Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NOD32 and mbam can't clean: Operating memory - Win32/Ainslot.AA W


  • Please log in to reply

#1
AlessandroGi

AlessandroGi

    New Member

  • Member
  • Pip
  • 6 posts
Hello,

as of today I found out that my operating memory is infected with a Ainslot.AA worm (I have in fact no clue what is it though).
I have read many topics on this forums to find out whether someone has had this problem as well but I couldn't find any exact, that's why I'm making a new topic now.

Today I've done the following:
- Scanned my system with NOD32 Antivirus 5, detected a virus in my computer (Operating memory » C:\Users\Alessandro\AppData\Local\Temp\svchost.exe - Win32/Ainslot.AA worm - unable to clean), said it was unable to clean
- Googled the problem and found out that Malwarebytes Anti-Malware would get rid of the malware, did a quick scan and the worm (and some other malware as well) got detected so I rebooted as prompted to delete them.
- After some minutes after the reboot my NOD32 said that a virus was found with the startup scan, it again on the same file (svchost.exe) and again an Win32/Ainslot.AA worm, so I figured the virus was not deleted
- This time I performed a full system scan with mbam and it said there were 6 other threats, 4 of which were already in the previous quick scan of mbam and that were deleted (File: svchost.exe, Memory Process: svchost.exe, File: msupdate.exe and something in the Registry Key "HKCU\Software\VB and VBA Program Settings\SrvID"). I again selected these and removed then and rebooted as prompted to finish the process.
- After rebooting I scanned my operating memory with NOD32, and it said there was still a virus in svchost.exe, and still an Ainslot.AA worm.
- I re-quickscanned with mbam and again, those 4 files that were to be deleted in the two previous scans of mbam were (and still are) there! (The one noted above)

Now I reckoned it was a good time to make a new topic, since this is pretty strange to me.
I downloaded OTL and this is my scan.

I hope someone can help me to solve this problem, since I'm really worried about this virus I cannot get rid of!

Thanks in advance,
Alessandro


edit
I have just installed a bunch of programs from the guide (Online Armor, Spyware Blaster and SpywareGuard).
When I rebooted, I checked my outgoing connections in the (just installed) Online Armor firewall, svchost.exe was connected to some IP in Taiwan (I live in The Netherlands), after a few seconds the firewall blocked automatically svchost.exe

Does this mean that someone in Taiwan was connected to my computer?
I want to get rid of this infection as soon as possible, so please help!



OTL logfile created on: 4/13/2012 3:19:43 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Alessandro\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 33.20% Memory free
7.90 Gb Paging File | 4.69 Gb Available in Paging File | 59.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.34 Gb Total Space | 193.07 Gb Free Space | 42.97% Space Free | Partition Type: NTFS
Drive E: | 11.12 Gb Total Space | 1.60 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.63% Space Free | Partition Type: FAT32

