[gabry0988]

Hello

I read this topic http://www.geekstogo...psgen2-removal/ and thank to this topic I have removed this trojan. but when I scan with antivir, it says that there are 2 files infected with TR/ATRAPS.Gen2... C:\Windows\assembly\GAC_32\Desktop.ini and C:\Windows\assembly\GAC_64\Desktop.ini

I can't remove these files with antivir because they are protected. How can I do to completely remove this virus?

Thanks alot!

[Advertisements]

Hi there lets remove them for you and ensure that all the rest have gone

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Essexboy]

Hi there lets remove them for you and ensure that all the rest have gone

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[gabry0988]

OTL.txt

Spoiler

OTL logfile created on: 16/06/2012 12:37:31 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Giara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 58,96% Memory free
8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 257,70 Gb Free Space | 27,67% Space Free | Partition Type: NTFS
Drive G: | 941,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GIARA-PC | User Name: Giara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 12:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
PRC - [2012/04/27 15:18:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/05 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/01 18:55:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 18:55:38 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/01 18:55:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/28 11:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtWlan.exe
PRC - [2010/04/17 09:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
MOD - [2012/06/07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/04/05 21:30:28 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraIta.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/19 12:19:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/05 19:40:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/27 15:18:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/01 18:55:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 18:55:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/17 09:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/16 14:04:29 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/03 10:27:08 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/01 18:55:59 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/12/01 18:55:58 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/24 23:59:16 | 000,694,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/24 16:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programmi\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programmi\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 59 9E A7 77 B0 CC 01 [binary data]
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\..\SearchScopes,DefaultScope = {7F281C0E-BB6C-468D-B104-29A5272D7349}
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\..\SearchScopes\{7F281C0E-BB6C-468D-B104-29A5272D7349}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1638966946-435723054-3953494969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fxinteractive.com/fxplanet: C:\ProgramData\FXWebPlayer\npfxplanet.dll (FX Interactive)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 13:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/13 19:55:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 13:56:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Plugin de juegos de FX Interactive (Enabled) = C:\ProgramData\FXWebPlayer\npfxplanet.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 16:00:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programmi\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1638966946-435723054-3953494969-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1638966946-435723054-3953494969-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69255EEE-9DB3-4D0E-96DD-C5FFAAD44F8E}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E276097-2E3C-4901-BF39-9D43FBC1EA6A}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCA4613-DF25-4BFF-948A-1978A92239F3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programmi\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programmi\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/09 22:00:00 | 000,000,034 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3c47e668-1d22-11e1-8f81-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{3c47e668-1d22-11e1-8f81-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9bd5b660-3f96-11e1-9167-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{9bd5b660-3f96-11e1-9167-003018a554bf}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{c37cd750-1d85-11e1-a494-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{c37cd750-1d85-11e1-a494-003018a554bf}\Shell\AutoRun\command - "" = G:\AS_OMSI_V100.exe -- [2011/01/01 00:00:00 | 717,457,336 | R--- | M] (Acresso Software Inc. )
O33 - MountPoints2\{ca2b5357-2fb0-11e1-94a2-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{ca2b5357-2fb0-11e1-94a2-003018a554bf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e90a9b92-1c63-11e1-8d93-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{e90a9b92-1c63-11e1-8d93-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e90a9ba2-1c63-11e1-8d93-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{e90a9ba2-1c63-11e1-8d93-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 12:36:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
[2012/06/15 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\Malwarebytes
[2012/06/15 16:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/15 14:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/15 14:46:59 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/15 14:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/15 14:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/15 14:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/15 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\TestApp
[2012/06/15 13:41:14 | 000,000,000 | ---D | C] -- C:\m-r-software
[2012/06/15 12:53:34 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\SCANIA Truck Driving Simulator
[2012/06/02 19:00:39 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Trucks & Trailers
[2012/06/02 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Scansioni personali
[2012/06/02 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\European Bus Simulator 2012
[2012/06/02 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Local\European Bus Simulator 2012
[2012/06/02 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Save
[2012/06/02 15:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012
[2012/06/02 15:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon
[2012/05/27 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Street Cleaning
[2012/05/27 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Local\Street Cleaning
[2012/05/27 11:46:55 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\UK Truck Simulator
[2012/05/27 11:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK Truck Simulator
[2012/05/27 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UK Truck Simulator
[2012/05/27 11:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Street Cleaning Simulator
[2012/05/27 11:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Street Cleaning Simulator
[2012/05/27 11:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trucks & Trailers
[2012/05/27 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trucks & Trailers
[2012/05/25 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\Skype
[2012/05/25 22:08:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/05/25 22:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/23 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ntr
[2012/05/23 18:39:59 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\DeadIsland

