00:03 - 2015-06-06 15:40 - 00000270 __RSH C:\Users\lorenzo\ntuser.pol
2015-06-06 00:03 - 2015-06-06 00:03 - 00000109 ____H C:\iexplore.bat
2015-06-06 00:03 - 2015-04-22 03:48 - 00815304 ____H (Microsoft Corporation) C:\iехplоrе.bаt.exe
2015-06-05 15:36 - 2015-06-05 15:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-05 13:25 - 2015-06-07 16:48 - 00000000 ____D C:\Users\lorenzo\Documents\1000 times better 2.3 lite reshade
2015-06-01 14:28 - 2015-06-01 14:28 - 00000000 ____D C:\Users\lorenzo\AppData\Local\GWX
2015-06-01 09:13 - 2015-06-17 11:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-01 09:13 - 2015-05-28 09:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 09:13 - 2015-05-28 09:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 08:59 - 2015-06-23 20:48 - 00000000 ____D C:\ProgramData\boost_interprocess

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 17:06 - 2014-11-25 21:14 - 01773063 _____ C:\Windows\WindowsUpdate.log
2015-06-29 17:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-29 17:03 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-29 17:03 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-29 15:16 - 2014-11-28 22:09 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\TS3Client
2015-06-29 13:36 - 2015-04-22 09:40 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-29 13:36 - 2015-04-22 09:40 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-29 07:07 - 2009-07-14 12:53 - 00741062 _____ C:\Windows\system32\perfh010.dat
2015-06-29 07:07 - 2009-07-14 12:53 - 00147116 _____ C:\Windows\system32\perfc010.dat
2015-06-29 07:07 - 2009-07-14 07:13 - 01659852 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-28 17:25 - 2015-05-10 14:12 - 00000000 ____D C:\Users\lorenzo\AppData\Local\LogMeIn Hamachi
2015-06-28 10:44 - 2014-12-16 15:48 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\vlc
2015-06-28 07:15 - 2014-11-28 12:56 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-27 16:02 - 2014-12-15 15:06 - 00000000 ____D C:\Users\lorenzo\AppData\Local\Spotify
2015-06-27 15:28 - 2014-12-15 15:05 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\Spotify
2015-06-24 14:03 - 2014-12-25 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-06-24 08:06 - 2014-12-24 10:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 21:19 - 2015-05-23 15:12 - 00000000 ____D C:\Users\Utente2\Documents\The Witcher 3
2015-06-23 21:10 - 2014-11-27 12:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 21:10 - 2014-11-27 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-23 21:10 - 2014-11-27 12:03 - 00000000 ____D C:\temp
2015-06-23 20:49 - 2014-12-07 20:28 - 00000000 ____D C:\Users\Utente2\AppData\Local\NVIDIA Corporation
2015-06-23 20:49 - 2014-12-07 20:28 - 00000000 ____D C:\Users\Utente2\AppData\Local\NVIDIA
2015-06-23 20:48 - 2014-11-27 12:34 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-23 20:30 - 2014-11-28 19:42 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\DAEMON Tools Lite
2015-06-23 20:17 - 2015-04-26 18:08 - 00000000 ____D C:\Program Files (x86)\FreeTime
2015-06-23 16:36 - 2014-11-28 14:03 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-23 16:35 - 2014-11-28 14:02 - 00000000 ____D C:\Users\lorenzo\AppData\Local\Deployment
2015-06-23 16:31 - 2015-01-17 23:51 - 00000000 __SHD C:\Users\lorenzo\AppData\Local\EmieUserList
2015-06-23 16:31 - 2015-01-17 23:51 - 00000000 __SHD C:\Users\lorenzo\AppData\Local\EmieSiteList
2015-06-23 16:31 - 2015-01-17 23:51 - 00000000 __SHD C:\Users\lorenzo\AppData\Local\EmieBrowserModeList
2015-06-22 15:28 - 2015-01-27 12:41 - 00000000 ____D C:\Users\lorenzo\Documents\File di Outlook
2015-06-18 11:31 - 2015-05-19 02:14 - 00000000 ____D C:\Users\lorenzo\Documents\The Witcher 3