Computer Name: LAPTOP-DANDO | User Name: Alessandro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 15:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/18 23:17:13 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/10/23 00:26:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/19 16:41:09 | 002,967,880 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectify.exe
PRC - [2011/09/29 20:10:18 | 000,277,832 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2011/09/29 20:10:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/04/05 20:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/04/05 00:46:48 | 000,030,776 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2011/04/01 22:45:50 | 000,821,584 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011/03/31 01:57:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/03/30 00:24:52 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2011/03/29 02:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/22 03:05:18 | 000,293,944 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/03/21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
PRC - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2011/03/16 20:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/03/16 20:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/03/10 21:08:00 | 012,277,760 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/03/10 21:07:52 | 000,320,512 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011/02/25 23:26:46 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 19:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/20 07:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2011/01/20 07:50:16 | 000,329,056 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2011/01/20 07:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2011/01/20 06:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2011/01/17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 20:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2010/11/05 03:57:40 | 000,032,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Alessandro\AppData\Local\Temp\svchost.exe
PRC - [2010/11/05 03:57:40 | 000,032,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Alessandro\AppData\Local\Temp\svchost.exe
PRC - [2010/07/30 04:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/18 16:12:56 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\razerhid.exe
PRC - [2008/01/12 10:19:12 | 000,036,864 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B19\intel_a\code\bin\CATSysDemon.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/08/03 13:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/08/03 13:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/08/07 17:00:28 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Habu\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/29 00:51:58 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/23 18:23:34 | 000,876,928 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012/03/18 23:17:13 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/13 15:15:15 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\613ca3fba5bbcf6e9346170c9c2e4e65\System.WorkflowServices.ni.dll
MOD - [2011/11/13 15:14:56 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\01a1449b79d76e7cf39438cdd55cefbf\System.ServiceModel.Web.ni.dll
MOD - [2011/11/13 15:13:01 | 001,083,392 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll
MOD - [2011/11/13 15:13:00 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MOD - [2011/11/13 15:12:58 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
MOD - [2011/11/13 15:12:56 | 017,478,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll
MOD - [2011/11/13 15:12:37 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll
MOD - [2011/11/13 15:12:37 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011/11/13 02:31:40 | 011,819,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/11/13 02:31:35 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/11/13 02:31:15 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/13 02:31:09 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/13 02:30:59 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/13 02:30:57 | 000,680,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
MOD - [2011/11/13 02:30:55 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/13 02:30:52 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/13 02:30:52 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/13 02:30:44 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/29 20:10:22 | 000,035,144 | ---- | M] () -- C:\Program Files (x86)\Connectify\Scannify.dll
MOD - [2011/09/29 20:10:20 | 000,022,856 | ---- | M] () -- C:\Program Files (x86)\Connectify\DriverLib.dll
MOD - [2011/09/29 20:10:18 | 000,014,152 | ---- | M] () -- C:\Program Files (x86)\Connectify\BuildProps.dll
MOD - [2011/09/13 22:37:50 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2011/08/03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/05/05 00:04:44 | 001,558,120 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2011/03/30 00:24:52 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/03/07 20:00:12 | 000,366,208 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011/01/12 20:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/25 07:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/18 16:12:56 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\razerhid.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007/03/13 12:28:36 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll
MOD - [2005/08/17 13:23:16 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\download.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 23:10:41 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/22 23:10:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/01 22:45:52 | 000,485,712 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/03/30 00:00:24 | 001,318,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/03/24 19:24:44 | 003,161,904 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011/03/18 00:06:50 | 000,132,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/07/30 04:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/05/25 15:59:14 | 002,156,120 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/12 10:19:12 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B19\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/31 14:52:57 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/29 00:51:59 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/23 00:26:44 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/29 20:10:08 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/08 14:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/05 20:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/04/05 00:46:48 | 000,030,776 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2011/03/29 02:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/24 19:13:02 | 002,762,032 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/03/22 03:05:18 | 000,293,944 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/03/16 20:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/10 21:07:52 | 000,320,512 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/03/07 20:00:18 | 000,464,512 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/02/25 23:26:46 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2011/02/15 14:30:08 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011/01/26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/01/20 07:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2011/01/20 07:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011/01/20 06:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2011/01/17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 14:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/07 12:49:05 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2011/11/24 21:18:45 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/22 23:12:41 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/09/22 23:10:41 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/16 02:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/05 00:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2011/03/30 00:33:06 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/03/22 02:57:04 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 08:26:08 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/03/03 19:48:38 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/02/09 11:26:50 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/21 19:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/12/10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2010/07/20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/25 15:59:10 | 000,118,872 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 12:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/26 07:31:08 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/10 15:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009/08/07 12:22:08 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/01/02 14:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007/05/11 18:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere MP(UVC)
DRV:64bit: - [2007/05/11 18:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/11 18:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/09/09 03:30:31 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FB421D8C-67B0-44E4-9CFE-7C3DF9206268}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6D9881B7-BD77-4D1F-8BF4-4116199E9923}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKCU\..\SearchScopes\{BBBE7168-7DF6-4735-97CF-3A5E8618E955}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{FB421D8C-67B0-44E4-9CFE-7C3DF9206268}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/04 06:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/03/26 17:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 23:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/12 21:45:18 | 000,000,000 | ---D | M]

[2011/08/21 21:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Extensions
[2012/03/05 14:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\k6r201lu.default\extensions
[2012/03/18 23:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/18 23:17:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/03/01 23:56:53 | 000,002,014 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Habu] C:\Program Files (x86)\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [tmpAF82] C:\Users\Alessandro\AppData\Local\Temp\tmpAF81.tmp.exe (īIJħľľřĶĮřĶĢšĺľĪĢŜĢĺĪĺIJőššřħīňŇ)
O4 - HKCU..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alessandro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alessandro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE417335-7ECA-4879-9648-9D8B0A947AEB}: DhcpNameServer = 192.168.1.1 168.95.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ffd93f4b-fb5e-11e0-8920-402cf415437d}\Shell - "" = AutoRun
O33 - MountPoints2\{ffd93f4b-fb5e-11e0-8920-402cf415437d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 15:17:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
[2012/04/13 14:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/04/13 14:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/13 14:47:07 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Users\Alessandro\Desktop\ccsetup317.exe
[2012/04/13 12:30:20 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Malwarebytes
[2012/04/13 12:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/13 12:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/13 12:30:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/13 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/13 12:14:11 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alessandro\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 17:24:46 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Alessandro\AppData\Roaming\FHR1SPJN4H.exe
[2012/04/10 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Documents\WebStripper
[2012/04/10 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\WebStripper
[2012/04/10 11:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageNest
[2012/04/10 11:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solent
[2012/04/05 08:30:08 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/04/04 15:22:05 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\jagexcache3
[2012/04/04 15:21:23 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\jagexcache2
[2012/04/01 18:45:50 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/04/01 18:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/04/01 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\EpicBot
[2012/04/01 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
[2012/04/01 15:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpicBot
[2012/04/01 14:57:47 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Documents\EpicBot
[2012/03/29 00:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
[2012/03/29 00:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2012/03/29 00:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
[2012/03/14 19:59:06 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\jagexcache1