========== Files - Modified Within 30 Days ==========

[2012/06/16 12:40:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/16 12:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
[2012/06/16 12:05:20 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000UA.job
[2012/06/16 08:42:35 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 08:42:35 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 08:41:49 | 001,682,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 08:41:49 | 000,749,228 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/06/16 08:41:49 | 000,660,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 08:41:49 | 000,151,124 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/06/16 08:41:49 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/16 08:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/16 08:34:56 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 16:00:16 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/15 14:48:12 | 001,937,481 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/15 12:46:16 | 000,297,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 20:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000Core.job
[2012/06/02 18:58:06 | 000,000,000 | ---- | M] () -- C:\Users\Giara\AppData\Local\Input.xml
[2012/06/02 15:48:03 | 000,000,000 | ---- | M] () -- C:\Users\Giara\AppData\Local\Settings.xml
[2012/05/29 16:37:07 | 000,414,890 | ---- | M] () -- C:\Users\Giara\Documents\Giuseppe Giaramita.jpg
[2012/05/26 14:29:47 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2012/06/15 14:47:15 | 001,937,481 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/02 18:58:06 | 000,000,000 | ---- | C] () -- C:\Users\Giara\AppData\Local\Input.xml
[2012/06/02 15:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Giara\AppData\Local\Settings.xml
[2012/05/29 16:37:07 | 000,414,890 | ---- | C] () -- C:\Users\Giara\Documents\Giuseppe Giaramita.jpg
[2012/02/22 16:04:28 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/03 09:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011/12/18 13:47:42 | 000,212,637 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/12/18 13:47:42 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2011/12/09 18:09:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/03 15:58:49 | 000,000,093 | ---- | C] () -- C:\Users\Giara\AppData\Local\fusioncache.dat
[2011/12/03 13:19:00 | 001,659,768 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 13:11:45 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/03 13:11:29 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/03 13:11:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/01 23:46:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/04/24 12:34:28 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\abgx360
[2012/01/12 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Bioshock
[2012/01/14 23:19:14 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Bioshock2
[2011/12/23 13:31:11 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\bizarre creations
[2012/04/29 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\com.amanitadesign.osada
[2012/05/27 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\DAEMON Tools Lite
[2012/05/09 08:43:04 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\GOG.com
[2012/01/12 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\ImgBurn
[2012/02/26 23:37:44 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\LucasArts
[2011/12/31 15:41:39 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/03 11:58:06 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\OpenOffice.org
[2011/12/02 13:11:28 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Origin
[2011/12/31 13:47:16 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Polynomial
[2011/12/12 22:42:02 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\RigNRoll_usa_ws
[2012/06/15 14:46:04 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\TestApp
[2012/01/05 13:08:11 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\The Creative Assembly
[2011/12/02 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Ubisoft
[2012/06/10 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\uTorrent
[2012/05/24 18:49:07 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/04/04 07:53:58 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx

< MD5 for: SERVICES.ASFX15 >
[2011/06/06 13:55:32 | 000,000,614 | R--- | M] () MD5=DCAF5E14A41328B2A5976377D7DDD969 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\services.asfx15

< MD5 for: SERVICES.CFG >
[2012/04/04 07:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/14 03:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Windows\SysNative\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 12:52:00 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\it-IT\services.exe.mui
[2009/07/14 12:52:00 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2012/05/06 19:13:11 | 000,012,381 | ---- | M] () MD5=B5A4C0BA9FF583D0205872F1D0183A1D -- C:\Users\Giara\AppData\Roaming\RigNRoll_usa_ws\GameWorld\warnings\services.log

< MD5 for: SERVICES.MOF >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 12:52:10 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysNative\it-IT\services.msc
[2009/07/14 12:52:01 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysWOW64\it-IT\services.msc
[2009/07/14 12:52:10 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cded1d3e03abbe0\services.msc
[2009/07/14 12:52:01 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_30c0365027dd4aaa\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 20:56:20 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 20:55:18 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.WHM >
[2011/12/05 23:07:17 | 000,003,675 | ---- | M] () MD5=28EBAA95EE14484EE5DAE93DA0EDD001 -- C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\GTAIV\pc\html\www.craplist.net\services.whm
[2011/12/07 14:01:48 | 000,003,676 | ---- | M] () MD5=C255226EECC185E54229D969DC73EC67 -- C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv episodes from liberty city\EFLC\pc\html\www.craplist.net\services.whm

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Users\Giara\Documents\Autobus:Mac_Metadata
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extra.txt

Spoiler

OTL Extras logfile created on: 16/06/2012 12:37:31 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Giara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 58,96% Memory free
8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 257,70 Gb Free Space | 27,67% Space Free | Partition Type: NTFS
Drive G: | 941,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GIARA-PC | User Name: Giara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C39B37-502F-5D99-A1A4-1D810CE3112F}" = AMD AVIVO64 Codecs
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.10 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05696DBC-59F4-C274-F175-1E7546F05995}" = Application Profiles
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F3F7EC-CD32-D678-63AD-305F556D7BC9}" = Application Profiles
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A845A64-3F80-41D7-9F33-6146E56997E6}" = OpenOffice.org 3.3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33E0033D-A617-DA5B-2EAD-CE59947C7365}" = HydraVision
"{34D52D01-C65D-4A29-99E0-E02030597B4F}_is1" = Cities In Motion - Patch 1.0.22
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor ™
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.40
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000058302}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000058303}" = BioShock 2
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 150N USB Wireless LAN Driver and Utility
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Italiano
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{CF34DD57-FF34-4C91-B764-1158A8E06111}_is1" = RigNRoll (Remove Only)
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3 Internet" = 3 Internet
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"abgx360" = abgx360 v1.0.6
"Alan Wake_is1" = Alan Wake
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Botanicula" = Botanicula
"Bus & Cable Car Simulator - San Francisco" = Bus & Cable Car Simulator - San Francisco
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"eMule AdunanzA" = AdunanzA
"ESN Sonar-0.70.4" = ESN Sonar
"Euro Truck Simulator_is1" = Euro Truck Simulator v1.3
"FXWebPlayer" = Lanzador de juegos de FX Interactive
"GameSpy Arcade" = GameSpy Arcade
"German Truck Simulator" = German Truck Simulator 1.05
"ImgBurn" = ImgBurn
"OpenAL" = OpenAL
"Origin" = Origin
"Osada" = Osada
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 10150" = Prototype
"Steam App 102600" = Orcs Must Die!
"Steam App 10500" = Empire: Total War
"Steam App 10680" = Aliens vs. Predator
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 11440" = DiRT
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 12200" = Bully: Scholarship Edition
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12360" = FlatOut: Ultimate Carnage
"Steam App 1250" = Killing Floor
"Steam App 12750" = GRID
"Steam App 130" = Half-Life: Blue Shift
"Steam App 13500" = Prince of Persia: Warrior Within
"Steam App 13530" = Prince of Persia: The Two Thrones
"Steam App 15100" = Assassin's Creed
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17470" = Dead Space
"Steam App 19000" = Silent Hill: Homecoming
"Steam App 19900" = Far Cry 2
"Steam App 19980" = Prince of Persia
"Steam App 200910" = Sequence
"Steam App 203810" = Dear Esther
"Steam App 20820" = Shatter
"Steam App 21000" = LEGO Batman: The Videogame
"Steam App 218" = Source SDK Base 2007
"Steam App 21980" = Call of Juarez: Bound in Blood
"Steam App 220" = Half-Life 2
"Steam App 22200" = Zeno Clash
"Steam App 22300" = Fallout 3
"Steam App 22380" = Fallout: New Vegas
"Steam App 24010" = Train Simulator 2012
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31270" = Puzzle Agent
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34030" = Napoleon: Total War
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 35700" = Trine
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38900" = Rhythm Zone
"Steam App 39530" = Painkiller: Black Edition
"Steam App 400" = Portal
"Steam App 40700" = Machinarium
"Steam App 40800" = Super Meat Boy
"Steam App 40930" = The Misadventures of P.B. Winterbottom
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41050" = Serious Sam Classic: The First Encounter
"Steam App 41060" = Serious Sam Classic: The Second Encounter
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42640" = Blur
"Steam App 42650" = Transformers: War for Cybertron
"Steam App 43110" = Metro 2033
"Steam App 44320" = DiRT 3
"Steam App 46600" = Swarm Arena
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 49600" = Beat Hazard
"Steam App 50" = Half-Life: Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 50130" = Mafia II
"Steam App 50620" = Darksiders
"Steam App 550" = Left 4 Dead 2
"Steam App 57900" = Duke Nukem Forever
"Steam App 58400" = Turba
"Steam App 6000" = Star Wars Republic Commando
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast
"Steam App 620" = Portal 2
"Steam App 62100" = Chime
"Steam App 63200" = Monday Night Combat
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 67000" = The Polynomial
"Steam App 70" = Half-Life
"Steam App 7000" = Tomb Raider: Legend
"Steam App 71340" = Sonic Generations
"Steam App 7670" = BioShock
"Steam App 8000" = Tomb Raider: Anniversary
"Steam App 8850" = BioShock 2
"Steam App 8980" = Borderlands
"Steam App 91310" = Dead Island
"Steam App 94590" = Puzzle Agent 2
"Steam App 9480" = Saints Row 2
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 9930" = Test Drive Unlimited 2
"Steam App 99810" = Bulletstorm
"Street Cleaning Simulator" = Street Cleaning Simulator
"The Witcher Enhanced Edition Director's Cut_is1" = The Witcher Enhanced Edition Director's Cut
"Trucks & Trailers" = Trucks & Trailers 1.00
"UK Truck Simulator" = UK Truck Simulator 1.02
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1638966946-435723054-3953494969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2359397154.paperlit.com" = Nintendo la Rivista Ufficiale
"2532843192.paperlit.com" = Mac magazine
"2828562773.paperlit.com" = PSM
"318841518.paperlit.com" = The Games Machine
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 11/06/2012 16:48:00 | Computer Name = Giara-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download....uthrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 15/06/2012 09:04:49 | Computer Name = Giara-PC | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: Fuel.Service.exe,
versione: 1.0.0.0, timestamp: 0x4f7e4d8c Nome del modulo che ha generato l'errore:
Device.dll, versione: 4.1.0.0, timestamp: 0x4f55e10b Codice eccezione: 0xc0000005
Offset
errore 0x00000000000033c1 ID processo che ha generato l'errore: 0x6cc Ora di avvio
dell'applicazione che ha generato l'errore: 0x01cd4af38e95d343 Percorso dell'applicazione
che ha generato l'errore: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Percorso
del modulo che ha generato l'errore: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
ID
segnalazione: afee08d8-b6ea-11e1-a62a-003018a554bf

Error - 15/06/2012 09:47:47 | Computer Name = Giara-PC | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: Fuel.Service.exe,
versione: 1.0.0.0, timestamp: 0x4f7e4d8c Nome del modulo che ha generato l'errore:
Device.dll, versione: 4.1.0.0, timestamp: 0x4f55e10b Codice eccezione: 0xc0000005
Offset
errore 0x00000000000033c1 ID processo che ha generato l'errore: 0x684 Ora di avvio
dell'applicazione che ha generato l'errore: 0x01cd4af7958978f1 Percorso dell'applicazione
che ha generato l'errore: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Percorso
del modulo che ha generato l'errore: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
ID
segnalazione: b0a1b605-b6f0-11e1-b99c-003018a554bf

[ System Events ]
Error - 07/05/2012 05:09:14 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 07/05/2012 05:09:46 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 08/05/2012 04:24:50 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 08/05/2012 04:25:08 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 09/05/2012 02:41:15 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 09/05/2012 02:41:27 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 10/05/2012 05:54:40 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 10/05/2012 05:54:54 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 11/05/2012 05:05:20 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2

Error - 11/05/2012 05:05:32 | Computer Name = Giara-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio AODDriver4.1 non è stato avviato per il seguente errore:
%%2


< End of report >

Antivir Full Scan

Spoiler

Avira Free Antivirus
Data del file di report: sabato 16 giugno 2012 08:37

Ricerca di 3840974 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows 7 x64
Versione di Windows : (Service Pack 1) [6.1.7601]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : GIARA-PC

Informazioni sulla versione:
BUILD.DAT : 12.0.0.157 41963 Bytes 03/02/2012 18:36:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 16/02/2012 12:04:28
AVSCAN.DLL : 12.1.0.18 63440 Bytes 16/02/2012 12:04:27
LUKE.DLL : 12.1.0.19 68304 Bytes 16/02/2012 12:04:28
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09/05/2012 08:25:04
AVREG.DLL : 12.3.0.17 232200 Bytes 11/05/2012 09:55:01
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 15:50:01
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 12:38:41
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 12:18:13
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 09:55:05
VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 09:55:05
VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 09:55:05
VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 09:55:05
VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 09:55:05
VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 09:55:05
VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 09:55:05
VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 09:55:05
VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 09:55:05
VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 17:45:47
VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 17:53:43
VBASE016.VDF : 7.11.30.143 223744 Bytes 21/05/2012 14:17:18
VBASE017.VDF : 7.11.30.207 287744 Bytes 23/05/2012 11:18:18
VBASE018.VDF : 7.11.31.57 188416 Bytes 28/05/2012 09:12:03
VBASE019.VDF : 7.11.31.111 214528 Bytes 30/05/2012 13:33:41
VBASE020.VDF : 7.11.31.151 116736 Bytes 31/05/2012 13:33:44
VBASE021.VDF : 7.11.31.205 134144 Bytes 03/06/2012 13:32:59
VBASE022.VDF : 7.11.32.9 169472 Bytes 05/06/2012 19:57:43
VBASE023.VDF : 7.11.32.85 155648 Bytes 08/06/2012 17:57:05
VBASE024.VDF : 7.11.32.133 127488 Bytes 11/06/2012 11:12:49
VBASE025.VDF : 7.11.32.171 182784 Bytes 12/06/2012 11:12:53
VBASE026.VDF : 7.11.32.251 119296 Bytes 14/06/2012 11:12:54
VBASE027.VDF : 7.11.32.252 2048 Bytes 14/06/2012 11:12:54
VBASE028.VDF : 7.11.32.253 2048 Bytes 14/06/2012 11:12:54
VBASE029.VDF : 7.11.32.254 2048 Bytes 14/06/2012 11:12:54
VBASE030.VDF : 7.11.32.255 2048 Bytes 14/06/2012 11:12:55
VBASE031.VDF : 7.11.33.28 55296 Bytes 15/06/2012 06:36:37
Motore : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 02/06/2012 13:33:13
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 15/06/2012 11:13:45
AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 15:55:33
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 11:13:49
AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 21:16:06
AEPACK.DLL : 8.2.16.18 807287 Bytes 15/06/2012 11:13:43
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 15/06/2012 11:13:36
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 15/06/2012 11:13:33
AEHELP.DLL : 8.1.21.0 254326 Bytes 11/05/2012 09:54:56
AEGEN.DLL : 8.1.5.30 422261 Bytes 15/06/2012 11:12:58
AEEXP.DLL : 8.1.0.52 82293 Bytes 15/06/2012 11:13:49
AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 01/06/2012 13:33:52
AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 01/12/2011 16:55:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 01/12/2011 16:55:38
AVREP.DLL : 12.3.0.15 179208 Bytes 09/05/2012 08:25:04
AVARKT.DLL : 12.1.0.23 209360 Bytes 16/02/2012 12:04:27
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 01/12/2011 16:55:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 01/12/2011 16:55:49
AVSMTP.DLL : 12.1.0.17 62928 Bytes 01/12/2011 16:55:40
NETNT.DLL : 12.1.0.17 17104 Bytes 01/12/2011 16:55:47
RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 20/09/2011 00:36:04
RCTEXT.DLL : 12.1.1.16 98768 Bytes 01/12/2011 16:55:58

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Report......................................: standard
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:,
Scansione dei programmi attivi..............: Attivo
Processo esteso di scansione................: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: avanzato

Avvio della scansione: sabato 16 giugno 2012 08:37

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.
Thread nascosto
[NOTA] Il System Thread non è visibile.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '79' modulo(i) scansionato(i)
Modulo OK -> <\\.\globalroot\systemroot\syswow64\mswsock.dll>
[AVVISO] Impossibile aprire il file!
Scansione processo 'avcenter.exe' - '88' modulo(i) scansionato(i)
Scansione processo 'HydraDM.exe' - '31' modulo(i) scansionato(i)
Scansione processo 'hpqgpc01.exe' - '48' modulo(i) scansionato(i)
Scansione processo 'hpqbam08.exe' - '31' modulo(i) scansionato(i)
Scansione processo 'hpqSTE08.exe' - '59' modulo(i) scansionato(i)
Scansione processo 'RtWlan.exe' - '71' modulo(i) scansionato(i)
Scansione processo 'jusched.exe' - '25' modulo(i) scansionato(i)
Scansione processo 'DivXUpdate.exe' - '62' modulo(i) scansionato(i)
Modulo OK -> <\\.\globalroot\systemroot\syswow64\mswsock.dll>
[AVVISO] Impossibile aprire il file!
Scansione processo 'hpwuschd2.exe' - '21' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '76' modulo(i) scansionato(i)
Scansione processo 'hpqtra08.exe' - '70' modulo(i) scansionato(i)
Scansione processo 'RtlService.exe' - '26' modulo(i) scansionato(i)
Scansione processo 'PnkBstrA.exe' - '28' modulo(i) scansionato(i)
Modulo OK -> <\\.\globalroot\systemroot\syswow64\mswsock.dll>
[AVVISO] Impossibile aprire il file!
Scansione processo 'svchost.exe' - '46' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '69' modulo(i) scansionato(i)
Scansione processo 'armsvc.exe' - '24' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '41' modulo(i) scansionato(i)

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 1570 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\Windows\assembly\GAC_32\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
C:\Windows\assembly\GAC_64\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2

Avvio della disinfezione:
C:\Windows\assembly\GAC_64\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
[AVVISO] Impossibile spostare il file in quarantena!
[AVVISO] Il file non può essere eliminato!
[NOTA] Per la riparazione conclusiva è necessario riavviare il computer.
[NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
[NOTA] Per la riparazione conclusiva è necessario riavviare il computer.
C:\Windows\assembly\GAC_32\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
[AVVISO] Impossibile spostare il file in quarantena!
[AVVISO] Il file non può essere eliminato!
[NOTA] Per la riparazione conclusiva è necessario riavviare il computer.
[NOTA] Il file è stato selezionato per essere eliminato dopo il riavvio.
[NOTA] Per la riparazione conclusiva è necessario riavviare il computer.


Fine della scansione: sabato 16 giugno 2012 12:36
Tempo impiegato: 2:50:23 Ora(e)

La scansione è stata completamente eseguita.

39475 Directory scansionate
1835632 I file sono stati scansionati
2 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
3 Impossibile scansionare i file
1835627 File non infetti
10490 Archivi scansionati
5 Avvisi
66 Note
935650 Oggetti scansionati durante la scansione dei rootkit
64 Sono stati rilevati oggetti nascosti

Thanks!

Edited by gabry0988, 16 June 2012 - 04:51 AM.

[Essexboy]

Hi there I will need a bit of additional data - could you give the full path of the windows installer file that you deleted e.g. C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28} the main data I need is the numbers/leters in the curly bracket

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Files
  ipconfig /flushdns /c
  C:\Windows\assembly\GAC_64\Desktop.ini
  C:\Windows\assembly\GAC_32\Desktop.ini
  netsh int ip reset reset.log hit /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[gabry0988]

Spoiler

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Giara\Desktop\cmd.bat deleted successfully.
C:\Users\Giara\Desktop\cmd.txt deleted successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
< netsh int ip reset reset.log hit /c >
Impossibile caricare la seguente DLL dell'helper: WSHELPER.DLL.
Reimpostazione di Globale in corso. Completata.
Reimpostazione di Interfaccia in corso. Completata.
Reimpostazione di Indirizzo Unicast in corso. Completata.
Reimpostazione di Route in corso. Completata.
Riavviare il computer per completare l'azione.
C:\Users\Giara\Desktop\cmd.bat deleted successfully.
C:\Users\Giara\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Giara
->Temp folder emptied: 4847002 bytes
->Temporary Internet Files folder emptied: 2139451 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 21496131 bytes
->Flash cache emptied: 734 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52505 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06162012_133314

Files\Folders moved on Reboot...
C:\Users\Giara\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[gabry0988]

I look with Antivir if it's removed, but it is still there...


C:\Windows\assembly\GAC_32\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
C:\Windows\assembly\GAC_64\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2

Avvio della disinfezione:
C:\Windows\assembly\GAC_64\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
[AVVISO] Il file è stato ignorato.
C:\Windows\assembly\GAC_32\Desktop.ini
[RILEVAMENTO] Si tratta del cavallo di Troia TR/ATRAPS.Gen2
[AVVISO] Il file è stato ignorato.

[Essexboy]

OK this is becoming quite regular now the wshelper dll is missing ... Lets search for it

Run OTL and copy paste the following into the custom scans and fixes box

/md5start
WSHELPER.*
/md5stop

Press quick scan and post the resultant log please

[gabry0988]

Spoiler

OTL logfile created on: 16/06/2012 13:50:02 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Giara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 65,91% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 257,00 Gb Free Space | 27,59% Space Free | Partition Type: NTFS
Drive G: | 941,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GIARA-PC | User Name: Giara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 12:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
PRC - [2012/04/27 15:18:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/05 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/01 18:55:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 18:55:38 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/01 18:55:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/28 11:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtWlan.exe
PRC - [2010/04/17 09:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
MOD - [2012/06/07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/06/07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll
MOD - [2012/04/05 21:30:28 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraIta.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/19 12:19:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/05 19:40:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/27 15:18:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/01 18:55:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 18:55:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/17 09:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/16 14:04:29 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/03 10:27:08 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/01 18:55:59 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/12/01 18:55:58 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/24 23:59:16 | 000,694,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/24 16:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programmi\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programmi\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 59 9E A7 77 B0 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F281C0E-BB6C-468D-B104-29A5272D7349}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7F281C0E-BB6C-468D-B104-29A5272D7349}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fxinteractive.com/fxplanet: C:\ProgramData\FXWebPlayer\npfxplanet.dll (FX Interactive)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 13:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/13 19:55:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 13:56:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Plugin de juegos de FX Interactive (Enabled) = C:\ProgramData\FXWebPlayer\npfxplanet.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/16 13:33:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programmi\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69255EEE-9DB3-4D0E-96DD-C5FFAAD44F8E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E276097-2E3C-4901-BF39-9D43FBC1EA6A}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCA4613-DF25-4BFF-948A-1978A92239F3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programmi\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programmi\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/09 22:00:00 | 000,000,034 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3c47e668-1d22-11e1-8f81-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{3c47e668-1d22-11e1-8f81-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9bd5b660-3f96-11e1-9167-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{9bd5b660-3f96-11e1-9167-003018a554bf}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{c37cd750-1d85-11e1-a494-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{c37cd750-1d85-11e1-a494-003018a554bf}\Shell\AutoRun\command - "" = G:\AS_OMSI_V100.exe -- [2011/01/01 00:00:00 | 717,457,336 | R--- | M] (Acresso Software Inc. )
O33 - MountPoints2\{ca2b5357-2fb0-11e1-94a2-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{ca2b5357-2fb0-11e1-94a2-003018a554bf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e90a9b92-1c63-11e1-8d93-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{e90a9b92-1c63-11e1-8d93-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e90a9ba2-1c63-11e1-8d93-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{e90a9ba2-1c63-11e1-8d93-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 13:33:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/16 12:36:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
[2012/06/15 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\Malwarebytes
[2012/06/15 16:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/15 14:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/15 14:46:59 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/15 14:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/15 14:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/15 14:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/15 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\TestApp
[2012/06/15 13:41:14 | 000,000,000 | ---D | C] -- C:\m-r-software
[2012/06/15 12:53:34 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\SCANIA Truck Driving Simulator
[2012/06/02 19:00:39 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Trucks & Trailers
[2012/06/02 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Scansioni personali
[2012/06/02 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\European Bus Simulator 2012
[2012/06/02 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Local\European Bus Simulator 2012
[2012/06/02 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Save
[2012/06/02 15:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012
[2012/06/02 15:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon
[2012/05/27 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Street Cleaning
[2012/05/27 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Local\Street Cleaning
[2012/05/27 11:46:55 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\UK Truck Simulator
[2012/05/27 11:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK Truck Simulator
[2012/05/27 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UK Truck Simulator
[2012/05/27 11:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Street Cleaning Simulator
[2012/05/27 11:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Street Cleaning Simulator
[2012/05/27 11:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trucks & Trailers
[2012/05/27 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trucks & Trailers
[2012/05/25 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\Skype
[2012/05/25 22:08:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/05/25 22:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/23 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ntr
[2012/05/23 18:39:59 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\DeadIsland

========== Files - Modified Within 30 Days ==========

[2012/06/16 13:46:55 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 13:46:55 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 13:43:44 | 001,682,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 13:43:44 | 000,749,228 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/06/16 13:43:44 | 000,660,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 13:43:44 | 000,151,124 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/06/16 13:43:44 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/16 13:40:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/16 13:39:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/16 13:39:21 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/16 13:33:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/16 13:05:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000UA.job
[2012/06/16 12:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
[2012/06/15 14:48:12 | 001,937,481 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/15 12:46:16 | 000,297,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 20:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000Core.job
[2012/06/02 18:58:06 | 000,000,000 | ---- | M] () -- C:\Users\Giara\AppData\Local\Input.xml
[2012/06/02 15:48:03 | 000,000,000 | ---- | M] () -- C:\Users\Giara\AppData\Local\Settings.xml
[2012/05/29 16:37:07 | 000,414,890 | ---- | M] () -- C:\Users\Giara\Documents\Giuseppe Giaramita.jpg
[2012/05/26 14:29:47 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2012/06/15 14:47:15 | 001,937,481 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/02 18:58:06 | 000,000,000 | ---- | C] () -- C:\Users\Giara\AppData\Local\Input.xml
[2012/06/02 15:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Giara\AppData\Local\Settings.xml
[2012/05/29 16:37:07 | 000,414,890 | ---- | C] () -- C:\Users\Giara\Documents\Giuseppe Giaramita.jpg
[2012/02/22 16:04:28 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/03 09:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011/12/18 13:47:42 | 000,212,637 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/12/18 13:47:42 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2011/12/09 18:09:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/03 15:58:49 | 000,000,093 | ---- | C] () -- C:\Users\Giara\AppData\Local\fusioncache.dat
[2011/12/03 13:19:00 | 001,659,768 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 13:11:45 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/03 13:11:29 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/03 13:11:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/01 23:46:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/04/24 12:34:28 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\abgx360
[2012/01/12 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Bioshock
[2012/01/14 23:19:14 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Bioshock2
[2011/12/23 13:31:11 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\bizarre creations
[2012/04/29 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\com.amanitadesign.osada
[2012/05/27 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\DAEMON Tools Lite
[2012/05/09 08:43:04 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\GOG.com
[2012/01/12 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\ImgBurn
[2012/02/26 23:37:44 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\LucasArts
[2011/12/31 15:41:39 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/03 11:58:06 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\OpenOffice.org
[2011/12/02 13:11:28 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Origin
[2011/12/31 13:47:16 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Polynomial
[2011/12/12 22:42:02 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\RigNRoll_usa_ws
[2012/06/15 14:46:04 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\TestApp
[2012/01/05 13:08:11 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\The Creative Assembly
[2011/12/02 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Ubisoft
[2012/06/10 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\uTorrent
[2012/05/24 18:49:07 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: WSHELPER.DLL >
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 03:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/14 03:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2009/07/14 12:52:04 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=64309D6136938ACD52C9D912F63A76A2 -- C:\Windows\SysNative\it-IT\wshelper.dll.mui
[2009/07/14 12:52:04 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=64309D6136938ACD52C9D912F63A76A2 -- C:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_it-it_967d26877ca0e4c2\wshelper.dll.mui
[2009/07/14 12:52:09 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=9DC94A46877B739C52A662D5709F3DAD -- C:\Windows\SysWOW64\it-IT\wshelper.dll.mui
[2009/07/14 12:52:09 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=9DC94A46877B739C52A662D5709F3DAD -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3a5e8b03c443738c\wshelper.dll.mui

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Users\Giara\Documents\Autobus:Mac_Metadata
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[Essexboy]

OK lets try again

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Files
  ipconfig /flushdns /c
  C:\Windows\system32\wshelper.dll|C:\Windows\SysWOW64\wshelper.dll /replace
  %windir%\System32\regsvr32.exe %windir%\System32\wshelper.dll /c
  netsh int ip reset reset.log hit /c
  
  :Commands
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[gabry0988]

it gives me an error: Impossibile caricare la seguente DLL dell'helper: WSHELPER.DLL.

This is the log

Spoiler

========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Giara\Desktop\cmd.bat deleted successfully.
C:\Users\Giara\Desktop\cmd.txt deleted successfully.
Unable to replace file: C:\Windows\system32\wshelper.dll with C:\Windows\SysWOW64\wshelper.dll without a reboot.
< %windir%\System32\regsvr32.exe %windir%\System32\wshelper.dll /c >
C:\Users\Giara\Desktop\cmd.bat deleted successfully.
C:\Users\Giara\Desktop\cmd.txt deleted successfully.
< netsh int ip reset reset.log hit /c >
Impossibile caricare la seguente DLL dell'helper: WSHELPER.DLL.
Reimpostazione di Globale in corso. Completata.
Reimpostazione di Interfaccia in corso. Completata.
Riavviare il computer per completare l'azione.
C:\Users\Giara\Desktop\cmd.bat deleted successfully.
C:\Users\Giara\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06162012_140754

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Essexboy]

OK lets try another route... This is one of my many attempts to try and repair this damage caused by the malware but, I just need to get the right format to make it work

Download the following zip folder and extract the file to C:\windows\system32

[attachment=58425:wshelper.zip]

Run OTL again with this fix

:Files
ipconfig /flushdns /c
%windir%\System32\regsvr32.exe %windir%\System32\wshelper.dll /c
netsh int ip reset reset.log hit /c

[gabry0988]

I can't copy that because there is another file in system32 named wshelper and is protected

[Essexboy]

OK I am now checking it out on my system

Run OTL with the following scan please


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh /s

[gabry0988]

Spoiler

OTL logfile created on: 16/06/2012 14:48:34 - Run 3
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Giara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,08% Memory free
8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 256,74 Gb Free Space | 27,56% Space Free | Partition Type: NTFS
Drive G: | 941,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GIARA-PC | User Name: Giara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 12:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
PRC - [2012/04/27 15:18:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/01 18:55:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 18:55:38 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/01 18:55:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/28 11:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtWlan.exe
PRC - [2010/04/17 09:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtlService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
MOD - [2012/06/07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/06/07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Giara\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/19 12:19:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/05 19:40:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/27 15:18:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/01 18:55:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 18:55:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/17 09:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\SITECOM\150N USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/16 14:04:29 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/03 10:27:08 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/01 18:55:59 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/12/01 18:55:58 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/24 23:59:16 | 000,694,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/24 16:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programmi\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programmi\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 59 9E A7 77 B0 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F281C0E-BB6C-468D-B104-29A5272D7349}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7F281C0E-BB6C-468D-B104-29A5272D7349}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fxinteractive.com/fxplanet: C:\ProgramData\FXWebPlayer\npfxplanet.dll (FX Interactive)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 13:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/13 19:55:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 13:56:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giara\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Plugin de juegos de FX Interactive (Enabled) = C:\ProgramData\FXWebPlayer\npfxplanet.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Giara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Giara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/16 13:33:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programmi\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69255EEE-9DB3-4D0E-96DD-C5FFAAD44F8E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E276097-2E3C-4901-BF39-9D43FBC1EA6A}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCA4613-DF25-4BFF-948A-1978A92239F3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programmi\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programmi\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/09 22:00:00 | 000,000,034 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3c47e668-1d22-11e1-8f81-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{3c47e668-1d22-11e1-8f81-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9bd5b660-3f96-11e1-9167-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{9bd5b660-3f96-11e1-9167-003018a554bf}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{c37cd750-1d85-11e1-a494-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{c37cd750-1d85-11e1-a494-003018a554bf}\Shell\AutoRun\command - "" = G:\AS_OMSI_V100.exe -- [2011/01/01 00:00:00 | 717,457,336 | R--- | M] (Acresso Software Inc. )
O33 - MountPoints2\{ca2b5357-2fb0-11e1-94a2-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{ca2b5357-2fb0-11e1-94a2-003018a554bf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e90a9b92-1c63-11e1-8d93-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{e90a9b92-1c63-11e1-8d93-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e90a9ba2-1c63-11e1-8d93-003018a554bf}\Shell - "" = AutoRun
O33 - MountPoints2\{e90a9ba2-1c63-11e1-8d93-003018a554bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 13:33:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/16 12:36:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
[2012/06/15 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\Malwarebytes
[2012/06/15 16:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/15 14:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/15 14:46:59 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/15 14:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/15 14:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/15 14:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/15 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\TestApp
[2012/06/15 13:41:14 | 000,000,000 | ---D | C] -- C:\m-r-software
[2012/06/15 12:53:34 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\SCANIA Truck Driving Simulator
[2012/06/02 19:00:39 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Trucks & Trailers
[2012/06/02 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Scansioni personali
[2012/06/02 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\European Bus Simulator 2012
[2012/06/02 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Local\European Bus Simulator 2012
[2012/06/02 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Save
[2012/06/02 15:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012
[2012/06/02 15:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon
[2012/05/27 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\Street Cleaning
[2012/05/27 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Local\Street Cleaning
[2012/05/27 11:46:55 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\UK Truck Simulator
[2012/05/27 11:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK Truck Simulator
[2012/05/27 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UK Truck Simulator
[2012/05/27 11:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Street Cleaning Simulator
[2012/05/27 11:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Street Cleaning Simulator
[2012/05/27 11:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trucks & Trailers
[2012/05/27 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trucks & Trailers
[2012/05/25 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Giara\AppData\Roaming\Skype
[2012/05/25 22:08:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/05/25 22:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/23 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ntr
[2012/05/23 18:39:59 | 000,000,000 | ---D | C] -- C:\Users\Giara\Documents\DeadIsland

========== Files - Modified Within 30 Days ==========

[2012/06/16 14:40:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/16 14:16:50 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 14:16:50 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 14:13:58 | 001,682,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 14:13:58 | 000,749,228 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/06/16 14:13:58 | 000,660,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 14:13:58 | 000,151,124 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/06/16 14:13:58 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/16 14:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/16 14:09:23 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/16 14:05:05 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000UA.job
[2012/06/16 13:33:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/16 12:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Giara\Desktop\OTL.exe
[2012/06/15 14:48:12 | 001,937,481 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/15 12:46:16 | 000,297,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 20:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1638966946-435723054-3953494969-1000Core.job
[2012/06/02 18:58:06 | 000,000,000 | ---- | M] () -- C:\Users\Giara\AppData\Local\Input.xml
[2012/06/02 15:48:03 | 000,000,000 | ---- | M] () -- C:\Users\Giara\AppData\Local\Settings.xml
[2012/05/29 16:37:07 | 000,414,890 | ---- | M] () -- C:\Users\Giara\Documents\Giuseppe Giaramita.jpg
[2012/05/26 14:29:47 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2012/06/15 14:47:15 | 001,937,481 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/02 18:58:06 | 000,000,000 | ---- | C] () -- C:\Users\Giara\AppData\Local\Input.xml
[2012/06/02 15:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Giara\AppData\Local\Settings.xml
[2012/05/29 16:37:07 | 000,414,890 | ---- | C] () -- C:\Users\Giara\Documents\Giuseppe Giaramita.jpg
[2012/02/22 16:04:28 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/03 09:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011/12/18 13:47:42 | 000,212,637 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/12/18 13:47:42 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2011/12/09 18:09:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/03 15:58:49 | 000,000,093 | ---- | C] () -- C:\Users\Giara\AppData\Local\fusioncache.dat
[2011/12/03 13:19:00 | 001,659,768 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 13:11:45 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/03 13:11:29 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/03 13:11:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/01 23:46:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/04/24 12:34:28 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\abgx360
[2012/01/12 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Bioshock
[2012/01/14 23:19:14 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Bioshock2
[2011/12/23 13:31:11 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\bizarre creations
[2012/04/29 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\com.amanitadesign.osada
[2012/05/27 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\DAEMON Tools Lite
[2012/05/09 08:43:04 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\GOG.com
[2012/01/12 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\ImgBurn
[2012/02/26 23:37:44 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\LucasArts
[2011/12/31 15:41:39 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/03 11:58:06 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\OpenOffice.org
[2011/12/02 13:11:28 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Origin
[2011/12/31 13:47:16 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Polynomial
[2011/12/12 22:42:02 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\RigNRoll_usa_ws
[2012/06/15 14:46:04 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\TestApp
[2012/01/05 13:08:11 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\The Creative Assembly
[2011/12/02 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\Ubisoft
[2012/06/10 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Giara\AppData\Roaming\uTorrent
[2012/05/24 18:49:07 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh /s >
"4" = rasmontr.dll -- [2009/07/14 03:16:12 | 000,179,200 | ---- | M] (Microsoft Corporation)
"nshwfp" = nshwfp.dll -- [2010/11/20 14:20:45 | 000,656,384 | ---- | M] (Microsoft Corporation)
"dhcpclient" = dhcpcmonitor.dll -- [2009/07/14 03:15:11 | 000,011,264 | ---- | M] (Microsoft Corporation)
"wshelper" = wshelper.dll -- [2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation)
"nshhttp" = nshhttp.dll -- [2009/07/14 03:16:11 | 000,027,136 | ---- | M] (Microsoft Corporation)
"fwcfg" = fwcfg.dll -- [2009/07/14 03:15:21 | 000,057,856 | ---- | M] (Microsoft Corporation)
"authfwcfg" = authfwcfg.dll -- [2009/07/14 03:14:57 | 000,334,336 | ---- | M] (Microsoft Corporation)
"2" = ifmon.dll -- [2009/07/14 03:15:28 | 000,020,992 | ---- | M] (Microsoft Corporation)
"netiohlp" = netiohlp.dll -- [2010/11/20 14:20:28 | 000,166,400 | ---- | M] (Microsoft Corporation)
"whhelper" = whhelper.dll -- [2009/07/14 03:16:18 | 000,014,848 | ---- | M] (Microsoft Corporation)
"hnetmon" = hnetmon.dll -- [2009/07/14 03:15:24 | 000,014,848 | ---- | M] (Microsoft Corporation)
"rpc" = rpcnsh.dll -- [2009/07/14 03:16:13 | 000,027,648 | ---- | M] (Microsoft Corporation)
"dot3cfg" = dot3cfg.dll -- [2010/11/20 14:18:33 | 000,082,432 | ---- | M] (Microsoft Corporation)
"napmontr" = napmontr.dll -- [2009/07/14 03:16:02 | 000,158,208 | ---- | M] (Microsoft Corporation)
"nshipsec" = nshipsec.dll -- [2010/11/20 14:20:45 | 000,346,112 | ---- | M] (Microsoft Corporation)
"p2pnetsh" = p2pnetsh.dll -- [2009/07/14 03:16:12 | 000,136,704 | ---- | M] (Microsoft Corporation)
"wlancfg" = wlancfg.dll -- [2009/07/14 03:16:19 | 000,177,152 | ---- | M] (Microsoft Corporation)
"peerdistsh" = peerdistsh.dll -- [2009/07/14 03:16:12 | 000,666,112 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh /s >
"4" = rasmontr.dll -- [2009/07/14 03:16:12 | 000,179,200 | ---- | M] (Microsoft Corporation)
"nshwfp" = nshwfp.dll -- [2010/11/20 14:20:45 | 000,656,384 | ---- | M] (Microsoft Corporation)
"dhcpclient" = dhcpcmonitor.dll -- [2009/07/14 03:15:11 | 000,011,264 | ---- | M] (Microsoft Corporation)
"wshelper" = wshelper.dll -- [2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation)
"nshhttp" = nshhttp.dll -- [2009/07/14 03:16:11 | 000,027,136 | ---- | M] (Microsoft Corporation)
"fwcfg" = fwcfg.dll -- [2009/07/14 03:15:21 | 000,057,856 | ---- | M] (Microsoft Corporation)
"authfwcfg" = authfwcfg.dll -- [2009/07/14 03:14:57 | 000,334,336 | ---- | M] (Microsoft Corporation)
"2" = ifmon.dll -- [2009/07/14 03:15:28 | 000,020,992 | ---- | M] (Microsoft Corporation)
"netiohlp" = netiohlp.dll -- [2010/11/20 14:20:28 | 000,166,400 | ---- | M] (Microsoft Corporation)
"whhelper" = whhelper.dll -- [2009/07/14 03:16:18 | 000,014,848 | ---- | M] (Microsoft Corporation)
"hnetmon" = hnetmon.dll -- [2009/07/14 03:15:24 | 000,014,848 | ---- | M] (Microsoft Corporation)
"rpc" = rpcnsh.dll -- [2009/07/14 03:16:13 | 000,027,648 | ---- | M] (Microsoft Corporation)
"dot3cfg" = dot3cfg.dll -- [2010/11/20 14:18:33 | 000,082,432 | ---- | M] (Microsoft Corporation)
"napmontr" = napmontr.dll -- [2009/07/14 03:16:02 | 000,158,208 | ---- | M] (Microsoft Corporation)
"nshipsec" = nshipsec.dll -- [2010/11/20 14:20:45 | 000,346,112 | ---- | M] (Microsoft Corporation)
"p2pnetsh" = p2pnetsh.dll -- [2009/07/14 03:16:12 | 000,136,704 | ---- | M] (Microsoft Corporation)
"wlancfg" = wlancfg.dll -- [2009/07/14 03:16:19 | 000,177,152 | ---- | M] (Microsoft Corporation)
"peerdistsh" = peerdistsh.dll -- [2009/07/14 03:16:12 | 000,666,112 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Users\Giara\Documents\Autobus:Mac_Metadata
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[Essexboy]

Bear with me please I will need to run some comparisons