2015-06-17 11:10 - 2015-05-19 02:43 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-17 11:10 - 2015-02-10 21:15 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-17 11:10 - 2015-01-24 18:41 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-17 11:10 - 2015-01-24 18:41 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-17 11:10 - 2014-11-28 12:53 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-17 11:10 - 2014-11-28 12:53 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-17 08:48 - 2014-11-28 12:54 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 08:48 - 2014-11-28 12:54 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 08:48 - 2014-11-28 12:54 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 08:48 - 2014-11-28 12:54 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 08:48 - 2014-11-28 12:54 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 08:48 - 2014-11-28 12:54 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-16 19:19 - 2014-12-21 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-15 11:53 - 2014-11-20 00:10 - 00000000 ___RD C:\Users\lorenzo\Desktop\Casa
2015-06-14 10:09 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-11 07:10 - 2015-03-21 22:59 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\dvdcss
2015-06-10 08:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 07:39 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-10 07:20 - 2014-12-12 14:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 07:20 - 2014-11-26 18:15 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 07:20 - 2009-07-14 06:45 - 00409296 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 00:11 - 2014-11-27 16:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 00:10 - 2014-11-26 18:10 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 00:07 - 2014-11-26 18:10 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 00:07 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-06-07 18:54 - 2014-12-07 20:30 - 00109688 _____ C:\Users\Utente2\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-07 18:54 - 2014-12-07 20:28 - 00000000 ____D C:\Users\Utente2
2015-06-07 17:02 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-07 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2015-06-07 16:43 - 2015-04-16 15:10 - 00000000 ____D C:\Program Files\Echobit
2015-06-06 15:40 - 2014-11-25 21:14 - 00000000 ____D C:\Users\lorenzo
2015-06-06 01:58 - 2015-03-21 23:47 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-06-06 00:13 - 2015-03-21 23:48 - 00001171 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-06-06 00:13 - 2014-11-27 16:22 - 00109688 _____ C:\Users\lorenzo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-06 00:07 - 2014-11-25 21:14 - 00000000 ____D C:\Users\lorenzo\AppData\Local\VirtualStore
2015-06-06 00:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-06-06 00:03 - 2014-12-25 23:16 - 00000751 ____R C:\Users\Public\Desktop\Тhе Witсhеr 2 - Аssаssins оf Кings Еnhаnсеd Еditiоn.lnk
2015-06-05 22:07 - 2015-05-17 19:00 - 00000000 ____D C:\Users\Utente2\AppData\Local\LogMeIn Hamachi
2015-06-05 11:27 - 2015-05-19 09:11 - 00000000 ____D C:\Users\lorenzo\AppData\Local\GalaxyCommunicationService
2015-06-03 23:04 - 2014-11-27 12:16 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-03 23:04 - 2014-11-27 12:16 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-03 23:04 - 2014-11-27 12:16 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-03 23:04 - 2014-11-27 12:16 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-02 16:11 - 2014-11-28 12:54 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-05-30 20:30 - 2015-05-25 14:18 - 00000000 ____D C:\Users\lorenzo\Documents\Sweetfx (1000 times better 1.4)
2015-05-30 10:07 - 2014-11-26 16:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-30 07:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-06-16 20:24 - 2015-06-16 20:24 - 0000000 ___SH () C:\Users\lorenzo\AppData\Local\LumaEmu
2014-11-26 16:56 - 2014-11-26 16:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\lorenzo\AppData\Local\Temp\Quarantine.exe
C:\Users\lorenzo\AppData\Local\Temp\sqlite3.dll
C:\Users\Utente2\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Utente2\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 07:38

==================== End of log ============================
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby megatonante » June 29th, 2015, 11:12 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by lorenzo at 2015-06-29 17:07:43
Running from C:\Users\lorenzo\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3605605216-2172490748-286441502-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3605605216-2172490748-286441502-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3605605216-2172490748-286441502-1002 - Limited - Enabled)
lorenzo (S-1-5-21-3605605216-2172490748-286441502-1000 - Administrator - Enabled) => C:\Users\lorenzo
Utente2 (S-1-5-21-3605605216-2172490748-286441502-1003 - Administrator - Enabled) => C:\Users\Utente2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.11) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 2.4.5.44 (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\Google Chrome SxS) (Version: 45.0.2443.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.122 - IObit)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware versione 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d61ab584-9b0a-404e-8a23-76032e6744c0}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{5b6b8fa4-b54c-4388-ba7f-1f8b39b1abea}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{e9c79bb5-31ef-4a80-90e9-1a39971dae23}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
NVIDIA Driver 3D Vision 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Driver grafico 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
osu! (HKLM-x32\...\{e8b4ef0c-36f3-4a2e-a6d8-f955becba225}) (Version: latest - ppy Pty Ltd)
Pannello di controllo NVIDIA 353.30 (Version: 353.30 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software per periferiche con chipset Intel® (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Spotify (HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\GOGPACKTHEWITCHER2EE_is1) (Version: 3.4.0.25 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.6.0 - GOG.com)
Titan Souls (HKLM-x32\...\1427985242_is1) (Version: 2.0.0.1 - GOG.com)
TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3605605216-2172490748-286441502-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3605605216-2172490748-286441502-1000_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\lorenzo\AppData\Local\Google\Chrome SxS\Application\45.0.2443.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3605605216-2172490748-286441502-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3605605216-2172490748-286441502-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lorenzo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

27-06-2015 07:20:22 Windows Update
28-06-2015 17:48:24 Installed AVG 2015
28-06-2015 17:48:33 Installed AVG 2015
29-06-2015 16:51:13 Removed AVG 2015
29-06-2015 16:54:53 Removed AVG 2015

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {45841C41-DC8D-491C-91A9-8EC447D57A5D} - System32\Tasks\Uninstaller_SkipUac_lorenzo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-06-06] (IObit)
Task: {49DD2214-75B7-419B-8A34-41B3CADD0C22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {9753368D-1569-4F27-B867-C0692D38EA9C} - System32\Tasks\{DBEB1221-D3AB-4CB0-81C2-07B0CFF59D84} => pcalua.exe -a C:\Users\lorenzo\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {AE1095AC-CC64-49B8-8A4E-0FB37AC8CA37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000UA => C:\Users\lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {AFE47835-C4CB-4266-8652-DE3D18C2F5D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {C243A6E9-1A16-46B6-8803-39DC2B5528A9} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-29] (Microsoft Corporation)
Task: {CADDEA97-D282-4034-B9B5-3D766D96BC1F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D966A66B-0B55-4D1A-8215-37830998A369} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000Core => C:\Users\lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {DE8CFAD7-9FF4-43C9-8348-3008B0693174} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {E693980F-2498-4AC6-86CE-C06BBAC961AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000Core.job => C:\Users\lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605605216-2172490748-286441502-1000UA.job => C:\Users\lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-28 12:54 - 2015-06-17 08:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-02 13:52 - 2015-06-03 23:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00566272 _____ () I:\GalaxyClient\PocoUtil.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00415744 _____ () I:\GalaxyClient\PocoJSON.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 01784320 _____ () I:\GalaxyClient\PocoFoundation.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00412672 _____ () I:\GalaxyClient\pcre.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00094208 _____ () I:\GalaxyClient\zlib.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00515584 _____ () I:\GalaxyClient\PocoXML.dll
2015-05-19 09:08 - 2015-05-16 18:00 - 00139776 _____ () I:\GalaxyClient\expat.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 01202176 _____ () I:\GalaxyClient\PocoNet.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 02577408 _____ () I:\GalaxyClient\PocoData.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00477184 _____ () I:\GalaxyClient\PocoDataSQLite.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00649728 _____ () I:\GalaxyClient\sqlite.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00340480 _____ () I:\GalaxyClient\PocoZip.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00332288 _____ () I:\GalaxyClient\PocoNetSSL.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00172032 _____ () I:\GalaxyClient\PocoCrypto.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 41299456 _____ () I:\GalaxyClient\libcef.dll
2015-05-19 09:08 - 2015-05-16 18:01 - 00107520 _____ () I:\GalaxyClient\ZLIB1.dll
2015-05-19 09:08 - 2015-05-16 18:00 - 00888832 _____ () I:\GalaxyClient\ffmpegsumo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-06-23 16:36 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-23 16:36 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3605605216-2172490748-286441502-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\lorenzo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SpybotSD TeaTimer => I:\Spybot - Search & Destroy\TeaTimer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F65335BD-E530-4EF7-96C8-3A6ACADC8B88}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{6CA2B399-02FC-441D-A2ED-159B3E08F28B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{10AD1A06-66B9-4F94-8849-560923A03837}] => (Allow) C:\Program Files\DrWeb\dwservice.exe
FirewallRules: [{5A2C0F29-79D5-4A4C-8D26-8CAC81F68ADB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{65A674EB-75E0-4E4B-8EC6-3C130580DEA2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD3446B3-5C13-482D-8970-C7EC3A9ED6F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EFDC8386-F00A-476B-92FB-1B6BCD7134A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FF285955-63F2-4B8E-AA6E-BEA6018DF99E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{45A1CC05-FCB1-4959-9697-A48A1C14D8D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF245DB0-A42A-4FE7-BA08-9F66D1CEF087}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1E78AE30-C681-4BB0-92AA-FACD2E7C2407}I:\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) I:\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{73DBD748-F091-407F-A077-87E545F72F7A}I:\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) I:\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [TCP Query User{65610606-573A-47C2-A646-76A8FD4C696A}C:\users\lorenzo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenzo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DC1A2811-95B8-48BE-A4B7-7512AC01E5C2}C:\users\lorenzo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenzo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{990989FB-F309-4692-BA8F-41DCA2FE358F}C:\users\lorenzo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenzo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CCAFA117-1789-4856-9B78-463CA6BA0D14}C:\users\lorenzo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorenzo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4D029F90-767E-4681-9F7A-17FE063293B0}] => (Allow) I:\Steam\Steam.exe
FirewallRules: [{2FD3EA6A-56AE-4F2D-ABFB-9CD36FDF5BB8}] => (Allow) I:\Steam\Steam.exe
FirewallRules: [{89BE551A-19C7-4390-BC6E-0FF533C38466}] => (Allow) I:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F637F4A2-57FB-41B9-B022-D1FA133BD351}] => (Allow) I:\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF87C222-64EA-4484-B1E7-7FAC40FE92D1}] => (Allow) I:\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{4330B8EF-B758-46C9-BE22-96E1319EF75E}] => (Allow) I:\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{8A439615-2B10-4EB2-95DB-FF3D234C18A9}I:\halo\halo\eldorado.exe] => (Allow) I:\halo\halo\eldorado.exe
FirewallRules: [UDP Query User{E57D36B2-2A6D-4AF9-B853-6EE12C816487}I:\halo\halo\eldorado.exe] => (Allow) I:\halo\halo\eldorado.exe
FirewallRules: [{27FEF32B-2F09-416B-B96F-9C70B99410F1}] => (Block) I:\halo\halo\eldorado.exe
FirewallRules: [{F06B3843-E291-46AA-8D4E-B3342FC3B6B2}] => (Block) I:\halo\halo\eldorado.exe
FirewallRules: [TCP Query User{A50AF6A6-E1A6-4CC3-867E-2D9439660553}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{45823A43-D678-4F51-B076-49D7870531B3}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{4425DD96-B667-4AC6-ACDB-A07306A5AE45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2EFD44F1-FFB8-48A2-9487-3C8020E5B16D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{30E0C942-4CFA-42D5-90B1-1445027025A7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2015 04:54:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
Impossibile trovare il file specificato.
.