========== Files - Modified Within 30 Days ==========

[2012/04/13 15:21:18 | 000,000,169 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\msupdate.exe
[2012/04/13 15:20:44 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 15:20:44 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 15:18:44 | 000,794,170 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/13 15:18:44 | 000,661,952 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/13 15:18:44 | 000,126,038 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/13 15:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
[2012/04/13 15:17:22 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 15:12:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/13 15:12:13 | 4242,915,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/13 14:47:51 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 14:47:26 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Users\Alessandro\Desktop\ccsetup317.exe
[2012/04/13 14:38:24 | 000,001,034 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2813668203-1597534244-3931931543-1001Core.job
[2012/04/13 14:27:30 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2813668203-1597534244-3931931543-1001UA.job
[2012/04/13 13:28:15 | 000,000,049 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE.dat
[2012/04/13 12:43:27 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAlessandro.job
[2012/04/13 12:30:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 12:29:22 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alessandro\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/13 01:02:07 | 000,000,050 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE1.dat
[2012/04/11 15:20:56 | 000,008,743 | ---- | M] () -- C:\Users\Alessandro\Desktop\Xbox-360notext.jpg
[2012/04/11 14:48:07 | 000,229,672 | ---- | M] () -- C:\Users\Alessandro\Desktop\CrucialScan.exe
[2012/04/11 11:33:13 | 000,498,880 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/04/10 15:24:37 | 000,271,200 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/04/10 15:24:37 | 000,271,200 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/04/10 00:44:13 | 000,000,050 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE2.dat
[2012/04/09 20:36:54 | 002,157,068 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\RSBot.db
[2012/04/08 15:53:18 | 000,271,200 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012/04/05 18:44:31 | 000,000,050 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE3.dat
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/03 23:49:24 | 000,151,552 | ---- | M] () -- C:\windows\SysWow64\nvRegDev.dll

========== Files Created - No Company Name ==========

[2012/04/13 15:14:17 | 000,000,169 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\msupdate.exe
[2012/04/13 14:47:51 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 12:30:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 15:20:55 | 000,008,743 | ---- | C] () -- C:\Users\Alessandro\Desktop\Xbox-360notext.jpg
[2012/04/11 14:48:06 | 000,229,672 | ---- | C] () -- C:\Users\Alessandro\Desktop\CrucialScan.exe
[2012/04/04 15:22:05 | 000,000,050 | ---- | C] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE3.dat
[2012/04/04 15:21:23 | 000,000,050 | ---- | C] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE2.dat
[2012/04/03 23:49:33 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\nvRegDev.dll
[2012/03/29 00:52:00 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/21 03:18:17 | 002,157,068 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\RSBot.db
[2012/03/14 19:59:06 | 000,000,050 | ---- | C] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE1.dat
[2012/03/10 18:56:49 | 000,002,623 | ---- | C] () -- C:\windows\Irremote.ini
[2012/02/29 21:21:24 | 000,042,392 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
[2012/02/26 00:17:47 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/02/26 00:17:47 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/01/26 20:38:47 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2012/01/21 23:49:41 | 000,045,568 | ---- | C] () -- C:\windows\UniFish3.exe
[2012/01/07 20:17:35 | 000,001,057 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\vso_ts_preview.xml
[2011/11/18 15:57:01 | 000,000,745 | ---- | C] () -- C:\windows\CoD.INI
[2011/09/18 16:31:28 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/14 00:07:51 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/26 02:00:33 | 000,271,200 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/08/26 02:00:26 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/08/26 02:00:12 | 000,000,331 | ---- | C] () -- C:\windows\game.ini
[2011/08/04 14:28:49 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/08/04 14:28:49 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2011/05/04 05:45:50 | 000,780,082 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/01 22:45:52 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/04/01 22:45:50 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/04/01 22:45:50 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011/03/29 19:21:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011/03/26 04:43:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/03/26 04:43:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/03/25 14:37:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011/03/14 20:15:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2011/03/11 17:52:54 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011/03/07 20:00:12 | 000,366,208 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/02/26 00:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/02/21 18:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011/01/11 05:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010/12/07 08:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2010/12/07 08:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

========== LOP Check ==========

[2012/04/08 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Azureus
[2012/01/26 20:30:04 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DAEMON Tools Lite
[2012/01/08 22:54:02 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DassaultSystemes
[2011/08/21 21:06:49 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DigitalPersona
[2012/04/13 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Dropbox
[2012/02/12 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DVDVideoSoft
[2011/10/14 18:58:46 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/01 15:11:02 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\EpicBot
[2011/10/20 23:18:26 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\ESET
[2012/02/15 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\IBM
[2011/11/13 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\IDT
[2011/08/21 21:07:09 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Infineon
[2011/12/25 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Leadertech
[2011/08/26 15:35:24 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\LolClient
[2011/11/24 02:32:40 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Mumble
[2012/02/11 20:46:26 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Nokia
[2012/02/11 20:46:26 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Nokia Suite
[2011/10/04 00:46:40 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\PC Suite
[2011/09/29 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Razer
[2011/11/06 03:53:00 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\SplitMediaLabs
[2012/02/21 14:01:18 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\SPORE
[2012/02/24 01:59:31 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Spotify
[2011/08/21 21:17:04 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Synaptics
[2011/10/23 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\TS3Client
[2012/01/06 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\TuneUpMedia
[2012/01/08 02:35:07 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Vso
[2012/04/11 01:25:18 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\WebStripper
[2012/03/24 05:54:31 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by AlessandroGi, 13 April 2012 - 08:35 AM.

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello AlessandroGi and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.


  • 0

#3
AlessandroGi

AlessandroGi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey GLeobas,
thanks for your reply and thanks for helping me!

I'd like to point out that out of my frustation for this virus, yesterday I've googled the whole day and searched many other topics on your site to see how other people got rid of their malware.

I found one solution that looked interesting: download and run TFC.
After running and rebooting the svchost.exe from the temp folder was (finally) gone, since I figured out every time mbam cleaned it, it would just generate a new one at boot.
Now that the svchost.exe is gone, I rescanned with mbam and nod32 several times both my memory and my hdd, and it says that there is no virus/malware anymore.

Still I am not sure whether it's completely gone since my pc tends to act a little slow (it's just my impression), and also since I think it's rather strange that both mbam and nod32 couldn't get rid of a virus and a program that cleares temporary files can.

Therefore I would still like some help to know whether this infection is completely gone and I'm willing to do any scans that you ask me for.

Thanks!
Alessandro

Edited by AlessandroGi, 14 April 2012 - 03:20 AM.

  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
    IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
    IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
    O4 - HKCU..\Run: [tmpAF82] C:\Users\Alessandro\AppData\Local\Temp\tmpAF81.tmp.exe (īIJħľľřĶĮřĶĢĺľĪĢŜĢĺĪĺIJőřħīňŇ)
    [2012/04/13 15:21:18 | 000,000,169 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\msupdate.exe
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
AlessandroGi

AlessandroGi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey WhiteHat (Have you changed your nickname??),


Thanks for helping me out!
I've done the OTL fix you gave me and I got this log, I'd like to point out though that the reboot took longer then normally and the computer is still really slow at this moment after the boot, while normally it behaves perfectly.
Anyway this is the OTL Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmpAF82 deleted successfully.
File C:\Users\Alessandro\AppData\Local\Temp\tmpAF81.tmp.exe not found.
File C:\Users\Alessandro\AppData\Roaming\msupdate.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alessandro
->Temp folder emptied: 79247703 bytes
->Temporary Internet Files folder emptied: 16482871 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 462505532 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3005 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46717844 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 577.00 mb


[EMPTYFLASH]

User: Alessandro
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04142012_233018

Files\Folders moved on Reboot...
C:\Users\Alessandro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Alessandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IM0QBU4\MsgrConfig[1].xml moved successfully.

Registry entries deleted on Reboot...




and this is the aswMBR.exe log:




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-14 23:38:26
-----------------------------
23:38:26.220 OS Version: Windows x64 6.1.7601 Service Pack 1
23:38:26.220 Number of processors: 8 586 0x2A07
23:38:26.221 ComputerName: LAPTOP-DANDO UserName: Alessandro
23:38:29.364 Initialize success
23:38:47.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:38:47.951 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
23:38:47.957 Disk 0 MBR read successfully
23:38:47.962 Disk 0 MBR scan
23:38:47.965 Disk 0 Windows 7 default MBR code
23:38:47.969 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
23:38:47.993 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460127 MB offset 616448
23:38:48.033 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11389 MB offset 942956544
23:38:48.043 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5115 MB offset 966281216
23:38:48.090 Disk 0 scanning C:\windows\system32\drivers
23:39:00.526 Service scanning
23:39:29.471 Modules scanning
23:39:29.490 Disk 0 trace - called modules:
23:39:29.511 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
23:39:29.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066d9060]
23:39:29.863 3 CLASSPNP.SYS[fffff88001ba943f] -> nt!IofCallDriver -> [0xfffffa80065658d0]
23:39:29.869 5 hpdskflt.sys[fffff88001b50189] -> nt!IofCallDriver -> [0xfffffa8004b686e0]
23:39:29.883 7 ACPI.sys[fffff88000eee7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b6e050]
23:39:29.886 Scan finished successfully
23:39:38.539 Disk 0 MBR has been saved successfully to "C:\Users\Alessandro\Desktop\MBR.dat"
23:39:38.546 The log file has been saved successfully to "C:\Users\Alessandro\Desktop\aswMBR.txt"


I'm looking forward to your next reply
Many thanks for offering help by the way, really appreciate it!

Alessandro
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Hey WhiteHat (Have you changed your nickname??),

Yes, I used a nickname for each forum I frequent but I'm now trying to standardize. :happy:

# Step 1 #

Please, Reopen MalwareBytes' Anti-Malware.

  • Go to the tab Updates and click in Download Update. If there's an update, allow MBAM to update its database.
  • Now, click on the tab Verify and select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.



# Step 2 #

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0

#7
AlessandroGi

AlessandroGi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey WhiteHat,
Sorry I didn't respond yesterday but I had an exam today and I still had a bunch to study.

Here is the log from mbam:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alessandro :: LAPTOP-DANDO [administrator]

Protection: Enabled

17/04/2012 07:17:31
mbam-log-2012-04-17 (07-17-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 651292
Time elapsed: 2 hour(s), 7 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Alessandro\Documents\Vuze Downloads\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> No action taken.
C:\Users\Alessandro\Documents\Data\FTP\Adobe\Photoshop CS2\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

(end)



I don't really think that there's malware on the 2 files it mentions. The first file wasn't automatically checked so I left it unchecked (since NOD32 doesn't find any virus or malware with it anyway), I did delete the second file since I don't like that it says that there's a Trojan, although I highly doubt this since I've had this file for about 6 years now or even more and I've had several different antivirusses and neither of them found anything ever on it. I think that mbam is actually a little too strict with some things, yesterday I tried to open a site (it was a site withing facebook) and mbam was blocking it because it said that there was malware, but it was in facebook itself, and I don't think that there's malware in facebook??

Anyway here's the OTL scan log after the reboot:

OTL logfile created on: 4/17/2012 1:58:13 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Alessandro\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 44.82% Memory free
7.90 Gb Paging File | 5.37 Gb Available in Paging File | 67.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.34 Gb Total Space | 188.82 Gb Free Space | 42.02% Space Free | Partition Type: NTFS
Drive E: | 11.12 Gb Total Space | 1.60 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.63% Space Free | Partition Type: FAT32

Computer Name: LAPTOP-DANDO | User Name: Alessandro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 15:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/02/15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/10/23 00:26:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/04/05 20:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/04/05 00:46:48 | 000,030,776 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2011/04/01 22:45:50 | 000,821,584 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011/03/31 01:57:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/03/30 00:24:52 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2011/03/29 02:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/22 03:05:18 | 000,293,944 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/03/21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
PRC - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2011/03/16 20:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/03/16 20:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/03/10 21:08:00 | 012,277,760 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/03/10 21:07:52 | 000,320,512 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011/02/25 23:26:46 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 19:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/20 07:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2011/01/20 07:50:16 | 000,329,056 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2011/01/20 07:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2011/01/20 06:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2011/01/17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 20:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2010/07/30 04:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/18 16:12:56 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\razerhid.exe
PRC - [2008/01/12 10:19:12 | 000,036,864 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B19\intel_a\code\bin\CATSysDemon.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/08/03 13:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/08/03 13:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/08/07 17:00:28 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Habu\razerofa.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/14 13:04:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\00cb077c2bf82c7fe54b6f93af4b6686\IAStorUtil.ni.dll
MOD - [2012/04/14 10:54:42 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/04/14 10:54:15 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/14 10:54:09 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/14 10:53:57 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/04/14 10:53:53 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/04/14 10:53:50 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/04/14 10:53:49 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/03/23 18:23:34 | 000,876,928 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011/11/13 15:12:37 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011/11/13 02:30:44 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/13 22:37:50 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2011/05/05 00:04:44 | 001,558,120 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2011/03/30 00:24:52 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/03/07 20:00:12 | 000,366,208 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011/01/12 20:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/25 07:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/18 16:12:56 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\razerhid.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007/03/13 12:28:36 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll
MOD - [2005/08/17 13:23:16 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Razer\Habu\download.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 23:10:41 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/22 23:10:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/01 22:45:52 | 000,485,712 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/03/30 00:00:24 | 001,318,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/03/24 19:24:44 | 003,161,904 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011/03/18 00:06:50 | 000,132,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/28 18:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/07/30 04:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/05/25 15:59:14 | 002,156,120 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/12 10:19:12 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B19\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2012/04/16 13:53:44 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/29 00:51:59 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/23 00:26:44 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/08 14:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/05 20:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/04/05 00:46:48 | 000,030,776 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2011/03/29 02:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/24 19:13:02 | 002,762,032 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/03/22 03:05:18 | 000,293,944 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/03/16 20:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/10 21:07:52 | 000,320,512 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/03/07 20:00:18 | 000,464,512 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/02/25 23:26:46 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2011/02/15 14:30:08 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011/01/26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/01/20 07:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2011/01/20 07:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011/01/20 06:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2011/01/17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/11 20:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2011/11/24 21:18:45 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/22 23:12:41 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/09/22 23:10:41 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/16 02:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 00:33:06 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/03/22 02:57:04 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 08:26:08 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/03/03 19:48:38 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/02/09 11:26:50 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/21 19:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/12/10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2010/07/20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/25 15:59:10 | 000,118,872 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 12:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/26 07:31:08 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/10 15:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009/08/07 12:22:08 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/01/02 14:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007/05/11 18:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere MP(UVC)
DRV:64bit: - [2007/05/11 18:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/11 18:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/09/09 03:30:31 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FB421D8C-67B0-44E4-9CFE-7C3DF9206268}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6D9881B7-BD77-4D1F-8BF4-4116199E9923}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKCU\..\SearchScopes\{BBBE7168-7DF6-4735-97CF-3A5E8618E955}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{FB421D8C-67B0-44E4-9CFE-7C3DF9206268}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/04 06:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/14 10:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 23:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/12 21:45:18 | 000,000,000 | ---D | M]

[2011/08/21 21:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Extensions
[2012/03/05 14:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\k6r201lu.default\extensions
[2012/03/18 23:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/18 23:17:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/03/01 23:56:53 | 000,002,014 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Habu] C:\Program Files (x86)\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alessandro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alessandro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE417335-7ECA-4879-9648-9D8B0A947AEB}: DhcpNameServer = 192.168.1.1 168.95.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ffd93f4b-fb5e-11e0-8920-402cf415437d}\Shell - "" = AutoRun
O33 - MountPoints2\{ffd93f4b-fb5e-11e0-8920-402cf415437d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/16 16:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/14 23:38:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Alessandro\Desktop\aswMBR.exe
[2012/04/14 23:30:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/13 17:15:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\TFC.exe
[2012/04/13 16:48:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Alessandro\AppData\Roaming\pcouffin.sys
[2012/04/13 16:48:19 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Documents\PcSetup
[2012/04/13 16:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2012/04/13 16:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2012/04/13 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/13 16:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/04/13 16:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/04/13 15:50:33 | 003,255,248 | ---- | C] (Javacool Software LLC ) -- C:\Users\Alessandro\Desktop\spywareblastersetup46.exe
[2012/04/13 15:44:49 | 029,588,048 | ---- | C] (Emsi Software GmbH ) -- C:\Users\Alessandro\Desktop\OnlineArmorSetup.exe
[2012/04/13 15:17:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
[2012/04/13 14:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/04/13 14:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/13 14:47:07 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Users\Alessandro\Desktop\ccsetup317.exe
[2012/04/13 12:30:20 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Malwarebytes
[2012/04/13 12:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/13 12:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/13 12:30:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/13 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/13 12:14:11 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alessandro\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 17:24:46 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Alessandro\AppData\Roaming\FHR1SPJN4H.exe
[2012/04/10 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Documents\WebStripper
[2012/04/10 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\WebStripper
[2012/04/10 11:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solent
[2012/04/05 08:30:08 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/04/04 15:22:05 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\jagexcache3
[2012/04/04 15:21:23 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\jagexcache2
[2012/04/01 18:45:50 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/04/01 18:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/04/01 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\EpicBot
[2012/04/01 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
[2012/04/01 15:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpicBot
[2012/04/01 14:57:47 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Documents\EpicBot

========== Files - Modified Within 30 Days ==========

[2012/04/17 14:02:36 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 14:02:36 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 14:01:42 | 000,794,170 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/17 14:01:42 | 000,661,952 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/17 14:01:42 | 000,126,038 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/17 13:55:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/17 13:54:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/17 13:54:45 | 4242,915,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 13:25:00 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2813668203-1597534244-3931931543-1001UA.job
[2012/04/16 14:33:20 | 000,001,034 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2813668203-1597534244-3931931543-1001Core.job
[2012/04/14 23:39:38 | 000,000,512 | ---- | M] () -- C:\Users\Alessandro\Desktop\MBR.dat
[2012/04/14 23:38:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Alessandro\Desktop\aswMBR.exe
[2012/04/14 10:56:38 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/04/14 10:48:34 | 000,498,880 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/04/14 10:17:30 | 000,780,082 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/14 00:53:19 | 000,147,881 | ---- | M] () -- C:\Users\Alessandro\Desktop\96659front.jpg
[2012/04/13 17:15:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\TFC.exe
[2012/04/13 16:48:20 | 000,099,384 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\inst.exe
[2012/04/13 16:48:20 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Alessandro\AppData\Roaming\pcouffin.sys
[2012/04/13 16:48:20 | 000,007,859 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\pcouffin.cat
[2012/04/13 16:48:19 | 000,001,167 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\pcouffin.inf
[2012/04/13 16:19:34 | 000,000,991 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/04/13 16:19:34 | 000,000,955 | ---- | M] () -- C:\Users\Alessandro\Desktop\SpywareGuard.lnk
[2012/04/13 16:13:26 | 002,062,665 | ---- | M] () -- C:\Users\Alessandro\Desktop\spywareguardsetup.exe
[2012/04/13 16:05:52 | 000,001,083 | ---- | M] () -- C:\Users\Alessandro\Desktop\SpywareBlaster.lnk
[2012/04/13 15:57:01 | 003,255,248 | ---- | M] (Javacool Software LLC ) -- C:\Users\Alessandro\Desktop\spywareblastersetup46.exe
[2012/04/13 15:45:23 | 029,588,048 | ---- | M] (Emsi Software GmbH ) -- C:\Users\Alessandro\Desktop\OnlineArmorSetup.exe
[2012/04/13 15:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe
[2012/04/13 14:47:51 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 14:47:26 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Users\Alessandro\Desktop\ccsetup317.exe
[2012/04/13 13:28:15 | 000,000,049 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE.dat
[2012/04/13 12:43:27 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAlessandro.job
[2012/04/13 12:30:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 12:29:22 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alessandro\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/13 01:02:07 | 000,000,050 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE1.dat
[2012/04/11 15:20:56 | 000,008,743 | ---- | M] () -- C:\Users\Alessandro\Desktop\Xbox-360notext.jpg
[2012/04/11 14:48:07 | 000,229,672 | ---- | M] () -- C:\Users\Alessandro\Desktop\CrucialScan.exe
[2012/04/10 15:24:37 | 000,271,200 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/04/10 15:24:37 | 000,271,200 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/04/10 00:44:13 | 000,000,050 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE2.dat
[2012/04/09 20:36:54 | 002,157,068 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\RSBot.db
[2012/04/08 15:53:18 | 000,271,200 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012/04/05 18:44:31 | 000,000,050 | ---- | M] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE3.dat
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/03 23:49:24 | 000,151,552 | ---- | M] () -- C:\windows\SysWow64\nvRegDev.dll

========== Files Created - No Company Name ==========

[2012/04/14 23:39:38 | 000,000,512 | ---- | C] () -- C:\Users\Alessandro\Desktop\MBR.dat
[2012/04/14 10:56:38 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/04/14 00:53:17 | 000,147,881 | ---- | C] () -- C:\Users\Alessandro\Desktop\96659front.jpg
[2012/04/13 16:48:20 | 000,099,384 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\inst.exe
[2012/04/13 16:48:20 | 000,007,859 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\pcouffin.cat
[2012/04/13 16:48:19 | 000,001,167 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\pcouffin.inf
[2012/04/13 16:19:34 | 000,000,991 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2012/04/13 16:19:34 | 000,000,955 | ---- | C] () -- C:\Users\Alessandro\Desktop\SpywareGuard.lnk
[2012/04/13 16:05:52 | 000,001,083 | ---- | C] () -- C:\Users\Alessandro\Desktop\SpywareBlaster.lnk
[2012/04/13 15:51:12 | 002,062,665 | ---- | C] () -- C:\Users\Alessandro\Desktop\spywareguardsetup.exe
[2012/04/13 14:47:51 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 12:30:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 15:20:55 | 000,008,743 | ---- | C] () -- C:\Users\Alessandro\Desktop\Xbox-360notext.jpg
[2012/04/11 14:48:06 | 000,229,672 | ---- | C] () -- C:\Users\Alessandro\Desktop\CrucialScan.exe
[2012/04/04 15:22:05 | 000,000,050 | ---- | C] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE3.dat
[2012/04/04 15:21:23 | 000,000,050 | ---- | C] () -- C:\Users\Alessandro\jagex_cl_runescape_LIVE2.dat
[2012/04/03 23:49:33 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\nvRegDev.dll
[2012/03/29 00:52:00 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/21 03:18:17 | 002,157,068 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\RSBot.db
[2012/03/10 18:56:49 | 000,002,623 | ---- | C] () -- C:\windows\Irremote.ini
[2012/02/29 21:21:24 | 000,042,392 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
[2012/01/26 20:38:47 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2012/01/21 23:49:41 | 000,045,568 | ---- | C] () -- C:\windows\UniFish3.exe
[2012/01/07 20:17:35 | 000,001,057 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\vso_ts_preview.xml
[2011/11/18 15:57:01 | 000,000,745 | ---- | C] () -- C:\windows\CoD.INI
[2011/09/18 16:31:28 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/14 00:07:51 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/26 02:00:33 | 000,271,200 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/08/26 02:00:26 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/08/26 02:00:12 | 000,000,331 | ---- | C] () -- C:\windows\game.ini
[2011/08/04 14:28:49 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/08/04 14:28:49 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2011/05/04 05:45:50 | 000,780,082 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/01 22:45:52 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/04/01 22:45:50 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/04/01 22:45:50 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011/03/29 19:21:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011/03/26 04:43:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/03/26 04:43:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/03/25 14:37:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011/03/14 20:15:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2011/03/11 17:52:54 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011/03/07 20:00:12 | 000,366,208 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/02/26 00:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/02/21 18:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011/01/11 05:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010/12/07 08:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2010/12/07 08:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

========== LOP Check ==========

[2012/04/08 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Azureus
[2012/01/26 20:30:04 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DAEMON Tools Lite
[2012/01/08 22:54:02 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DassaultSystemes
[2011/08/21 21:06:49 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DigitalPersona
[2012/04/17 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Dropbox
[2012/02/12 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DVDVideoSoft
[2011/10/14 18:58:46 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/01 15:11:02 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\EpicBot
[2011/10/20 23:18:26 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\ESET
[2012/02/15 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\IBM
[2011/11/13 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\IDT
[2011/08/21 21:07:09 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Infineon
[2011/12/25 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Leadertech
[2011/08/26 15:35:24 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\LolClient
[2011/11/24 02:32:40 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Mumble
[2012/02/11 20:46:26 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Nokia
[2012/02/11 20:46:26 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Nokia Suite
[2011/10/04 00:46:40 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\PC Suite
[2011/09/29 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Razer
[2011/11/06 03:53:00 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\SplitMediaLabs
[2012/02/24 01:59:31 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Spotify
[2011/08/21 21:17:04 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Synaptics
[2011/10/23 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\TS3Client
[2012/01/06 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\TuneUpMedia
[2012/04/13 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\Vso
[2012/04/11 01:25:18 | 000,000,000 | ---D | M] -- C:\Users\Alessandro\AppData\Roaming\WebStripper
[2012/03/24 05:54:31 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


Once again thanks a bunch for being so kind to look through all my logs and help me!

Cheers,
Alessandro
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi AlessandroGi,

Once again thanks a bunch for being so kind to look through all my logs and help me!

How is your computer. Eset is still detecting something?

yesterday I tried to open a site (it was a site withing facebook) and mbam was blocking it because it said that there was malware, but it was in facebook itself, and I don't think that there's malware in facebook??

Do not worry, sometimes the real-time protection of MBAM displays an alert to things without necessity.
  • 0

#9
AlessandroGi

AlessandroGi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey WhiteHat,


Hmm I'm not sure, it feels like it is slower than it used to be, I mean I have an i7 and yesterday firefox frooze several times while just being on facebook. But I guess it just has to do with the bunch of programs I downloaded, right?

ESET is not detecting anything anymore, neither on the startup boot as in the in-depth scan.

Does this mean the infection is 100% gone?


Cheers,
Alessandro
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Hmm I'm not sure, it feels like it is slower than it used to be, I mean I have an i7 and yesterday firefox frooze several times while just being on facebook. But I guess it just has to do with the bunch of programs I downloaded, right?

Probably yes. Try to reinstall firefox and see if the problem is solved.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe.
  • 0

#11
AlessandroGi

AlessandroGi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey WhiteHat,

I'm glad to hear this! :)

I have a couple of remarks about what you just wrote though:

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Why do I need to do this? I always the "show hdiden files and folders" enabled

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Strange, I thought my Java was the newest (recommended). I know Java 7 is out, but it is still beta right? If I go to the link provided by you it says

Verified Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 31).



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

I already have this, as I posted the logs in this topic as well. Or is it another program?


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

I have ESET NOD32 as AntiVirus, and up to now I've been running with Windows Firewall because my dad said that Windows 7's default firewall was good enough (in contrast to XP's) But after this I think I will install ZoneLabs Integrity Client again, since I still have a valid license. That is a pretty good one, right?


To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

You forgot to hyperlink it ;)


Thanks a bunch once again!
Cheers,
Alessandro
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi Alessandro,

In Malware Removal we use some texts called Canneds (pre-written responses). Therefore is common I send a instruction that you have already done.

Why do I need to do this? I always the "show hdiden files and folders" enabled

Don't worry, just ignore.

Strange, I thought my Java was the newest (recommended). I know Java 7 is out, but it is still beta right? If I go to the link provided by you it says

Just ignore.

I already have this, as I posted the logs in this topic as well. Or is it another program?

Just ignore.

That is a pretty good one, right?

Yes.

You forgot to hyperlink it

http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place/

:thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP