Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013
Ran by SYSTEM on 09-06-2013 10:44:23
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %­ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-10-07] ()
HKLM\...\Run: [bit4id csp store register (M x64)] "RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RegisterMyPhysicalStore [176128 2010-08-10] (bit4id srl)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent [879104 2012-12-20] (Vitzo)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [87336 2010-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-01] (CyberLink)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x]
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IDProtect Monitor] "C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [323664 2010-12-02] (Athena Smartcard Solutions)
HKLM-x32\...\Run: [bit4id csp store register (M)] "C:\Windows\SysWOW64\RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RegisterMyPhysicalStore [176128 2010-08-10] (bit4id srl)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [x]
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKU\Fabry\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-13] (Google Inc.)
HKU\Fabry\...\Winlogon: [Shell] explorer.exe,C:\Users\Fabry\AppData\Roaming\skype.dat [110592 2011-11-16] () <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Fabry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] ()

==================== Drivers (Whitelisted) ====================

S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usbx64.sys [42752 2007-01-17] (Advanced Card Systems Ltd)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-23] (Marvell Semiconductor, Inc.)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-07] (Windows (R) 2003 DDK 3790 provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-09 10:44 - 2013-06-09 10:44 - 00000000 ____D C:\FRST
2013-06-08 12:22 - 2013-06-08 12:22 - 00000000 ____D C:\Windows\System32\SPReview
2013-06-08 08:09 - 2013-06-08 08:12 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-08 03:18 - 2013-06-08 03:27 - 00000000 ____D C:\918204edd2760c47d43a
2013-06-08 03:15 - 2013-06-08 12:20 - 00000004 ____A C:\Users\Fabry\AppData\Roaming\skype.ini
2013-06-04 08:06 - 2013-06-04 08:06 - 00000322 ____A C:\Windows\Tasks\WebReg HP Officejet 5600 series.job
2013-05-31 23:55 - 2013-05-31 23:55 - 00000000 ____D C:\Users\Fabry\ClientVisuale_Infocamere
2013-05-25 05:50 - 2013-05-25 05:52 - 00023187 ____A C:\ProgramData\SchemaPDFA.dat
2013-05-25 05:50 - 2013-05-25 05:52 - 00005565 ____A C:\ProgramData\TypesPDFA.dat
2013-05-25 05:50 - 2013-05-25 05:50 - 00000000 ____D C:\Users\Fabry\AppData\Roaming\callas software
2013-05-14 10:03 - 2013-05-14 10:03 - 00000000 ____D C:\Users\Fabry\dikeTmpdir
2013-05-11 05:03 - 2013-05-11 05:03 - 01666972 ____A C:\Users\Fabry\Downloads\IstanzaXBRL_win7.zip

==================== One Month Modified Files and Folders =======

2013-06-09 10:44 - 2013-06-09 10:44 - 00000000 ____D C:\FRST
2013-06-09 00:34 - 2011-08-19 23:29 - 00100411 ____A C:\Windows\setupact.log
2013-06-09 00:34 - 2011-07-21 13:12 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-09 00:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-08 12:23 - 2011-03-14 22:46 - 01871108 ____A C:\Windows\WindowsUpdate.log
2013-06-08 12:22 - 2013-06-08 12:22 - 00000000 ____D C:\Windows\System32\SPReview
2013-06-08 12:20 - 2013-06-08 03:15 - 00000004 ____A C:\Users\Fabry\AppData\Roaming\skype.ini
2013-06-08 12:13 - 2012-09-13 13:14 - 00001148 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 12:13 - 2012-04-01 21:01 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-08 08:12 - 2013-06-08 08:09 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-08 07:15 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-08 07:15 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-08 07:08 - 2012-09-13 13:14 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 03:27 - 2013-06-08 03:18 - 00000000 ____D C:\918204edd2760c47d43a
2013-06-08 03:27 - 2011-07-02 05:56 - 00000000 ____D C:\users\Fabry
2013-06-08 03:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-06-08 01:27 - 2011-07-21 12:59 - 00000000 ____D C:\Users\Fabry\Documents\Youcam
2013-06-07 08:24 - 2012-01-07 15:05 - 00000000 ____D C:\Coge07
2013-06-06 12:08 - 2012-09-13 13:15 - 00002143 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-05 00:01 - 2011-03-15 14:46 - 00698804 ____A C:\Windows\System32\perfh010.dat
2013-06-05 00:01 - 2011-03-15 14:46 - 00127998 ____A C:\Windows\System32\perfc010.dat
2013-06-05 00:01 - 2009-07-13 21:13 - 01541618 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-04 08:06 - 2013-06-04 08:06 - 00000322 ____A C:\Windows\Tasks\WebReg HP Officejet 5600 series.job
2013-06-04 06:44 - 2012-03-31 05:08 - 00000000 ____D C:\Users\Fabry\AppData\Local\CrashDumps
2013-06-03 09:04 - 2012-05-21 08:07 - 00045478 ____A C:\Users\Fabry\LOGdeSign.log
2013-06-03 09:04 - 2012-05-18 07:15 - 00000501 ____A C:\Users\Fabry\dike.ini
2013-06-01 05:00 - 2011-03-14 22:46 - 00000000 ____D C:\Windows\softwaredistribution.bak
2013-06-01 03:37 - 2012-01-07 14:40 - 00000000 ___RD C:\Users\Fabry\Desktop\Wild Soluzioni s.r.l
2013-05-31 23:55 - 2013-05-31 23:55 - 00000000 ____D C:\Users\Fabry\ClientVisuale_Infocamere
2013-05-27 10:46 - 2009-07-13 21:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-25 05:52 - 2013-05-25 05:50 - 00023187 ____A C:\ProgramData\SchemaPDFA.dat
2013-05-25 05:52 - 2013-05-25 05:50 - 00005565 ____A C:\ProgramData\TypesPDFA.dat
2013-05-25 05:50 - 2013-05-25 05:50 - 00000000 ____D C:\Users\Fabry\AppData\Roaming\callas software
2013-05-25 05:50 - 2011-07-02 06:17 - 00000000 ____D C:\Users\Fabry\AppData\Local\Adobe
2013-05-17 01:51 - 2012-07-06 08:20 - 00002088 ____A C:\Users\Fabry\Desktop\Servizi CGN 12 PM27393.lnk
2013-05-15 10:59 - 2011-07-27 06:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 10:57 - 2011-08-01 10:49 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 09:04 - 2012-04-01 21:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 09:04 - 2011-07-27 10:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 10:08 - 2013-01-18 14:26 - 00000000 ____D C:\Users\Fabry\Desktop\Provvisorio
2013-05-14 10:03 - 2013-05-14 10:03 - 00000000 ____D C:\Users\Fabry\dikeTmpdir
2013-05-14 09:54 - 2012-04-17 09:24 - 00000000 ____D C:\prtele
2013-05-13 06:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-11 05:03 - 2013-05-11 05:03 - 01666972 ____A C:\Users\Fabry\Downloads\IstanzaXBRL_win7.zip

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1309665003-1285200881-1394159564-1002\$7e1df58ba1da9ae8265c14bb1e8043f4

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$7e1df58ba1da9ae8265c14bb1e8043f4

Files to move or delete:
====================
C:\Users\Fabry\AppData\Roaming\skype.dat
C:\Users\Fabry\AppData\Roaming\skype.ini
C:\ProgramData\SchemaPDFA.dat
C:\ProgramData\TypesPDFA.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-08 03:18:48
Restore point made on: 2013-06-08 12:21:07

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4009.55 MB
Available physical RAM: 3375.92 MB
Total Pagefile: 4007.7 MB
Available Pagefile: 3373.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:124 GB) (Free:54.1 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:317.78 GB) (Free:238.14 GB) NTFS (Disk=0 Partition=4)
Drive f: (SAMSUNG_REC) (Fixed) (Total:23.88 GB) (Free:0.94 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:1.84 GB) (Free:1.58 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FDF38C38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=318 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=24 GB) - (Type=27)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=-336763289600) - (Type=0D)


LastRegBack: 2013-06-03 10:45

==================== End Of Log ============================