Error: (06/28/2015 00:51:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: vlc.exe, versione: 2.2.1.0, timestamp: 0x00000004
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.18869, timestamp: 0x55636317
Codice eccezione: 0xc0000374
Offset errore 0x000cea5f
ID processo che ha generato l'errore: 0xbc8
Ora di avvio dell'applicazione che ha generato l'errore: 0xvlc.exe0
Percorso dell'applicazione che ha generato l'errore: vlc.exe1
Percorso del modulo che ha generato l'errore: vlc.exe2
ID segnalazione: vlc.exe3

Error: (06/27/2015 07:10:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17567, timestamp: 0x4d672ee4
Nome del modulo che ha generato l'errore: mswsock.dll, versione: 6.1.7601.18254, timestamp: 0x522be0b3
Codice eccezione: 0xc0000005
Offset errore 0x00000000000012c6
ID processo che ha generato l'errore: 0xe3c
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3

Error: (06/26/2015 11:58:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (06/26/2015 11:58:23 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generazione del contesto di attivazione non riuscita per "assemblyIdentity1". Errore nel file manifesto o dei criteri "assemblyIdentity2", riga assemblyIdentity3.
Il valore "*" dell'attributo "language" nell'elemento "assemblyIdentity" non è valido.

Error: (06/26/2015 07:34:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (06/26/2015 07:33:09 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generazione del contesto di attivazione non riuscita per "assemblyIdentity1". Errore nel file manifesto o dei criteri "assemblyIdentity2", riga assemblyIdentity3.
Il valore "*" dell'attributo "language" nell'elemento "assemblyIdentity" non è valido.

Error: (06/25/2015 04:53:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (06/24/2015 07:57:07 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2015 07:57:07 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (06/29/2015 05:03:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio atksgt non è stato avviato per il seguente errore:
%%1275

Error: (06/29/2015 05:03:40 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Il caricamento del driver atksgt.sys è stato bloccato.

Error: (06/29/2015 05:03:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0. Questo evento si è già verificato 2 volta(e).

Error: (06/29/2015 05:03:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Programma di installazione dei moduli di Windows è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.

Error: (06/29/2015 05:03:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Nero Update. Questo evento si è già verificato 1 volta(e).

Error: (06/29/2015 05:03:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Protezione software è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.

Error: (06/29/2015 05:03:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (06/29/2015 05:03:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Cache tipi di carattere Windows Presentation Foundation 3.0.0.0 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio.

Error: (06/29/2015 05:03:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio LogMeIn Hamachi Tunneling Engine. Questo evento si è già verificato 1 volta(e).

Error: (06/29/2015 05:03:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio SBSD Security Center Service. Questo evento si è già verificato 1 volta(e).


Microsoft Office:
=========================
Error: (06/29/2015 04:54:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
Impossibile trovare il file specificato.

Error: (06/28/2015 00:51:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.1.000000004ntdll.dll6.1.7601.1886955636317c0000374000cea5fbc801d0b12aeaeaf4afC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Windows\SysWOW64\ntdll.dll099f6057-1d1f-11e5-899d-10feed044d80

Error: (06/27/2015 07:10:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4mswsock.dll6.1.7601.18254522be0b3c000000500000000000012c6e3c01d0b09762ac00dbC:\Windows\Explorer.EXEC:\Windows\system32\mswsock.dlld3b558fd-1c8a-11e5-899d-10feed044d80

Error: (06/26/2015 11:58:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"i:\Lorenzo\downloads\vcredist_arm.exe

Error: (06/26/2015 11:58:23 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*i:\spybot - search & destroy\DelZip179.dlli:\spybot - search & destroy\DelZip179.dll8

Error: (06/26/2015 07:34:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"i:\Lorenzo\downloads\vcredist_arm.exe

Error: (06/26/2015 07:33:09 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*i:\spybot - search & destroy\DelZip179.dlli:\spybot - search & destroy\DelZip179.dll8

Error: (06/25/2015 04:53:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"I:\Lorenzo\Downloads\vcredist_arm.exe

Error: (06/24/2015 07:57:07 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2015 07:57:07 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Contesto: applicazione Windows

Dettagli:
Il catalogo dell'indice del contenuto è danneggiato. (HRESULT : 0xc0041801) (0xc0041801)


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8067.07 MB
Available physical RAM: 5956.99 MB
Total Pagefile: 16132.35 MB
Available Pagefile: 13739.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:40.23 GB) NTFS
Drive i: () (Fixed) (Total:465.75 GB) (Free:289.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 93B96A25)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A9940C30)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby Cypher » June 29th, 2015, 11:43 am

Hi,
Hello Cypher, thank you for helping me.

You're welcome.
Do the following then let me know if you're still having problems.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
IObit Uninstaller


Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\MountPoints2: {f331b4c7-74d3-11e4-b42e-806e6f6e6963} - D:\Run.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    URLSearchHook: [S-1-5-21-3605605216-2172490748-286441502-1000] ATTENTION ==> Default URLSearchHook is missing
    URLSearchHook: HKU\S-1-5-21-3605605216-2172490748-286441502-1000 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-06-06] (IObit)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-06-06] (IObit)
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-06-28 11:26 - 2015-06-28 11:26 - 00867736 _____ () C:\Users\lorenzo\Downloads\yet_another_cleaner_bhr_297.exe
    2015-06-14 11:21 - 2015-06-14 11:21 - 00000000 ____D C:\Users\Utente2\AppData\Roaming\ProductData
    2015-06-14 11:21 - 2015-06-14 11:21 - 00000000 ____D C:\Users\Utente2\AppData\Roaming\IObit
    2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ProductData
    2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IObit
    2015-06-06 15:42 - 2015-06-29 16:59 - 00000000 ____D C:\ProgramData\ProductData
    2015-06-06 15:42 - 2015-06-06 15:42 - 00001228 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\ProductData
    2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\IObit
    2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\ProgramData\IObit
    2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Program Files (x86)\IObit
    2015-06-06 15:39 - 2015-06-06 15:40 - 15889184 _____ (IObit) C:\Users\lorenzo\Downloads\iobituninstaller.exe
    2015-06-01 08:59 - 2015-06-23 20:48 - 00000000 ____D C:\ProgramData\boost_interprocess
    C:\Users\lorenzo\AppData\Local\Temp\Quarantine.exe
    C:\Users\lorenzo\AppData\Local\Temp\sqlite3.dll
    C:\Users\Utente2\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Utente2\AppData\Local\Temp\nvStInst.exe
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
    Task: {9753368D-1569-4F27-B867-C0692D38EA9C} - System32\Tasks\{DBEB1221-D3AB-4CB0-81C2-07B0CFF59D84} => pcalua.exe -a C:\Users\lorenzo\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads folder as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby megatonante » June 29th, 2015, 11:58 am

Thank you!! My omnibox is free from noxious influences, and I was able to remove the yamdex research tool from Google Chrome impostations.
You really are a magician to my eyes.
The computer doesn't seem to have any more problems.

Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by lorenzo at 2015-06-29 17:49:48 Run:1
Running from C:\Users\lorenzo\Downloads
Loaded Profiles: lorenzo (Available Profiles: lorenzo & Utente2 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
HKU\S-1-5-21-3605605216-2172490748-286441502-1000\...\MountPoints2: {f331b4c7-74d3-11e4-b42e-806e6f6e6963} - D:\Run.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-3605605216-2172490748-286441502-1000] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3605605216-2172490748-286441502-1000 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-06-06] (IObit)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-06-06] (IObit)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-06-28 11:26 - 2015-06-28 11:26 - 00867736 _____ () C:\Users\lorenzo\Downloads\yet_another_cleaner_bhr_297.exe
2015-06-14 11:21 - 2015-06-14 11:21 - 00000000 ____D C:\Users\Utente2\AppData\Roaming\ProductData
2015-06-14 11:21 - 2015-06-14 11:21 - 00000000 ____D C:\Users\Utente2\AppData\Roaming\IObit
2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ProductData
2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IObit
2015-06-06 15:42 - 2015-06-29 16:59 - 00000000 ____D C:\ProgramData\ProductData
2015-06-06 15:42 - 2015-06-06 15:42 - 00001228 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\ProductData
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Users\lorenzo\AppData\Roaming\IObit
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\ProgramData\IObit
2015-06-06 15:42 - 2015-06-06 15:42 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-06 15:39 - 2015-06-06 15:40 - 15889184 _____ (IObit) C:\Users\lorenzo\Downloads\iobituninstaller.exe
2015-06-01 08:59 - 2015-06-23 20:48 - 00000000 ____D C:\ProgramData\boost_interprocess
C:\Users\lorenzo\AppData\Local\Temp\Quarantine.exe
C:\Users\lorenzo\AppData\Local\Temp\sqlite3.dll
C:\Users\Utente2\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Utente2\AppData\Local\Temp\nvStInst.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
Task: {9753368D-1569-4F27-B867-C0692D38EA9C} - System32\Tasks\{DBEB1221-D3AB-4CB0-81C2-07B0CFF59D84} => pcalua.exe -a C:\Users\lorenzo\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor

EmptyTemp:
CMD: ipconfig /flushdns
*****************

C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe => No running process found
"HKU\S-1-5-21-3605605216-2172490748-286441502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f331b4c7-74d3-11e4-b42e-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{f331b4c7-74d3-11e4-b42e-806e6f6e6963} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Could not restore Default URLSearchHook.
HKU\S-1-5-21-3605605216-2172490748-286441502-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key removed successfully
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
LiveUpdateSvc => Service removed successfully
gdrv => Service removed successfully
Synth3dVsc => Service removed successfully
tsusbhub => Service removed successfully
VGPU => Service removed successfully
C:\Users\lorenzo\Downloads\yet_another_cleaner_bhr_297.exe => moved successfully.
C:\Users\Utente2\AppData\Roaming\ProductData => moved successfully.
C:\Users\Utente2\AppData\Roaming\IObit => moved successfully.
C:\Users\Administrator\AppData\Roaming\ProductData => moved successfully.
C:\Users\Administrator\AppData\Roaming\IObit => moved successfully.
C:\ProgramData\ProductData => moved successfully.
"C:\Users\Public\Desktop\IObit Uninstaller.lnk" => File/Folder not found.
C:\Users\lorenzo\AppData\Roaming\ProductData => moved successfully.
C:\Users\lorenzo\AppData\Roaming\IObit => moved successfully.
C:\ProgramData\IObit => moved successfully.
C:\Program Files (x86)\IObit => moved successfully.
C:\Users\lorenzo\Downloads\iobituninstaller.exe => moved successfully.
C:\ProgramData\boost_interprocess => moved successfully.
C:\Users\lorenzo\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\lorenzo\AppData\Local\Temp\sqlite3.dll => moved successfully.
C:\Users\Utente2\AppData\Local\Temp\nvSCPAPI.dll => moved successfully.
C:\Users\Utente2\AppData\Local\Temp\nvStInst.exe => moved successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9753368D-1569-4F27-B867-C0692D38EA9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9753368D-1569-4F27-B867-C0692D38EA9C}" => key removed successfully
C:\Windows\System32\Tasks\{DBEB1221-D3AB-4CB0-81C2-07B0CFF59D84} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBEB1221-D3AB-4CB0-81C2-07B0CFF59D84}" => key removed successfully

========= ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========

EmptyTemp: => 1.6 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:49:57 ====
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby Cypher » June 29th, 2015, 12:21 pm

Thank you!! My omnibox is free from noxious influences, and I was able to remove the yamdex research tool from Google Chrome impostations.

Excellent :thumbleft:

In that case you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby megatonante » June 29th, 2015, 12:24 pm

Thank you, Cypher. I have removed the disinfection tools and I have no further questions.

: )
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Yamdex.net and mail.ru are infecting from my chrome omni

Unread postby Cypher » June 29th, 2015, 12:32 pm

megatonante wrote:Thank you, Cypher.

My pleasure, good luck and stay safe :)

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 67 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware